{ config, pkgs, lib, ... }: let cfg = config.services.keycloak.settings; in { sops.secrets."keycloak/postgres" = { }; services.keycloak = { enable = true; database = { type = "postgresql"; createLocally = true; username = "keycloak"; passwordFile = config.sops.secrets."keycloak/postgres".path; }; settings = { cache = "local"; hostname = "https://iam.feal.no"; hostname-backchannel-dynamic = false; http-enabled = true; http-host = "127.0.1.2"; http-port = 5060; proxy-headers = "xforwarded"; }; }; # The main reverse proxy is defined in ./nginx.nix services.nginx.virtualHosts.${cfg.hostname} = { locations."= /".return = "302 ${cfg.hostname}/realms/feal.no/account"; }; }