diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2022-09-24 13:03:53 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2022-09-24 13:03:53 -0400 |
| commit | 405ac10b60ea5ae0570c519744fef7c41a1b1c87 (patch) | |
| tree | 4e1710bdd93d0789aeaa4628f65c2954220eef7b /config/keycloak.nix | |
| parent | eb6eae78554239e87d4af0f3f53c5175dc226290 (diff) | |
Upgrade
Diffstat (limited to 'config/keycloak.nix')
| -rw-r--r-- | config/keycloak.nix | 54 |
1 files changed, 12 insertions, 42 deletions
diff --git a/config/keycloak.nix b/config/keycloak.nix index 7327bfb..fb02dc2 100644 --- a/config/keycloak.nix +++ b/config/keycloak.nix @@ -1,46 +1,16 @@ { config, lib, pkgs, ... }: -with lib; -let - cfg = config.services.keycloak; - defaultConfig = "${pkgs.keycloak}/standalone/configuration"; - - keycloakConfig = pkgs.runCommand "keycloak-config" {} '' - mkdir $out - cp ${defaultConfig}/application-roles.properties $out/ - cp ${defaultConfig}/application-users.properties $out/ - cp ${defaultConfig}/mgmt-groups.properties $out/ - cp ${defaultConfig}/mgmt-users.properties $out/ - cp ${defaultConfig}/standalone.xml $out/ - { - grep -v FILE ${defaultConfig}/logging.properties - echo "logger.handlers=CONSOLE" - echo "handler.CONSOLE.level=ALL" - } > $out/logging.properties - ''; - -in { - options = { - services.keycloak = { - enable = mkEnableOption "Keycloak Identity and Access Management Server"; - }; - }; - - config = mkIf cfg.enable { - systemd.services.keycloak = { - description = "Keycloak Identity and Access Management Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - preStart = '' - mkdir -p /var/lib/keycloak/logs - mkdir -p /var/lib/keycloak/config - cp ${keycloakConfig}/*.properties /var/lib/keycloak/config - ''; - serviceConfig = { - ExecStart = "${pkgs.keycloak}/bin/standalone.sh -Djboss.server.base.dir=/var/lib/keycloak -Djboss.server.config.dir=/var/lib/keycloak/config --read-only-server-config=${keycloakConfig}/standalone.xml"; - }; - }; +{ + age.secrets."dragon-keycloak.age".file = ../secrets/dragon-keycloak.age; + services.postgresql.enable = true; + services.keycloak = { + enable = true; + settings.hostname = "auth.orbekk.com"; + settings.log-level = "INFO"; + settings.http-port = (import ../data/aliases.nix).services.keycloak.http-port; + settings.hostname-strict-https = false; + settings.proxy = "edge"; + database.type = "postgresql"; + database.passwordFile = config.age.secrets."dragon-keycloak.age".path; }; } - - |