42 lines
1 KiB
Nix
42 lines
1 KiB
Nix
{ config, lib, pkgs, unstable, ... }:
|
|
|
|
let
|
|
dn = "auth.tfcconnection.org";
|
|
in
|
|
with lib;
|
|
{
|
|
services = {
|
|
keycloak = {
|
|
enable = true;
|
|
initialAdminPassword = "clang";
|
|
settings = {
|
|
hostname = dn;
|
|
http-port = 8787;
|
|
# https-port = 8788;
|
|
http-enabled = true;
|
|
# http-relative-path = "/";
|
|
hostname-strict-https = false;
|
|
proxy-headers = "xforwarded";
|
|
# proxy = "passthrough";
|
|
};
|
|
database.passwordFile = "/keycloakbd";
|
|
};
|
|
|
|
nginx.virtualHosts.${dn} = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations = {
|
|
"/" = {
|
|
proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}";
|
|
extraConfig = ''
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|