Update Keycloak configuration to use new secrets file and adjust environment variable references

2025-12-10 02:29:34 -06:00
parent 4d788d90ca
commit e714a8d184
3 changed files with 21 additions and 24 deletions
--- a/modules/servers/keycloak.nix
+++ b/modules/servers/keycloak.nix
@@ -11,12 +11,12 @@ in
 {
  options.my.servers.keycloak = setup.mkOptions "keycloak" "auth" 8090;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
-    sops.secrets."keycloak/admin_password" = {
-      sopsFile = ../../secrets/secrets.yaml;
+    sops.secrets.keycloak = {
+      sopsFile = ../../secrets/env.yaml;
      owner = "keycloak";
      group = "keycloak";
    };
-    sops.secrets."keycloak/db_password" = {
+    sops.secrets.postgres-password = {
      sopsFile = ../../secrets/secrets.yaml;
      owner = "keycloak";
      group = "keycloak";
@@ -31,21 +31,16 @@ in
        name = "keycloak";
        passwordFile = config.sops.secrets."keycloak/db_password".path;
      };
-      settings = {
-        hostname = cfg.host;
-        "hostname-strict" = true;
-        "hostname-strict-https" = false;
-        "http-enabled" = true;
-        "http-port" = cfg.port;
-        "proxy" = "edge";
-      };
+      settings.hostname = cfg.host;
+      "hostname-strict" = true;
+      "hostname-strict-https" = false;
+      "http-enabled" = true;
+      "http-port" = cfg.port;
+      "proxy" = "edge";
    };
-    systemd.services.keycloak = {
-      serviceConfig = {
-        EnvironmentFile = config.sops.secrets."keycloak/admin_password".path;
-      };
-    };
-    services.nginx.virtualHosts.${cfg.host} =
-      lib.mkIf (cfg.enableProxy && config.my.enableProxy) (inputs.self.lib.proxyReverseFix cfg);
+    systemd.services.keycloak.serviceConfig.EnvironmentFile = config.sops.secrets.keycloak.path;
+    services.nginx.virtualHosts.${cfg.host} = lib.mkIf (cfg.enableProxy && config.my.enableProxy) (
+      inputs.self.lib.proxyReverseFix cfg
+    );
  };
-}
+}