From 405ac10b60ea5ae0570c519744fef7c41a1b1c87 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Sat, 24 Sep 2022 13:03:53 -0400
Subject: Upgrade

---
 config/keycloak.nix | 54 ++++++++++++-----------------------------------------
 1 file changed, 12 insertions(+), 42 deletions(-)

(limited to 'config/keycloak.nix')

diff --git a/config/keycloak.nix b/config/keycloak.nix
index 7327bfb..fb02dc2 100644
--- a/config/keycloak.nix
+++ b/config/keycloak.nix
@@ -1,46 +1,16 @@
 { config, lib, pkgs, ... }:
-with lib;
-let
-  cfg = config.services.keycloak;
 
-  defaultConfig = "${pkgs.keycloak}/standalone/configuration";
-
-  keycloakConfig = pkgs.runCommand "keycloak-config" {} ''
-    mkdir $out
-    cp ${defaultConfig}/application-roles.properties $out/
-    cp ${defaultConfig}/application-users.properties $out/
-    cp ${defaultConfig}/mgmt-groups.properties $out/
-    cp ${defaultConfig}/mgmt-users.properties $out/
-    cp ${defaultConfig}/standalone.xml $out/
-    {
-      grep -v FILE ${defaultConfig}/logging.properties
-      echo "logger.handlers=CONSOLE"
-      echo "handler.CONSOLE.level=ALL"
-    } > $out/logging.properties
-  '';
-
-in {
-  options = {
-    services.keycloak = {
-      enable = mkEnableOption "Keycloak Identity and Access Management Server";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.keycloak = {
-      description = "Keycloak Identity and Access Management Server";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      preStart = ''
-        mkdir -p /var/lib/keycloak/logs
-        mkdir -p /var/lib/keycloak/config
-        cp ${keycloakConfig}/*.properties /var/lib/keycloak/config
-      '';
-      serviceConfig = {
-        ExecStart = "${pkgs.keycloak}/bin/standalone.sh -Djboss.server.base.dir=/var/lib/keycloak -Djboss.server.config.dir=/var/lib/keycloak/config --read-only-server-config=${keycloakConfig}/standalone.xml";
-      };
-    };
+{
+  age.secrets."dragon-keycloak.age".file = ../secrets/dragon-keycloak.age;
+  services.postgresql.enable = true;
+  services.keycloak = {
+    enable = true;
+    settings.hostname = "auth.orbekk.com";
+    settings.log-level = "INFO";
+    settings.http-port = (import ../data/aliases.nix).services.keycloak.http-port;
+    settings.hostname-strict-https = false;
+    settings.proxy = "edge";
+    database.type = "postgresql";
+    database.passwordFile = config.age.secrets."dragon-keycloak.age".path;
   };
 }
-
-
-- 
cgit v1.2.3