From 5139cbe2db6a54f7611cc56b14c025a63ced9800 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Sat, 28 Oct 2023 15:05:30 +0200
Subject: [PATCH] feat: init keycloak

---
 flake.lock                         | 96 +++++++++++++++++++++++++++++-
 flake.nix                          |  3 +
 hosts/nachtigall/apps/keycloak.nix | 40 +++++++++++++
 3 files changed, 138 insertions(+), 1 deletion(-)
 create mode 100644 hosts/nachtigall/apps/keycloak.nix

diff --git a/flake.lock b/flake.lock
index 56eb596..9e7b689 100644
--- a/flake.lock
+++ b/flake.lock
@@ -80,6 +80,28 @@
         "type": "github"
       }
     },
+    "devshell": {
+      "inputs": {
+        "nixpkgs": [
+          "keycloak-theme-pub-solar",
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1688380630,
+        "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -115,6 +137,24 @@
       }
     },
     "flake-utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1689068808,
+        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
       "locked": {
         "lastModified": 1634851050,
         "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@@ -150,6 +190,29 @@
         "type": "github"
       }
     },
+    "keycloak-theme-pub-solar": {
+      "inputs": {
+        "devshell": "devshell",
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1689875310,
+        "narHash": "sha256-gJxh8fVX24nZXBxstZcrzZhMRFG9jyOnQEfkgoRr39I=",
+        "ref": "main",
+        "rev": "c2c86bbf9855f16a231a596b75b443232a7b9395",
+        "revCount": 24,
+        "type": "git",
+        "url": "https://git.pub.solar/pub-solar/keycloak-theme"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.pub.solar/pub-solar/keycloak-theme"
+      }
+    },
     "mastodon-fork": {
       "locked": {
         "lastModified": 1698490885,
@@ -242,6 +305,7 @@
         "deploy-rs": "deploy-rs",
         "flake-parts": "flake-parts",
         "home-manager": "home-manager",
+        "keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
         "mastodon-fork": "mastodon-fork",
         "nix-darwin": "nix-darwin",
         "nixos-flake": "nixos-flake",
@@ -250,11 +314,41 @@
         "unstable": "unstable"
       }
     },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "terranix": {
       "inputs": {
         "bats-assert": "bats-assert",
         "bats-support": "bats-support",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nixpkgs"
         ],
diff --git a/flake.nix b/flake.nix
index 8b46b54..0bc7545 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,6 +24,9 @@
     agenix.inputs.nixpkgs.follows = "nixpkgs";
     agenix.inputs.darwin.follows = "nix-darwin";
     agenix.inputs.home-manager.follows = "home-manager";
+
+    keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main";
+    keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs = inputs@{ self, terranix, ... }:
diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix
new file mode 100644
index 0000000..6ccefc1
--- /dev/null
+++ b/hosts/nachtigall/apps/keycloak.nix
@@ -0,0 +1,40 @@
+{
+  flake,
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}: {
+  age.secrets.keycloak-database-password = {
+    file = "${flake.self}/secrets/keycloak-database-password.age";
+    mode = "700";
+    #owner = "keycloak";
+  };
+
+  services.caddy.virtualHosts."auth.pub.solar" = {
+    # logFormat = lib.mkForce ''
+    #   output discard
+    # '';
+    extraConfig = ''
+      redir / /realms/pub.solar/account temporary
+      reverse_proxy :8080
+    '';
+  };
+
+  # keycloak
+  services.keycloak = {
+    enable = true;
+    database.passwordFile = config.age.secrets.keycloak-database-password.path;
+    settings = {
+      hostname = "auth.pub.solar";
+      http-host = "127.0.0.1";
+      http-port = 8080;
+      proxy = "edge";
+      features = "declarative-user-profile";
+    };
+    themes = {
+      "pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
+    };
+  };
+}