start keycloak config

4 files changed, 14 insertions, 0 deletions

diff --git a/data/aliases.nix b/data/aliases.nix
index 67a363b..6eb3eaf 100644
--- a/data/aliases.nix
+++ b/data/aliases.nix
@@ -54,5 +54,6 @@ rec {
     prometheus-snmp-exporter = { port = 11114; };
     hledger-web = { port = 11116; };
     prometheus-pms7003-exporter = { host = "172.20.100.10"; port = 11117; };
+    keycloak = { http-port = 11118; https-port = 11119; };
   };
 }
diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix
index cb28882..4019a0a 100644
--- a/machines/x1-pincer.nix
+++ b/machines/x1-pincer.nix
@@ -19,6 +19,18 @@ let ports = {
   services.printing.drivers = with pkgs; [ gutenprint brlaser ];
   services.openssh.enable = true;
 
+  # Keycloak config
+  # age.secrets."dragon-keycloak.age".file = ../secrets/dragon-keycloak.age;
+  # services.postgresql.enable = true;
+  # services.keycloak = {
+  #   enable = true;
+  #   settings.hostname = "localhost";
+  #   settings.http-port = (import ../data/aliases.nix).services.keycloak.http-port;
+  #   settings.hostname-strict-https = false;
+  #   database.type = "postgresql";
+  #   database.passwordFile = config.age.secrets."dragon-keycloak.age".path;
+  # };
+
   networking.networkmanager.enable = true;
 
   networking = {
diff --git a/secrets/dragon-keycloak.age b/secrets/dragon-keycloak.age
new file mode 100644
index 0000000..71922a8
--- /dev/null
+++ b/secrets/dragon-keycloak.age
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 566b186..10340d9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -13,6 +13,7 @@ in {
   "dragon-wireguard-key.age".publicKeys = [ orbekk dragon ];
   "dragon-borg-ssh-key.age".publicKeys = [ dragon ];
   "dragon-borg-repo-key.age".publicKeys = [ dragon ];
+  "dragon-keycloak.age".publicKeys = [ orbekk dragon pincer ];
 
   "firelink-wireguard-key.age".publicKeys = [ firelink ];
   "tiny1-wireguard-key.age".publicKeys = [ tiny1 ];