30 lines
794 B
Nix
30 lines
794 B
Nix
{ config, pkgs, ... }:
|
|
let
|
|
my = config.my;
|
|
port = 8080;
|
|
in
|
|
{
|
|
services.keycloak = {
|
|
enable = true;
|
|
package = pkgs.keycloak.override {
|
|
jre = pkgs.jre8;
|
|
};
|
|
initialAdminPassword = "changemeasap";
|
|
database.createLocally = true;
|
|
database.passwordFile = config.age.secrets.keycloakDatabasePasswordFile.path;
|
|
frontendUrl = "https://auth.${my.subZone}/auth/";
|
|
forceBackendUrlToFrontendUrl = true;
|
|
httpPort = toString port;
|
|
extraConfig = {
|
|
"subsystem=undertow"."server=default-server"."http-listener=default".proxy-address-forwarding = true;
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."auth.${my.subZone}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString port}";
|
|
};
|
|
};
|
|
}
|