diff --git a/hosts/pi4/keycloak.nix b/hosts/pi4/keycloak.nix
index 73c5f04..8379f7a 100644
--- a/hosts/pi4/keycloak.nix
+++ b/hosts/pi4/keycloak.nix
@@ -3,50 +3,31 @@ let
   port = 8086;
   domain = "beta.auth.${common.domain}";
   dbPassKey = "keycloak/database-pass";
-  cfg = config.services.keycloak;
 in
 {
+
   services = {
     keycloak = {
       enable = true;
       settings = {
-        hostname = domain;
+        hostname = "https://${domain}";
         http-port = port;
         http-enabled = true;
       };
       database = {
         type = "postgresql";
-        createLocally = false;
-        host = "localhost";
+        createLocally = true;
         port = config.services.postgresql.settings.port;
-        name = "keycloak";
-        username = "keycloak";
         passwordFile = config.sops.secrets.${dbPassKey}.path;
-        useSSL = false;
       };
+      initialAdminPassword = "changeme";
     };
 
-    nginx.virtualHosts."${domain}" = {
+    nginx.virtualHosts.${domain} = {
       forceSSL = true;
       enableACME = true;
-      locations = {
-        "/".proxyPass = "http://localhost:${toString port}";
-      };
+      locations."/".proxyPass = "http://localhost:${toString port}";
     };
-
-    postgresql =
-      let
-        psql = cfg.database;
-      in
-      {
-        ensureDatabases = [ psql.name ];
-        ensureUsers = [
-          {
-            name = psql.username;
-            ensureDBOwnership = true;
-          }
-        ];
-      };
   };
   sops.secrets.${dbPassKey} = { };
 }