Browse Source

keycloak: init something broken

master
Astro 2 months ago
parent
commit
3e7ebcdbd9
  1. 8
      flake.lock
  2. 5
      flake.nix
  3. 36
      hosts/containers/keycloak/default.nix
  4. 2
      secrets

8
flake.lock

@ -127,11 +127,11 @@
},
"secrets": {
"locked": {
"lastModified": 1634253643,
"narHash": "sha256-uX2zviwxBDWPnacMfLWpmsddJR5zLKfhqdxs04+UakM=",
"lastModified": 1634323852,
"narHash": "sha256-I1lEPlHhSPURU8InOR7zZ7xDXj40HG/TnP4fa5N7hKc=",
"ref": "master",
"rev": "3b337a981efaca600fc268d31a553522a578d7dd",
"revCount": 103,
"rev": "909211887311b6319b68384749abe430b0d8d532",
"revCount": 104,
"type": "git",
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
},

5
flake.nix

@ -404,6 +404,11 @@
keycloak = nixosSystem' {
modules = [
./lib/lxc-container.nix
({ ... }: {
nixpkgs.overlays = with secrets.overlays; [
keycloak
];
})
./hosts/containers/keycloak
];
system = "x86_64-linux";

36
hosts/containers/keycloak/default.nix

@ -1,4 +1,7 @@
{ hostRegistry, config, ... }:
{ hostRegistry, config, pkgs, ... }:
let
frontendDomain = "keycloak.c3d2.de";
in
{
networking.hostName = "keycloak";
networking.useNetworkd = true;
@ -7,4 +10,35 @@
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1";
# http https
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
virtualHosts."keycloak.c3d2.de" = {
default = true;
forceSSL = true;
enableACME = true;
locations."/" = {
# proxyPass = "http://localhost:8073";
# proxyWebsockets = true;
};
};
};
# noXlibs breaks cairo:
environment.noXlibs = false;
services.keycloak = let
inherit (pkgs.keycloak-secrets) dbPassword;
in {
enable = true;
inherit (pkgs.keycloak-secrets) initialAdminPassword;
frontendUrl = "https://${frontendDomain}/auth";
forceBackendUrlToFrontendUrl = true;
# sslCertificate = "/var/lib/acme/${frontendDomain}/fullchain.pem";
# sslCertificateKey = "/var/lib/acme/${frontendDomain}/key.pem";
database.passwordFile = builtins.toFile "db_password" dbPassword;
};
systemd.services.keycloak.requires = [ "acme-${frontendDomain}.service" ];
}

2
secrets

@ -1 +1 @@
Subproject commit 3b337a981efaca600fc268d31a553522a578d7dd
Subproject commit 909211887311b6319b68384749abe430b0d8d532
Loading…
Cancel
Save