keycloak wip

2025-07-24 16:03:43 -05:00
parent 375ee4aa93
commit 48514892af
2 changed files with 20 additions and 5 deletions
--- a/system-config/services/containers/keycloak/default.nix
+++ b/system-config/services/containers/keycloak/default.nix
@@ -14,6 +14,10 @@
            hostAddress = "192.168.100.10";
            localAddress = "192.168.100.22";

+            extraFlags = [
+                "--load-credential=dbpass:${config.sops.secrets."keycloak/dbpass".path}"
+            ];
+
            bindMounts = {
                "/etc/keycloak" = {
                    hostPath = "/ssd1/Keycloak";
@@ -22,6 +26,21 @@
            };

            config = {
+
+                systemd.services.secrets_setup = {
+                    wantedBy = [ "keycloak.service" ];
+
+                    serviceConfig = {
+                        LoadCredential = [
+                            "dbpass"
+                        ];
+                    };
+
+                    script = ''
+                        cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/keycloak/dbpass
+                        chown keycloak:keycloak /etc/keycloak/*
+                    '';
+                };
                
                services.keycloak = {
                    
@@ -29,10 +48,6 @@

                    settings = {
                        hostname = "auth.blunkall.us";
-
-                        http-enabled = true;
-
-                        
                    };
                };