keycloak: init something broken
This commit is contained in:
parent
e59ca2c90c
commit
3e7ebcdbd9
|
@ -127,11 +127,11 @@
|
||||||
},
|
},
|
||||||
"secrets": {
|
"secrets": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1634253643,
|
"lastModified": 1634323852,
|
||||||
"narHash": "sha256-uX2zviwxBDWPnacMfLWpmsddJR5zLKfhqdxs04+UakM=",
|
"narHash": "sha256-I1lEPlHhSPURU8InOR7zZ7xDXj40HG/TnP4fa5N7hKc=",
|
||||||
"ref": "master",
|
"ref": "master",
|
||||||
"rev": "3b337a981efaca600fc268d31a553522a578d7dd",
|
"rev": "909211887311b6319b68384749abe430b0d8d532",
|
||||||
"revCount": 103,
|
"revCount": 104,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -404,6 +404,11 @@
|
||||||
keycloak = nixosSystem' {
|
keycloak = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
./lib/lxc-container.nix
|
./lib/lxc-container.nix
|
||||||
|
({ ... }: {
|
||||||
|
nixpkgs.overlays = with secrets.overlays; [
|
||||||
|
keycloak
|
||||||
|
];
|
||||||
|
})
|
||||||
./hosts/containers/keycloak
|
./hosts/containers/keycloak
|
||||||
];
|
];
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
{ hostRegistry, config, ... }:
|
{ hostRegistry, config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
frontendDomain = "keycloak.c3d2.de";
|
||||||
|
in
|
||||||
{
|
{
|
||||||
networking.hostName = "keycloak";
|
networking.hostName = "keycloak";
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
|
@ -7,4 +10,35 @@
|
||||||
prefixLength = 26;
|
prefixLength = 26;
|
||||||
}];
|
}];
|
||||||
networking.defaultGateway = "172.20.73.1";
|
networking.defaultGateway = "172.20.73.1";
|
||||||
|
|
||||||
|
# http https
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."keycloak.c3d2.de" = {
|
||||||
|
default = true;
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
# proxyPass = "http://localhost:8073";
|
||||||
|
# proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# noXlibs breaks cairo:
|
||||||
|
environment.noXlibs = false;
|
||||||
|
services.keycloak = let
|
||||||
|
inherit (pkgs.keycloak-secrets) dbPassword;
|
||||||
|
in {
|
||||||
|
enable = true;
|
||||||
|
inherit (pkgs.keycloak-secrets) initialAdminPassword;
|
||||||
|
frontendUrl = "https://${frontendDomain}/auth";
|
||||||
|
forceBackendUrlToFrontendUrl = true;
|
||||||
|
# sslCertificate = "/var/lib/acme/${frontendDomain}/fullchain.pem";
|
||||||
|
# sslCertificateKey = "/var/lib/acme/${frontendDomain}/key.pem";
|
||||||
|
database.passwordFile = builtins.toFile "db_password" dbPassword;
|
||||||
|
};
|
||||||
|
systemd.services.keycloak.requires = [ "acme-${frontendDomain}.service" ];
|
||||||
}
|
}
|
||||||
|
|
2
secrets
2
secrets
|
@ -1 +1 @@
|
||||||
Subproject commit 3b337a981efaca600fc268d31a553522a578d7dd
|
Subproject commit 909211887311b6319b68384749abe430b0d8d532
|
Loading…
Reference in New Issue