gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(vouch): switch to keycloak

Browse source
This commit is contained in:
arcnmx 2024-03-18 15:34:25 -07:00
parent 88477df521
commit b9cb9dc54d
5 changed files with 38 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

16
nixos/keycloak.nix
View file

@ -1,5 +1,5 @@
{config, lib, ...}: let
inherit (lib.modules) mkForce;
inherit (lib.modules) mkForce;
in {
sops.secrets = let
commonSecret = {
@ -9,14 +9,14 @@ in {
in {
keycloak_db_password = commonSecret;
};
users.users.keycloak = {
users.users.keycloak = {
isSystemUser = true;
group = "keycloak";
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
users.groups.keycloak = {};
systemd.services.keycloak.serviceConfig.DynamicUser = mkForce false;
networking.firewall.interfaces.local.allowedTCPPorts = [ 80 ];
users.groups.keycloak = {};
systemd.services.keycloak.serviceConfig.DynamicUser = mkForce false;
services.keycloak = {
enable = true;
@ -29,8 +29,8 @@ systemd.services.keycloak.serviceConfig.DynamicUser = mkForce false;
};
settings = {
hostname = "sso.gensokyo.zone";
proxy = "edge";
hostname = "sso.${config.networking.domain}";
proxy = "edge";
};
};
}