From 6e6e5857fd28128e94a0ef1757b183c679cc2b5f Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Fri, 31 Mar 2023 15:20:56 +0200 Subject: [PATCH] 001_momo_koeln: Add keycloak --- hosts/host_001_momo_koeln/configuration.nix | 2 ++ hosts/host_001_momo_koeln/keycloak.nix | 25 +++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 hosts/host_001_momo_koeln/keycloak.nix diff --git a/hosts/host_001_momo_koeln/configuration.nix b/hosts/host_001_momo_koeln/configuration.nix index 43e5558f..71f49ad8 100644 --- a/hosts/host_001_momo_koeln/configuration.nix +++ b/hosts/host_001_momo_koeln/configuration.nix @@ -5,6 +5,8 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix + + ./keycloak.nix ]; pub-solar.core.lite = true; diff --git a/hosts/host_001_momo_koeln/keycloak.nix b/hosts/host_001_momo_koeln/keycloak.nix new file mode 100644 index 00000000..da712d09 --- /dev/null +++ b/hosts/host_001_momo_koeln/keycloak.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + inputs, + pkgs, + self, + ... +}: { + age.secrets.keycloak-database-password = { + file = "${self}/secrets/keycloak-database-password.age"; + mode = "700"; + }; + + # keycloak + services.keycloak = { + enable = true; + database.passwordFile = config.age.secrets.keycloak-database-password.path; + settings = { + hostname = "auth.momo.koeln"; + http-host = "127.0.0.1"; + http-port = 8080; + proxy = "edge"; + }; + }; +}