From 48514892afe16749613ad459c0aa31bbaa00f331 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 24 Jul 2025 16:03:43 -0500 Subject: [PATCH] keycloak wip --- .../configuration/homebox/default.nix | 2 +- .../services/containers/keycloak/default.nix | 23 +++++++++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix index 0821ccc..dd855e3 100644 --- a/system-config/configuration/homebox/default.nix +++ b/system-config/configuration/homebox/default.nix @@ -260,7 +260,7 @@ virtualization = { traefik.enable = true; authentik.enable = true; - jellyfin.enable = false; + jellyfin.enable = true; "blunkall.us".enable = true; pihole.enable = false; #broken nextcloud.enable = true; diff --git a/system-config/services/containers/keycloak/default.nix b/system-config/services/containers/keycloak/default.nix index f27b1be..5b9c08e 100644 --- a/system-config/services/containers/keycloak/default.nix +++ b/system-config/services/containers/keycloak/default.nix @@ -14,6 +14,10 @@ hostAddress = "192.168.100.10"; localAddress = "192.168.100.22"; + extraFlags = [ + "--load-credential=dbpass:${config.sops.secrets."keycloak/dbpass".path}" + ]; + bindMounts = { "/etc/keycloak" = { hostPath = "/ssd1/Keycloak"; @@ -22,6 +26,21 @@ }; config = { + + systemd.services.secrets_setup = { + wantedBy = [ "keycloak.service" ]; + + serviceConfig = { + LoadCredential = [ + "dbpass" + ]; + }; + + script = '' + cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/keycloak/dbpass + chown keycloak:keycloak /etc/keycloak/* + ''; + }; services.keycloak = { @@ -29,10 +48,6 @@ settings = { hostname = "auth.blunkall.us"; - - http-enabled = true; - - }; };