34 lines
807 B
Nix
34 lines
807 B
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
cfg = config.services.keycloak.settings;
|
|
hostname = "iam.feal.no";
|
|
in {
|
|
sops.secrets."keycloak/postgres" = { };
|
|
|
|
services.keycloak = {
|
|
enable = true;
|
|
|
|
database = {
|
|
type = "postgresql";
|
|
createLocally = true;
|
|
username = "keycloak";
|
|
passwordFile = config.sops.secrets."keycloak/postgres".path;
|
|
};
|
|
|
|
settings = {
|
|
cache = "local";
|
|
hostname = "https://${hostname}";
|
|
hostname-backchannel-dynamic = false;
|
|
http-enabled = true;
|
|
http-host = "127.0.1.2";
|
|
http-port = 5060;
|
|
proxy-headers = "xforwarded";
|
|
};
|
|
};
|
|
|
|
# The main reverse proxy is defined in ./nginx.nix
|
|
services.nginx.virtualHosts.${hostname} = {
|
|
locations."= /".return = "302 ${cfg.hostname}/realms/feal.no/account";
|
|
};
|
|
}
|