Add SOPS secrets for Keycloak database password and update configuration
This commit is contained in:
Danilo Reyes
@@ -16,17 +16,20 @@ in
|
|||||||
owner = "keycloak";
|
owner = "keycloak";
|
||||||
group = "keycloak";
|
group = "keycloak";
|
||||||
};
|
};
|
||||||
|
sops.secrets."keycloak/db_password" = {
|
||||||
|
sopsFile = ../../secrets/secrets.yaml;
|
||||||
|
owner = "keycloak";
|
||||||
|
group = "keycloak";
|
||||||
|
};
|
||||||
services.keycloak = {
|
services.keycloak = {
|
||||||
inherit (cfg) enable;
|
inherit (cfg) enable;
|
||||||
database = {
|
database = {
|
||||||
type = "postgresql";
|
type = "postgresql";
|
||||||
host = config.my.postgresSocket;
|
host = "localhost";
|
||||||
|
createLocally = false;
|
||||||
username = "keycloak";
|
username = "keycloak";
|
||||||
name = "keycloak";
|
name = "keycloak";
|
||||||
};
|
passwordFile = config.sops.secrets."keycloak/db_password".path;
|
||||||
initialAdmin = {
|
|
||||||
user = "admin";
|
|
||||||
passwordFile = config.sops.secrets."keycloak/admin_password".path;
|
|
||||||
};
|
};
|
||||||
settings = {
|
settings = {
|
||||||
hostname = cfg.host;
|
hostname = cfg.host;
|
||||||
@@ -35,7 +38,11 @@ in
|
|||||||
"http-enabled" = true;
|
"http-enabled" = true;
|
||||||
"http-port" = cfg.port;
|
"http-port" = cfg.port;
|
||||||
"proxy" = "edge";
|
"proxy" = "edge";
|
||||||
"frontend-url" = cfg.url;
|
};
|
||||||
|
};
|
||||||
|
systemd.services.keycloak = {
|
||||||
|
serviceConfig = {
|
||||||
|
EnvironmentFile = config.sops.secrets."keycloak/admin_password".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts.${cfg.host} =
|
services.nginx.virtualHosts.${cfg.host} =
|
||||||
|
|||||||
Reference in New Issue
Block a user