adding keycloak

modules/keycloak.nix

@@ -0,0 +1,29 @@
+{ config, lib, pkgs, unstable, ... }:
+
+let
+  dn = "auth.tfcconnection.org";
+in
+with lib;
+{
+  services = {
+    keycloak = {
+      enable = true;
+      initialAdminPassword = "clang";
+      settings = {
+        hostname = dn;
+        http-port = 8787;
+        https-port = 8788;
+        proxy = "passthrough";
+      };
+    };
+    nginx.virtualHosts.${dn} = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/" = {
+          proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}";
+        };
+      };
+    };
+  };
+}

modules/nextcloud.nix

@@ -26,7 +26,7 @@ with lib;
       extraApps = with config.services.nextcloud.package.packages.apps; {
         # List of apps we want to install and are already packaged in
         # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
-        inherit calendar contacts collectives recognize deck integration_openai mail groupfolders memories tasks app_api previewgenerator richdocuments;
+        inherit calendar contacts collectives recognize deck integration_openai mail groupfolders memories user_oidc tasks app_api previewgenerator richdocuments;
         # Custom app example.
         # socialsharing_telegram = pkgs.fetchNextcloudApp rec {
         #   url =
@@ -62,6 +62,10 @@ with lib;
           "OC\Preview\TXT"
           "OC\Preview\XBitmap"
         ];
+        user_oidc = {
+          auto_provision = true;
+          soft_auto_provision = true;
+        };
       };
       config = {
         dbtype = "pgsql";

system/shen/configuration.nix

@@ -21,6 +21,7 @@ in
       ../../modules/vaultwarden.nix
       # ../../modules/nocodb.nix
       ../../modules/grist.nix
+      ../../modules/keycloak.nix
       # ../../modules/comfyui.nix
       # ../../pkgs/server.nix
       # ../../pkgs/nextcloud.nix