2283ee602a
This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf>
27 lines
719 B
Nix
27 lines
719 B
Nix
{ config, ... }:
|
|
let
|
|
my = config.my;
|
|
port = 8080;
|
|
in
|
|
{
|
|
services.keycloak = {
|
|
enable = true;
|
|
initialAdminPassword = "changemeasap";
|
|
database.createLocally = true;
|
|
database.passwordFile = config.age.secrets.keycloakDatabasePasswordFile.path;
|
|
frontendUrl = "https://auth.${my.subZone}/auth/";
|
|
forceBackendUrlToFrontendUrl = true;
|
|
httpPort = toString port;
|
|
extraConfig = {
|
|
"subsystem=undertow"."server=default-server"."http-listener=default".proxy-address-forwarding = true;
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."auth.${my.subZone}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString port}";
|
|
};
|
|
};
|
|
}
|