dump

nixos/hosts/keycloak/keycloak.nix

@@ -0,0 +1,31 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.postgresql.enable = true;
+
+  services.keycloak = {
+    enable = true;
+    initialAdminPassword = "password";
+    database = {
+      type = "postgresql";
+      createLocally = true;
+
+      username = "keycloak";
+      passwordFile = config.sops.secrets.keycloak_psql_pass.path;
+    };
+
+    settings = {
+      hostname = "keycloak.procopius.dk";
+      # hostname-admin = "http://keycloak.lab:8080";
+      # hostname-strict = false;
+      # hostname-backchannel-dynamic = true;
+      http-enabled = true;
+      http-port = 8080;
+      proxy-headers = "xforwarded";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [8080];
+}