martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[pi4] Working keycloak config

Browse Source
This commit is contained in:
Martin Berg Alstad
2025-09-23 16:08:50 +00:00
parent e66d655997
commit 07bc352954
1 changed files with 6 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
hosts/pi4/keycloak.nix
View File

@ -3,50 +3,31 @@ let
port = 8086;
domain = "beta.auth.${common.domain}";
dbPassKey = "keycloak/database-pass";
cfg = config.services.keycloak;
in
{
services = {
keycloak = {
enable = true;
settings = {
hostname = domain;
hostname = "https://${domain}";
http-port = port;
http-enabled = true;
};
database = {
type = "postgresql";
createLocally = false;
host = "localhost";
createLocally = true;
port = config.services.postgresql.settings.port;
name = "keycloak";
username = "keycloak";
passwordFile = config.sops.secrets.${dbPassKey}.path;
useSSL = false;
};
initialAdminPassword = "changeme";
};
nginx.virtualHosts."${domain}" = {
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations = {
"/".proxyPass = "http://localhost:${toString port}";
};
locations."/".proxyPass = "http://localhost:${toString port}";
};
postgresql =
let
psql = cfg.database;
in
{
ensureDatabases = [ psql.name ];
ensureUsers = [
{
name = psql.username;
ensureDBOwnership = true;
}
];
};
};
sops.secrets.${dbPassKey} = { };
}