federez/nix
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix/profiles/keycloak.nix
Ryan Lahfa 8acdce99df Init infrastructure 
Benjamin, I hate you.

Signed-off-by: Ryan Lahfa <federez-infra@lahfa.xyz>
2024-02-12 04:57:07 +01:00

34 lines
795 B
Nix
Raw Blame History

{ config, ... }: {
# age.secrets.keycloak-password-file.file = ../secrets/keycloak-password-file.age;
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."sso.federez.net" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:8080";
};
};
services.keycloak = {
enable = true;
database = {
createLocally = true;
passwordFile = "/etc/secrets/keycloak-password";
};
settings = {
proxy = "edge";
http-host = "127.0.0.1";
http-port = 8080;
hostname = "sso.federez.net";
};
};
}
Reference in a new issue View git blame Copy permalink