feat(keycloak): add, broken

2026-02-09 04:19:19 -08:00 · 2024-03-13 15:21:08 -07:00 · 2024-03-13 15:21:08 -07:00 · 7ff72a29ab
commit 7ff72a29ab
parent e63304937d
6 changed files with 223 additions and 0 deletions
--- a/nixos/keycloak.nix
+++ b/nixos/keycloak.nix
@ -0,0 +1,25 @@
+{config, ...}: {
+  sops.secrets = let
+    commonSecret = {
+      sopsFile = ./secrets/keycloak.yaml;
+      owner = "keycloak";
+    };
+  in {
+    keycloak_db_password = commonSecret;
+  };
+
+  services.keycloak = {
+    enable = true;
+
+    database = {
+      host = "postgresql.local.${config.networking.domain}";
+      passwordFile = config.sops.secrets.keycloak_db_password.path;
+      createLocally = false;
+    };
+
+    settings = {
+        hostname = "sso.gensokyo.zone";
+        proxy = "edge";
+    };
+  };
+}