gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(ci): flake update

Browse source
This commit is contained in:
arcnmx 2024-07-02 07:50:38 -07:00
parent 46c14614a9
commit 1475714bce
4 changed files with 17 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

16
nixos/keycloak.nix
View file

@ -1,27 +1,17 @@
{
systemConfig,
access,
config,
gensokyo-zone,
lib,
...
}: let
inherit (lib.modules) mkIf mkForce mkDefault;
inherit (lib.lists) optional;
cfg = config.services.keycloak;
cert = access.mkSnakeOil {
name = "keycloak-selfsigned";
domain = hostname;
};
hostname = "sso.${config.networking.domain}";
hostname-strict = false;
inherit (gensokyo-zone.self.legacyPackages.${systemConfig.system}) patchedNixpkgs;
keycloakModulePath = "services/web-apps/keycloak.nix";
in {
# upstream keycloak makes an incorrect assumption in its assertions, so we patch it
disabledModules = optional (!hostname-strict) keycloakModulePath;
imports = optional (!hostname-strict) (patchedNixpkgs + "/nixos/modules/${keycloakModulePath}");
sops.secrets = let
commonSecret = {
sopsFile = ./secrets/keycloak.yaml;
@ -61,9 +51,11 @@ in {
useSSL = postgresql.ports.default.ssl;
};
settings = {
settings = let
hostname-strict = false;
in {
hostname = mkDefault (
if hostname-strict
if cfg.settings.hostname-strict
then hostname
else null
);