gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/keycloak.nix

35 lines
754 B
Nix
Raw Blame History

{config, lib, ...}: let
inherit (lib.modules) mkForce;
in {
sops.secrets = let
commonSecret = {
sopsFile = ./secrets/keycloak.yaml;
owner = "keycloak";
};
in {
keycloak_db_password = commonSecret;
};
users.users.keycloak = {
isSystemUser = true;
group = "keycloak";
};
users.groups.keycloak = {};
systemd.services.keycloak.serviceConfig.DynamicUser = mkForce false;
services.keycloak = {
enable = true;
database = {
host = "postgresql.local.${config.networking.domain}";
passwordFile = config.sops.secrets.keycloak_db_password.path;
createLocally = false;
useSSL = false;
};
settings = {
hostname = "sso.gensokyo.zone";
proxy = "edge";
};
};
}
Reference in a new issue View git blame Copy permalink