dump

2025-07-05 11:12:20 +02:00 · 2025-07-05 11:12:20 +02:00 · a90630ecb6
commit a90630ecb6
parent 4ed9ba0d24
98 changed files with 2063 additions and 729 deletions
--- a/nixos/hosts/keycloak/custom-theme.nix
+++ b/nixos/hosts/keycloak/custom-theme.nix
@ -0,0 +1,15 @@
+{stdenv}:
+stdenv.mkDerivation rec {
+  name = "keycloak_custom_theme";
+  version = "1.0";
+
+  src = ./custom_theme;
+
+  nativeBuildInputs = [];
+  buildInputs = [];
+
+  installPhase = ''
+    mkdir -p $out
+    cp -a login $out
+  '';
+}
--- a/nixos/hosts/keycloak/custom-theme/login/resource/css/custom.css
+++ b/nixos/hosts/keycloak/custom-theme/login/resource/css/custom.css
@ -0,0 +1,4 @@
+body {
+    background: red;
+    color: blue;
+}
--- a/nixos/hosts/keycloak/custom-theme/login/resource/theme.properties
+++ b/nixos/hosts/keycloak/custom-theme/login/resource/theme.properties
@ -0,0 +1,3 @@
+parent=base
+import=common/keycloak
+styles=css/custom.css
--- a/nixos/hosts/keycloak/default.nix
+++ b/nixos/hosts/keycloak/default.nix
@ -0,0 +1,11 @@
+{pkgs, ...}: let
+  callPackage = pkgs.callPackage;
+in {
+  nixpkgs.overlays = [
+    (final: prev: {
+      custom_keycloak_themes = {
+        custom = callPackage ./custom_theme.nix {};
+      };
+    })
+  ];
+}
--- a/nixos/hosts/keycloak/host.nix
+++ b/nixos/hosts/keycloak/host.nix
@ -0,0 +1,14 @@
+{
+  config,
+  pkgs,
+  modulesPath,
+  lib,
+  ...
+}: {
+  imports = [
+    ../../templates/base.nix
+    ./networking.nix
+    ./sops.nix
+    ./keycloak.nix
+  ];
+}
--- a/nixos/hosts/keycloak/keycloak.nix
+++ b/nixos/hosts/keycloak/keycloak.nix
@ -0,0 +1,31 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.postgresql.enable = true;
+
+  services.keycloak = {
+    enable = true;
+    initialAdminPassword = "password";
+    database = {
+      type = "postgresql";
+      createLocally = true;
+
+      username = "keycloak";
+      passwordFile = config.sops.secrets.keycloak_psql_pass.path;
+    };
+
+    settings = {
+      hostname = "keycloak.procopius.dk";
+      # hostname-admin = "http://keycloak.lab:8080";
+      # hostname-strict = false;
+      # hostname-backchannel-dynamic = true;
+      http-enabled = true;
+      http-port = 8080;
+      proxy-headers = "xforwarded";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [8080];
+}
--- a/nixos/hosts/keycloak/networking.nix
+++ b/nixos/hosts/keycloak/networking.nix
@ -0,0 +1,8 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  networking.hostName = "keycloak";
+}
--- a/nixos/hosts/keycloak/sops.nix
+++ b/nixos/hosts/keycloak/sops.nix
@ -0,0 +1,12 @@
+{...}: let
+  keycloakSops = ../../secrets/keycloak/secrets.yml;
+in {
+  sops.secrets.keycloak_psql_pass = {
+    sopsFile = keycloakSops;
+    mode = "0440";
+  };
+  sops.secrets.keycloak_admin_pass = {
+    sopsFile = keycloakSops;
+    mode = "0440";
+  };
+}