diff options
author | sils <sils@sils.li> | 2023-06-06 14:13:31 +0200 |
---|---|---|
committer | sils <sils@sils.li> | 2023-06-06 14:13:31 +0200 |
commit | a979a94a9cb3c45b27b6d5375b27be1ba2afc9d1 (patch) | |
tree | 596ce3038834a4941225d2944ccc4e25f4af80d3 /system/services/keycloak | |
parent | Feat(system/packages): Add git-crypt to standard packages to minimize (diff) | |
parent | Fix(system/services/keycloak): Correct path to passwordfile (diff) | |
download | nixos-server-a979a94a9cb3c45b27b6d5375b27be1ba2afc9d1.tar.gz nixos-server-a979a94a9cb3c45b27b6d5375b27be1ba2afc9d1.zip |
Merge branch 'keycloak' into develop
Diffstat (limited to 'system/services/keycloak')
-rw-r--r-- | system/services/keycloak/default.nix | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/system/services/keycloak/default.nix b/system/services/keycloak/default.nix new file mode 100644 index 0000000..dfeabc3 --- /dev/null +++ b/system/services/keycloak/default.nix @@ -0,0 +1,45 @@ +{config, ...}: { + services.nginx = { + enable = true; + + # enable recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + + virtualHosts = { + "auth.vhack.eu" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/"; + }; + }; + }; + }; + }; + + services.postgresql.enable = true; + + services.keycloak = { + enable = true; + + database = { + type = "postgresql"; + createLocally = true; + + username = "keycloak"; + passwordFile = "/srv/keycloak/password"; + }; + + settings = { + hostname = "auth.vhack.eu"; + http-relative-path = "/"; + http-port = 38080; + proxy = "passthrough"; + http-enabled = true; + }; + }; +} |