41 lines
807 B
Nix
41 lines
807 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
port = 11328;
|
|
in {
|
|
age.secrets.keycloak-db-pass.file = ../../secrets/keycloak-db-pass.age;
|
|
|
|
services.keycloak = {
|
|
enable = true;
|
|
package = pkgs.unstable.keycloak;
|
|
database.passwordFile = config.age.secrets.keycloak-db-pass.path;
|
|
|
|
settings = {
|
|
hostname = "https://kc.buffet.sh/";
|
|
http-port = port;
|
|
proxy = "edge";
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts."kc.buffet.sh" = {
|
|
useACMEHost = "buffet.sh";
|
|
forceSSL = true;
|
|
|
|
locations = {
|
|
"/" = {
|
|
proxyPass = "http://localhost:${toString port}";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|