martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[pi4] Working keycloak config

Browse Source
This commit is contained in:
Martin Berg Alstad
2025-09-23 16:08:50 +00:00
parent e66d655997
commit 07bc352954
1 changed files with 6 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
hosts/pi4/keycloak.nix
View File

@ -3,50 +3,31 @@ let
port = 8086; port = 8086;
domain = "beta.auth.${common.domain}"; domain = "beta.auth.${common.domain}";
dbPassKey = "keycloak/database-pass"; dbPassKey = "keycloak/database-pass";
cfg = config.services.keycloak;
in in
{ {
services = { services = {
keycloak = { keycloak = {
enable = true; enable = true;
settings = { settings = {
hostname = domain; hostname = "https://${domain}";
http-port = port; http-port = port;
http-enabled = true; http-enabled = true;
}; };
database = { database = {
type = "postgresql"; type = "postgresql";
createLocally = false; createLocally = true;
host = "localhost";
port = config.services.postgresql.settings.port; port = config.services.postgresql.settings.port;
name = "keycloak";
username = "keycloak";
passwordFile = config.sops.secrets.${dbPassKey}.path; passwordFile = config.sops.secrets.${dbPassKey}.path;
useSSL = false;
}; };
initialAdminPassword = "changeme";
}; };
nginx.virtualHosts."${domain}" = { nginx.virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations."/".proxyPass = "http://localhost:${toString port}";
"/".proxyPass = "http://localhost:${toString port}";
};
}; };
postgresql =
let
psql = cfg.database;
in
{
ensureDatabases = [ psql.name ];
ensureUsers = [
{
name = psql.username;
ensureDBOwnership = true;
}
];
};
}; };
sops.secrets.${dbPassKey} = { }; sops.secrets.${dbPassKey} = { };
} }