os/hosts/0001/keycloak.nix

{
  config,
  lib,
  inputs,
  pkgs,
  self,
  ...
}: let
  hostAddress = "10.10.42.1";
  serviceAddress = "10.10.42.1";

  hostname = "auth.momo.koeln";

  dbUserName = "keycloak";

  hostStateDir = "/mnt/internal/keycloak";
  containerStateDir = "/var/lib/keycloak";
in {
  age.secrets.keycloak-database-password = {
    file = "${self}/secrets/keycloak-database-password.age";
    mode = "700";
    #owner = "keycloak";
  };

  services.caddy.virtualHosts.${hostname} = {
    logFormat = lib.mkForce ''
      output discard
    '';
    extraConfig = ''
      redir / /realms/momo.koeln/account temporary
      reverse_proxy ${serviceAddress}:8080
    '';
  };

  containers."keycloak" = {
    privateNetwork = true;
    hostAddress = hostAddress;
    localAddress = serviceAddress;

    bindMounts."${containerStateDir}" = {
      hostPath = hostStateDir;
      isReadOnly = false;
    };

    bindMounts."${config.age.secrets.keycloak-database-password.path}" = {
      hostPath = config.age.secrets.keycloak-database-password.path;
      isReadOnly = true;
    };

    config = {
      config,
      pkgs,
      ...
    }: {
      # keycloak
      services.keycloak = {
        enable = true;
        database.passwordFile = config.age.secrets.keycloak-database-password.path;

        settings = {
          hostname = domain;
          http-host = "0.0.0.0";
          http-port = 8080;
          proxy = "edge";
        };

        # themes = {
        #   "momo.koeln" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
        # };
      };
    };
  };
}
Initial proposal for momo infrastructure setup 2023-02-25 03:24:27 +00:00			`{`
			`config,`
			`lib,`
			`inputs,`
			`pkgs,`
			`self,`
			`...`
			`}: let`
			`hostAddress = "10.10.42.1";`
			`serviceAddress = "10.10.42.1";`

			`hostname = "auth.momo.koeln";`

			`dbUserName = "keycloak";`

			`hostStateDir = "/mnt/internal/keycloak";`
			`containerStateDir = "/var/lib/keycloak";`
			`in {`
			`age.secrets.keycloak-database-password = {`
			`file = "${self}/secrets/keycloak-database-password.age";`
			`mode = "700";`
			`#owner = "keycloak";`
			`};`

			`services.caddy.virtualHosts.${hostname} = {`
			`logFormat = lib.mkForce ''`
			`output discard`
			`'';`
			`extraConfig = ''`
			`redir / /realms/momo.koeln/account temporary`
			`reverse_proxy ${serviceAddress}:8080`
			`'';`
			`};`

			`containers."keycloak" = {`
			`privateNetwork = true;`
			`hostAddress = hostAddress;`
			`localAddress = serviceAddress;`

			`bindMounts."${containerStateDir}" = {`
			`hostPath = hostStateDir;`
			`isReadOnly = false;`
			`};`

			`bindMounts."${config.age.secrets.keycloak-database-password.path}" = {`
			`hostPath = config.age.secrets.keycloak-database-password.path;`
			`isReadOnly = true;`
			`};`

			`config = {`
			`config,`
			`pkgs,`
			`...`
			`}: {`
			`# keycloak`
			`services.keycloak = {`
			`enable = true;`
			`database.passwordFile = config.age.secrets.keycloak-database-password.path;`

			`settings = {`
			`hostname = domain;`
			`http-host = "0.0.0.0";`
			`http-port = 8080;`
			`proxy = "edge";`
			`};`

			`# themes = {`
			`# "momo.koeln" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;`
			`# };`
			`};`
			`};`
			`};`
			`}`