summary refs log tree commit diff stats
path: root/system/services/keycloak
diff options
context:
space:
mode:
authorsils <sils@sils.li>2023-06-06 14:13:31 +0200
committersils <sils@sils.li>2023-06-06 14:13:31 +0200
commita979a94a9cb3c45b27b6d5375b27be1ba2afc9d1 (patch)
tree596ce3038834a4941225d2944ccc4e25f4af80d3 /system/services/keycloak
parentFeat(system/packages): Add git-crypt to standard packages to minimize (diff)
parentFix(system/services/keycloak): Correct path to passwordfile (diff)
downloadnixos-server-a979a94a9cb3c45b27b6d5375b27be1ba2afc9d1.tar.gz
nixos-server-a979a94a9cb3c45b27b6d5375b27be1ba2afc9d1.zip
Merge branch 'keycloak' into develop
Diffstat (limited to 'system/services/keycloak')
-rw-r--r--system/services/keycloak/default.nix45
1 files changed, 45 insertions, 0 deletions
diff --git a/system/services/keycloak/default.nix b/system/services/keycloak/default.nix
new file mode 100644
index 0000000..dfeabc3
--- /dev/null
+++ b/system/services/keycloak/default.nix
@@ -0,0 +1,45 @@
+{config, ...}: {
+  services.nginx = {
+    enable = true;
+
+    # enable recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+
+    virtualHosts = {
+      "auth.vhack.eu" = {
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/" = {
+            proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/";
+          };
+        };
+      };
+    };
+  };
+
+  services.postgresql.enable = true;
+
+  services.keycloak = {
+    enable = true;
+
+    database = {
+      type = "postgresql";
+      createLocally = true;
+
+      username = "keycloak";
+      passwordFile = "/srv/keycloak/password";
+    };
+
+    settings = {
+      hostname = "auth.vhack.eu";
+      http-relative-path = "/";
+      http-port = 38080;
+      proxy = "passthrough";
+      http-enabled = true;
+    };
+  };
+}