RIP keycloak
This commit is contained in:
parent
5e0d0d9082
commit
d26554436e
|
@ -657,15 +657,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
# TODO: requires config cleanup for nixos-22.05
|
||||
# keycloak = nixosSystem' {
|
||||
# modules = [
|
||||
# ./config/lxc-container.nix
|
||||
# ./hosts/containers/keycloak
|
||||
# { nixpkgs.overlays = with secrets.overlays; [ keycloak ]; }
|
||||
# ];
|
||||
# };
|
||||
|
||||
c3d2-web = nixosSystem' {
|
||||
modules = [
|
||||
{ _module.args = { inherit nixpkgs; }; }
|
||||
|
|
|
@ -1,58 +0,0 @@
|
|||
{ zentralwerk, config, pkgs, ... }:
|
||||
let
|
||||
frontendDomain = "keycloak.c3d2.de";
|
||||
in
|
||||
{
|
||||
networking = {
|
||||
hostName = "keycloak";
|
||||
useDHCP = false;
|
||||
useNetworkd = true;
|
||||
interfaces.eth0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{
|
||||
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
|
||||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||
}
|
||||
];
|
||||
};
|
||||
defaultGateway = "172.20.73.1";
|
||||
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||
};
|
||||
|
||||
# http https
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."keycloak.c3d2.de" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8080";
|
||||
# proxyWebsockets = true;
|
||||
};
|
||||
locations."/auth" = {
|
||||
proxyPass = "http://127.0.0.1:8080/auth";
|
||||
# proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# noXlibs breaks cairo:
|
||||
environment.noXlibs = false;
|
||||
services.keycloak = let
|
||||
inherit (pkgs.keycloak-secrets) dbPassword;
|
||||
in {
|
||||
enable = true;
|
||||
inherit (pkgs.keycloak-secrets) initialAdminPassword;
|
||||
frontendUrl = "https://${frontendDomain}/auth";
|
||||
forceBackendUrlToFrontendUrl = true;
|
||||
httpPort = "\${jboss.http.port:8080}";
|
||||
bindAddress = "\${jboss.bind.address:127.0.0.1}";
|
||||
# sslCertificate = "/var/lib/acme/${frontendDomain}/fullchain.pem";
|
||||
# sslCertificateKey = "/var/lib/acme/${frontendDomain}/key.pem";
|
||||
database.passwordFile = builtins.toFile "db_password" dbPassword;
|
||||
};
|
||||
systemd.services.keycloak.requires = [ "acme-${frontendDomain}.service" ];
|
||||
}
|
Loading…
Reference in New Issue