rice/hosts/ami/keycloak.nix
buffet 501b37426e
All checks were successful
/ check (pull_request) Successful in 2m29s
feat: temporarily enable hostname debug
2024-05-25 17:55:34 +02:00

42 lines
838 B
Nix

{
config,
pkgs,
...
}: let
port = 11328;
in {
age.secrets.keycloak-db-pass.file = ../../secrets/keycloak-db-pass.age;
services.keycloak = {
enable = true;
package = pkgs.unstable.keycloak;
database.passwordFile = config.age.secrets.keycloak-db-pass.path;
settings = {
hostname = "https://kc.buffet.sh/";
http-port = port;
proxy = "edge";
hostname-debug = "true";
};
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."kc.buffet.sh" = {
useACMEHost = "buffet.sh";
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:${toString port}";
};
};
};
};
}