{ config, pkgs, lib, ... }: let cfg = config.services.keycloak.settings; in { environment.noXlibs = false; sops.secrets."keycloak/postgres" = { }; services.keycloak = { enable = true; database = { type = "postgresql"; createLocally = true; username = "keycloak"; passwordFile = config.sops.secrets."keycloak/postgres".path; }; settings = { cache = "local"; hostname = "iam.feal.no"; hostname-strict-backchannel = true; http-enable = true; http-host = "127.0.1.2"; http-port = 5060; proxy = "edge"; }; }; # The main reverse proxy is defined in ./nginx.nix services.nginx.virtualHosts.${cfg.hostname} = { locations."= /".return = "302 https://${cfg.hostname}/realms/feal.no/account"; }; }