53 lines
1.1 KiB
Nix
53 lines
1.1 KiB
Nix
|
{ config, common, ... }:
|
||
|
|
let
|
||
|
|
port = 8086;
|
||
|
|
domain = "beta.auth.${common.domain}";
|
||
|
|
dbPassKey = "keycloak/database-pass";
|
||
|
|
cfg = config.services.keycloak;
|
||
|
|
in
|
||
|
|
{
|
||
|
|
services = {
|
||
|
|
keycloak = {
|
||
|
|
enable = true;
|
||
|
|
settings = {
|
||
|
|
hostname = domain;
|
||
|
|
http-port = port;
|
||
|
|
http-enabled = true;
|
||
|
|
};
|
||
|
|
database = {
|
||
|
|
type = "postgresql";
|
||
|
|
createLocally = false;
|
||
|
|
host = "localhost";
|
||
|
|
port = config.services.postgresql.settings.port;
|
||
|
|
name = "keycloak";
|
||
|
|
username = "keycloak";
|
||
|
|
passwordFile = config.sops.secrets.${dbPassKey}.path;
|
||
|
|
useSSL = false;
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
nginx.virtualHosts."${domain}" = {
|
||
|
|
forceSSL = true;
|
||
|
|
enableACME = true;
|
||
|
|
locations = {
|
||
|
|
"/".proxyPass = "http://localhost:${toString port}";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
postgresql =
|
||
|
|
let
|
||
|
|
psql = cfg.database;
|
||
|
|
in
|
||
|
|
{
|
||
|
|
ensureDatabases = [ psql.name ];
|
||
|
|
ensureUsers = [
|
||
|
|
{
|
||
|
|
name = psql.username;
|
||
|
|
ensureDBOwnership = true;
|
||
|
|
}
|
||
|
|
];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
sops.secrets.${dbPassKey} = { };
|
||
|
|
}
|