nix-config/hosts/containers/keycloak/default.nix

{ zentralwerk, config, pkgs, ... }:
let
  frontendDomain = "keycloak.c3d2.de";
in
{
  networking = {
    hostName = "keycloak";
    useDHCP = false;
    useNetworkd = true;
    interfaces.eth0 = {
      useDHCP = false;
      ipv4.addresses = [{
        address = config.c3d2.hosts."${config.networking.hostName}".ip4;
        prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
        }
      ];
    };
    defaultGateway = "172.20.73.1";
    nameservers = [ "172.20.73.8" "9.9.9.9" ];
  };

  # http https
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.nginx = {
    enable = true;
    virtualHosts."keycloak.c3d2.de" = {
      default = true;
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:8080";
        # proxyWebsockets = true;
      };
      locations."/auth" = {
        proxyPass = "http://127.0.0.1:8080/auth";
        # proxyWebsockets = true;
      };
    };
  };

 # noXlibs breaks cairo:
 environment.noXlibs = false;
 services.keycloak = let
    inherit (pkgs.keycloak-secrets) dbPassword;
  in {
    enable = true;
    inherit (pkgs.keycloak-secrets) initialAdminPassword;
    frontendUrl = "https://${frontendDomain}/auth";
    forceBackendUrlToFrontendUrl = true;
    httpPort = "\${jboss.http.port:8080}";
    bindAddress = "\${jboss.bind.address:127.0.0.1}";
    # sslCertificate = "/var/lib/acme/${frontendDomain}/fullchain.pem";
    # sslCertificateKey = "/var/lib/acme/${frontendDomain}/key.pem";
    database.passwordFile = builtins.toFile "db_password" dbPassword;
  };
  systemd.services.keycloak.requires = [ "acme-${frontendDomain}.service" ];
}
Refactor host registry 2022-01-16 13:26:37 +01:00			`{ zentralwerk, config, pkgs, ... }:`
keycloak: init something broken 2021-10-15 23:11:54 +02:00			`let`
			`frontendDomain = "keycloak.c3d2.de";`
			`in`
add keycloak container 2021-10-02 19:59:31 +02:00			`{`
attempt to fix keycloak networking 2021-10-16 19:04:16 +02:00			`networking = {`
			`hostName = "keycloak";`
			`useDHCP = false;`
			`useNetworkd = true;`
			`interfaces.eth0 = {`
			`useDHCP = false;`
			`ipv4.addresses = [{`
Refactor host registry 2022-01-16 13:26:37 +01:00			`address = config.c3d2.hosts."${config.networking.hostName}".ip4;`
use prefixLength settings from zentralwerk (enlarging serv) 2021-11-20 01:03:57 +01:00			`prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;`
remove wrong semicolon 2021-10-16 19:31:35 +02:00			`}`
attempt to fix keycloak networking 2021-10-16 19:04:16 +02:00			`];`
			`};`
			`defaultGateway = "172.20.73.1";`
			`nameservers = [ "172.20.73.8" "9.9.9.9" ];`
			`};`
keycloak: init something broken 2021-10-15 23:11:54 +02:00
			`# http https`
try fixing the local listen address 2021-10-16 20:43:43 +02:00			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
keycloak: init something broken 2021-10-15 23:11:54 +02:00
			`services.nginx = {`
			`enable = true;`
			`virtualHosts."keycloak.c3d2.de" = {`
			`default = true;`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
add httpPort 8080 and set bindAddress to localhost 2021-10-16 20:19:44 +02:00			`proxyPass = "http://127.0.0.1:8080";`
add /auth and try again 2021-10-16 18:24:54 +02:00			`# proxyWebsockets = true;`
			`};`
			`locations."/auth" = {`
add httpPort 8080 and set bindAddress to localhost 2021-10-16 20:19:44 +02:00			`proxyPass = "http://127.0.0.1:8080/auth";`
keycloak: init something broken 2021-10-15 23:11:54 +02:00			`# proxyWebsockets = true;`
			`};`
			`};`
			`};`

			`# noXlibs breaks cairo:`
			`environment.noXlibs = false;`
			`services.keycloak = let`
			`inherit (pkgs.keycloak-secrets) dbPassword;`
			`in {`
			`enable = true;`
			`inherit (pkgs.keycloak-secrets) initialAdminPassword;`
			`frontendUrl = "https://${frontendDomain}/auth";`
			`forceBackendUrlToFrontendUrl = true;`
mask dollar signs to prevent variable resolution 2021-10-16 20:50:02 +02:00			`httpPort = "\${jboss.http.port:8080}";`
			`bindAddress = "\${jboss.bind.address:127.0.0.1}";`
keycloak: init something broken 2021-10-15 23:11:54 +02:00			`# sslCertificate = "/var/lib/acme/${frontendDomain}/fullchain.pem";`
			`# sslCertificateKey = "/var/lib/acme/${frontendDomain}/key.pem";`
			`database.passwordFile = builtins.toFile "db_password" dbPassword;`
			`};`
			`systemd.services.keycloak.requires = [ "acme-${frontendDomain}.service" ];`
add keycloak container 2021-10-02 19:59:31 +02:00			`}`