katzen-cafe/modules/keycloak.nix
2023-08-06 20:17:41 +02:00

35 lines
809 B
Nix

{ pkgs, ... }:
{
services.keycloak = {
enable = true;
settings = {
http-port = 8080;
http-host = "127.0.0.3";
http-enabled = true;
https-port = 8443;
proxy = "edge";
hostname = "auth.katzen.cafe";
hostname-port = "-1";
hostname-admin-url = "https://auth.katzen.cafe";
# hostname-strict-backchannel = true;
};
#sslCertificateKey = "/var/lib/acme/auth.katzen.cafe/key.pem";
#sslCertificate = "/var/lib/acme/auth.katzen.cafe/cert.pem";
database = {
type = "postgresql";
createLocally = false;
username = "keycloak";
passwordFile = "/var/lib/secrets/keycloakDbPw";
};
};
deployment.keys."keycloakDbPw" = {
keyCommand = [ "pass" "keycloak/db-pass" ];
destDir = "/var/lib/secrets";
};
}