katzen-cafe/modules/keycloak.nix

{ pkgs, ... }:
{
  services.keycloak = {
    enable = true;

    settings = {
      http-port = 8080;
      http-host = "127.0.0.3";
      http-enabled = true;
      https-port = 8443;

      proxy = "edge";

      hostname = "auth.katzen.cafe";
      hostname-port = "-1";
      hostname-admin-url = "https://auth.katzen.cafe";
      # hostname-strict-backchannel = true;
    };

    #sslCertificateKey = "/var/lib/acme/auth.katzen.cafe/key.pem";
    #sslCertificate = "/var/lib/acme/auth.katzen.cafe/cert.pem";

    database = {
      type = "postgresql";
      createLocally = false;

      username = "keycloak";
      passwordFile = "/var/lib/secrets/keycloakDbPw";
    };
  };
  deployment.keys."keycloakDbPw" = {
    keyCommand = [ "pass" "keycloak/db-pass" ];
    destDir = "/var/lib/secrets";
  };
}
continuing things 2023-04-26 23:25:04 +02:00			`{ pkgs, ... }:`
			`{`
			`services.keycloak = {`
			`enable = true;`

			`settings = {`
gay 2023-04-30 14:56:30 +02:00			`http-port = 8080;`
fix acme and jitsi stuff 2023-07-30 18:19:44 +02:00			`http-host = "127.0.0.3";`
gay 2023-04-30 14:56:30 +02:00			`http-enabled = true;`
do too many things lmao 2023-07-30 16:24:46 +02:00			`https-port = 8443;`
gay 2023-04-30 14:56:30 +02:00
continuing things 2023-04-26 23:25:04 +02:00			`proxy = "edge";`
gay 2023-04-30 14:56:30 +02:00
continuing things 2023-04-26 23:25:04 +02:00			`hostname = "auth.katzen.cafe";`
gay 2023-04-30 14:56:30 +02:00			`hostname-port = "-1";`
			`hostname-admin-url = "https://auth.katzen.cafe";`
do too many things lmao 2023-07-30 16:24:46 +02:00			`# hostname-strict-backchannel = true;`
continuing things 2023-04-26 23:25:04 +02:00			`};`

gay 2023-04-30 14:56:30 +02:00			`#sslCertificateKey = "/var/lib/acme/auth.katzen.cafe/key.pem";`
			`#sslCertificate = "/var/lib/acme/auth.katzen.cafe/cert.pem";`

continuing things 2023-04-26 23:25:04 +02:00			`database = {`
afkjdlsjdlkfajlk keycloak 2023-04-27 01:48:20 +02:00			`type = "postgresql";`
regret not doing this more granularly but oh well 2023-05-21 12:52:04 +02:00			`createLocally = false;`
afkjdlsjdlkfajlk keycloak 2023-04-27 01:48:20 +02:00
			`username = "keycloak";`
regret not doing this more granularly but oh well 2023-05-21 12:52:04 +02:00			`passwordFile = "/var/lib/secrets/keycloakDbPw";`
continuing things 2023-04-26 23:25:04 +02:00			`};`
			`};`
afkjdlsjdlkfajlk keycloak 2023-04-27 01:48:20 +02:00			`deployment.keys."keycloakDbPw" = {`
switch to `pass` for key management 2023-08-06 20:17:41 +02:00			`keyCommand = [ "pass" "keycloak/db-pass" ];`
regret not doing this more granularly but oh well 2023-05-21 12:52:04 +02:00			`destDir = "/var/lib/secrets";`
afkjdlsjdlkfajlk keycloak 2023-04-27 01:48:20 +02:00			`};`
continuing things 2023-04-26 23:25:04 +02:00			`}`