From 5384918ce637ecc40d0f1b76061f2cc9b2352135 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 7 May 2024 11:57:15 +0200
Subject: [PATCH] directus: fix sso

---
 modules/keycloak.nix | 5 +++++
 modules/web/ese.nix  | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/modules/keycloak.nix b/modules/keycloak.nix
index 78a2abd..6465019 100644
--- a/modules/keycloak.nix
+++ b/modules/keycloak.nix
@@ -22,6 +22,11 @@ in
   services.nginx.virtualHosts."${domain}" = {
     locations."/" = {
       proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
+      extraConfig = ''
+        proxy_buffer_size 128k;
+        proxy_buffers 4 256k;
+        proxy_busy_buffers_size 256k;
+      '';
     };
   };
 }
diff --git a/modules/web/ese.nix b/modules/web/ese.nix
index 85f922e..31ca66c 100644
--- a/modules/web/ese.nix
+++ b/modules/web/ese.nix
@@ -22,10 +22,14 @@ in
         "DB_PORT" = "5432";
         "DB_DATABASE" = "directus_ese";
         "DB_USER" = "directus_ese";
+        "PUBLIC_URL" = "https://directus-ese.ifsr.de";
+        "AUTH_PROVIDERS"="keycloak";
         "AUTH_KEYCLOAK_DRIVER" = "openid";
         "AUTH_KEYCLOAK_CLIENT_ID" = "directus-ese";
-        "AUTH_KEYCLOAK_ISSUER_URL" = "http://sso.ifsr.de/realms/internal/.well-known/openid-configuration";
+        "AUTH_KEYCLOAK_ISSUER_URL" = "https://sso.ifsr.de/realms/internal/.well-known/openid-configuration";
         "AUTH_KEYCLOAK_IDENTIFIER_KEY" = "email";
+        "AUTH_KEYCLOAK_ALLOW_PUBLIC_REGISTRATION"="true";
+        "AUTH_KEYCLOAK_DEFAULT_ROLE_ID"="a6b7a1b6-a6fa-442c-87fd-e37c2a16424b";
       };
       environmentFiles = [
         config.sops.secrets."directus_env".path