kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity

fix(services/keycloak): group

Browse source
This commit is contained in:
Kat Inskip 2022-09-23 18:14:41 -07:00
parent 5153211956
commit 7756c040db
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
1 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
services/keycloak.nix
View file

@ -18,7 +18,7 @@ in {
hostname-strict = false;
http-relative-path = "/auth";
hostname-strict-backchannel = true;
https-key-store-file = "/var/lib/acme/domain-auth/trust-store.jks";
https-key-store-file = "/var/lib/acme/auth.kittywit.ch/trust-store.jks";
https-key-store-password = keystore-pass;
};
};
@ -28,7 +28,7 @@ in {
gid = 10600;
members = [ "keycloak" ];
};
/*
security.acme.certs."auth.kittywit.ch" = {
group = "domain-auth";
postRun = ''
@ -36,7 +36,7 @@ in {
${pkgs.adoptopenjdk-jre-bin}/bin/keytool -import -alias auth.kittywit.ch -noprompt -keystore trust-store.jks -keypass ${keystore-pass} -storepass ${keystore-pass} -file cert.pem
chown acme:domain-auth ./trust-store.jks
'';
};
};*/
users.groups.keycloak = { };
users.users.keycloak = {
@ -56,7 +56,6 @@ in {
};
services.nginx.virtualHosts."auth.kittywit.ch" = {
useACMEHost = "domain-auth";
forceSSL = true;
locations = {
"/".extraConfig = ''