| Skyler Grey | 22428b0 | 2023-11-19 13:20:56 +0000 | [diff] [blame] | 1 | { config, lib, ... }: { |
| 2 | sops.secrets.keycloak_rsa_private_key = { |
| 3 | mode = "0600"; |
| 4 | owner = "keycloak"; |
| 5 | group = "keycloak"; |
| 6 | sopsFile = ../../secrets/keycloak_rsa_private_key.pem; |
| 7 | format = "binary"; |
| 8 | }; |
| 9 | |
| 10 | users.users.keycloak = { |
| 11 | isSystemUser = true; |
| 12 | createHome = true; |
| 13 | home = "/var/keycloak"; |
| 14 | group = "keycloak"; |
| 15 | }; |
| 16 | users.groups.keycloak = {}; |
| 17 | systemd.services.keycloak.serviceConfig.DynamicUser = lib.mkForce false; |
| 18 | |
| Skyler Grey | 0e05d26 | 2023-10-09 07:04:36 +0000 | [diff] [blame] | 19 | services.keycloak = { |
| 20 | enable = true; |
| 21 | settings = { |
| 22 | http-host = "127.0.0.1"; |
| 23 | http-port = 9083; |
| 24 | https-port = 9084; |
| 25 | http-enabled = true; |
| 26 | |
| 27 | proxy = "edge"; |
| 28 | |
| 29 | # https-port = 9084; |
| 30 | hostname = "login.clicks.codes"; |
| 31 | hostname-strict = false; |
| 32 | |
| Skyler Grey | 22428b0 | 2023-11-19 13:20:56 +0000 | [diff] [blame] | 33 | https-certificate-file = "${./keycloak/login.clicks.codes.rsa.cert.pem}"; |
| 34 | https-certificate-key-file = config.sops.secrets.keycloak_rsa_private_key.path; |
| Skyler Grey | 0e05d26 | 2023-10-09 07:04:36 +0000 | [diff] [blame] | 35 | }; |
| 36 | database = { |
| 37 | createLocally = false; |
| 38 | port = config.services.postgresql.port; |
| 39 | passwordFile = config.sops.secrets.clicks_keycloak_db_password.path; |
| 40 | }; |
| 41 | }; |
| Skyler Grey | 22428b0 | 2023-11-19 13:20:56 +0000 | [diff] [blame] | 42 | |
| Skyler Grey | 0e05d26 | 2023-10-09 07:04:36 +0000 | [diff] [blame] | 43 | } |