infrastructure/machines/core-services-01/keycloak.nix

{ config, ... }:
let
  my = config.my;
  port = 8080;
in
{
  services.keycloak = {
    enable = true;
    initialAdminPassword = "changemeasap";
    database.createLocally = true;
    database.passwordFile = config.age.secrets.keycloakDatabasePasswordFile.path; 
    frontendUrl = "https://auth.${my.subZone}/auth/";
    forceBackendUrlToFrontendUrl = true;
    httpPort = toString port;
    extraConfig = {
      "subsystem=undertow"."server=default-server"."http-listener=default".proxy-address-forwarding = true;
    };
  };

  services.nginx.virtualHosts."auth.${my.subZone}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${toString port}";
    };
  };
}
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`{ config, ... }:`
			`let`
			`my = config.my;`
			`port = 8080;`
			`in`
			`{`
			`services.keycloak = {`
			`enable = true;`
			`initialAdminPassword = "changemeasap";`
			`database.createLocally = true;`
			`database.passwordFile = config.age.secrets.keycloakDatabasePasswordFile.path;`
			`frontendUrl = "https://auth.${my.subZone}/auth/";`
			`forceBackendUrlToFrontendUrl = true;`
			`httpPort = toString port;`
			`extraConfig = {`
			`"subsystem=undertow"."server=default-server"."http-listener=default".proxy-address-forwarding = true;`
			`};`
			`};`

			`services.nginx.virtualHosts."auth.${my.subZone}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:${toString port}";`
			`};`
			`};`
			`}`