os/hosts/flora-6/keycloak.nix

{
  config,
  lib,
  inputs,
  pkgs,
  self,
  ...
}: {
  age.secrets.keycloak-database-password = {
    file = "${self}/secrets/keycloak-database-password.age";
    mode = "700";
    #owner = "keycloak";
  };

  # keycloak
  services.keycloak = {
    enable = true;
    database.passwordFile = config.age.secrets.keycloak-database-password.path;
    settings = {
      hostname = "auth.pub.solar";
      http-host = "127.0.0.1";
      http-port = 8080;
      proxy = "edge";
      features = "declarative-user-profile";
    };
    themes = {
      "pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
    };
  };
}