forked from katzen-cafe/katzen-cafe
25 lines
506 B
Nix
25 lines
506 B
Nix
{ pkgs, ... }:
|
|
{
|
|
services.keycloak = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
http-port = 8097;
|
|
proxy = "edge";
|
|
hostname = "auth.katzen.cafe";
|
|
hostname-strict-backchannel = true;
|
|
};
|
|
|
|
database = {
|
|
type = "postgresql";
|
|
createLocally = true;
|
|
|
|
username = "keycloak";
|
|
passwordFile = "/run/keys/keycloakDbPw";
|
|
};
|
|
};
|
|
deployment.keys."keycloakDbPw" = {
|
|
keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ];
|
|
destDir = "/run/keys/";
|
|
};
|
|
}
|