mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-12-23 02:35:50 +01:00
35 lines
809 B
Nix
35 lines
809 B
Nix
{ pkgs, ... }:
|
|
{
|
|
services.keycloak = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
http-port = 8080;
|
|
http-host = "127.0.0.3";
|
|
http-enabled = true;
|
|
https-port = 8443;
|
|
|
|
proxy = "edge";
|
|
|
|
hostname = "auth.katzen.cafe";
|
|
hostname-port = "-1";
|
|
hostname-admin-url = "https://auth.katzen.cafe";
|
|
# hostname-strict-backchannel = true;
|
|
};
|
|
|
|
#sslCertificateKey = "/var/lib/acme/auth.katzen.cafe/key.pem";
|
|
#sslCertificate = "/var/lib/acme/auth.katzen.cafe/cert.pem";
|
|
|
|
database = {
|
|
type = "postgresql";
|
|
createLocally = false;
|
|
|
|
username = "keycloak";
|
|
passwordFile = "/var/lib/secrets/keycloakDbPw";
|
|
};
|
|
};
|
|
deployment.keys."keycloakDbPw" = {
|
|
keyCommand = [ "pass" "keycloak/db-pass" ];
|
|
destDir = "/var/lib/secrets";
|
|
};
|
|
}
|