add basic keycloak config

2022-08-16 15:18:28 +02:00 · 2022-08-16 15:18:28 +02:00 · 6525c45ca2
commit 6525c45ca2
parent bea16d0652
4 changed files with 121 additions and 7 deletions
--- a/modules/keycloak.nix
+++ b/modules/keycloak.nix
@ -0,0 +1,34 @@
+{pkgs, conifg, lib}: {
+  
+  sops.secrets.postgres_keycloak.owner = config.systemd.services.keycloak.serviceConfig.User;
+
+  services = {
+    keycloak = {
+      enable = true;
+
+      settings = {
+        hostname = "keycloak.durian.tassilo-tanneberger.de";
+      };
+
+      database = {
+        username = "keycloak";
+        type = "postgresql";
+        passwordFile = ;
+        name = "keycloak";
+        host = "localhost";
+      };
+    };
+    postgresql = {
+      enable = true;
+      ensureUsers = [
+        {
+          name = "keycloak";
+          ensurePermissions = {
+            "DATABASE keycloak" = "ALL PRIVILEGES";
+          };
+        }
+      ];
+      ensureDatabases = [ "keycloak" ];
+    };
+  };
+}