tvl-depot/ops/modules/www/auth.tvl.fyi.nix

{ config, ... }:

{
  imports = [
    ./base.nix
  ];

  config = {
    services.nginx.virtualHosts."auth.tvl.fyi" = {
      serverName = "auth.tvl.fyi";
      enableACME = true;
      forceSSL = true;

      extraConfig = ''
        location / {
          proxy_pass http://localhost:${config.services.keycloak.httpPort};
          proxy_set_header X-Forwarded-For $remote_addr;
          proxy_set_header X-Forwarded-Proto https;
          proxy_set_header Host $host;
        }
      '';
    };
  };
}
feat(whitby): Configure initial Keycloak setup Trialing this as an alternative to CAS that is a little easier to configure and can help us delegate authentication to other OIDC services. Change-Id: Iad63724d349334910af8fed0b148e4ba428f796b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4608 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> 2021-12-25 15:06:15 +01:00			`{ config, ... }:`

			`{`
			`imports = [`
			`./base.nix`
			`];`

			`config = {`
			`services.nginx.virtualHosts."auth.tvl.fyi" = {`
			`serverName = "auth.tvl.fyi";`
			`enableACME = true;`
			`forceSSL = true;`

			`extraConfig = ''`
			`location / {`
			`proxy_pass http://localhost:${config.services.keycloak.httpPort};`
			`proxy_set_header X-Forwarded-For $remote_addr;`
			`proxy_set_header X-Forwarded-Proto https;`
			`proxy_set_header Host $host;`
			`}`
			`'';`
			`};`
			`};`
			`}`