Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 9faaa8a22befb9bf1e420bb9ec3192a7edf3a199 / . / modules / common / keycloak.nix
blob: 27da3c8d1e25a72fe6eec9ffdc75046ca0f665ae [file] [log] [blame]
Skyler Grey22428b02023-11-19 13:20:56 +0000[diff] [blame]1{ config, lib, ... }: {
2 sops.secrets.keycloak_rsa_private_key = {
3 mode = "0600";
4 owner = "keycloak";
5 group = "keycloak";
6 sopsFile = ../../secrets/keycloak_rsa_private_key.pem;
7 format = "binary";
8 };
9
10 users.users.keycloak = {
11 isSystemUser = true;
12 createHome = true;
13 home = "/var/keycloak";
14 group = "keycloak";
15 };
16 users.groups.keycloak = {};
17 systemd.services.keycloak.serviceConfig.DynamicUser = lib.mkForce false;
18
Skyler Grey915067d2023-12-03 13:46:53 +0000[diff] [blame]19 systemd.services.keycloak.requires = [ "postgresql.service" ];
20
Skyler Grey0e05d262023-10-09 07:04:36 +0000[diff] [blame]21 services.keycloak = {
22 enable = true;
23 settings = {
24 http-host = "127.0.0.1";
25 http-port = 9083;
26 https-port = 9084;
27 http-enabled = true;
28
29 proxy = "edge";
30
31 # https-port = 9084;
32 hostname = "login.clicks.codes";
33 hostname-strict = false;
34
Skyler Grey22428b02023-11-19 13:20:56 +0000[diff] [blame]35 https-certificate-file = "${./keycloak/login.clicks.codes.rsa.cert.pem}";
36 https-certificate-key-file = config.sops.secrets.keycloak_rsa_private_key.path;
Skyler Grey0e05d262023-10-09 07:04:36 +0000[diff] [blame]37 };
38 database = {
39 createLocally = false;
40 port = config.services.postgresql.port;
41 passwordFile = config.sops.secrets.clicks_keycloak_db_password.path;
42 };
43 };
Skyler Greye95383d2023-12-22 23:30:04 +0000[diff] [blame]44
45 services.nginx.virtualHosts."login.clicks.codes".locations."/".extraConfig = ''
46 proxy_buffers 16 32k;
47 proxy_buffer_size 64k;
48 proxy_busy_buffers_size 64k;
49 '';
Skyler Grey0e05d262023-10-09 07:04:36 +0000[diff] [blame]50}