fruitbasket/modules/keycloak.nix

65 lines
1.4 KiB
Nix
Raw Normal View History

2022-09-06 17:16:31 +02:00
{ pkgs, config, lib, ... }: {
2022-09-06 14:00:29 +02:00
sops.secrets.postgres_keycloak = {
owner = config.systemd.services.keycloak.serviceConfig.User;
group = "keycloak";
};
users.users.keycloak = {
name = "keycloak";
isSystemUser = true;
group = "keycloak";
};
users.groups.keycloak = {
name = "keycloak";
members = [ "keycloak" ];
};
2022-08-16 15:18:28 +02:00
services = {
keycloak = {
enable = true;
settings = {
2022-09-06 14:00:29 +02:00
hostname = "keycloak.quitte.tassilo-tanneberger.de";
http-host = "127.0.0.1";
http-port = 8000;
2022-09-06 17:16:31 +02:00
https-port = 8001;
proxy = "edge";
2022-08-16 15:18:28 +02:00
};
database = {
username = "keycloak";
type = "postgresql";
2022-08-16 15:40:59 +02:00
passwordFile = config.sops.secrets.postgres_keycloak.path;
2022-08-16 15:18:28 +02:00
name = "keycloak";
host = "localhost";
2022-09-06 17:16:31 +02:00
createLocally = true;
2022-08-16 15:18:28 +02:00
};
};
postgresql = {
enable = true;
2022-09-06 14:00:29 +02:00
};
nginx = {
2022-09-06 17:16:31 +02:00
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"${config.services.keycloak.settings.hostname}" = {
enableACME = true;
forceSSL = true;
http2 = true;
locations = {
"/" =
let
cfg = config.services.keycloak.settings;
in
{
proxyPass = "http://${cfg.http-host}:${toString cfg.http-port}";
};
};
};
};
2022-08-16 15:18:28 +02:00
};
};
}