gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(keycloak): get closer to working

Browse source
This commit is contained in:
Kat Inskip 2024-03-13 21:53:28 -07:00
parent 7ff72a29ab
commit 08fa02ac20
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
8 changed files with 296 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

12
nixos/keycloak.nix
View file

@ -1,4 +1,6 @@
{config, ...}: {
{config, lib, ...}: let
inherit (lib.modules) mkForce;
in {
sops.secrets = let
commonSecret = {
sopsFile = ./secrets/keycloak.yaml;
@ -7,6 +9,13 @@
in {
keycloak_db_password = commonSecret;
};
users.users.keycloak = {
isSystemUser = true;
group = "keycloak";
};
users.groups.keycloak = {};
systemd.services.keycloak.serviceConfig.DynamicUser = mkForce false;
services.keycloak = {
enable = true;
@ -15,6 +24,7 @@
host = "postgresql.local.${config.networking.domain}";
passwordFile = config.sops.secrets.keycloak_db_password.path;
createLocally = false;
useSSL = false;
};
settings = {