keycloak wip

2025-07-24 16:03:43 -05:00
parent 375ee4aa93
commit 48514892af
2 changed files with 20 additions and 5 deletions
--- a/system-config/configuration/homebox/default.nix
+++ b/system-config/configuration/homebox/default.nix
@@ -260,7 +260,7 @@
        virtualization = {
            traefik.enable = true;
            authentik.enable = true;
-            jellyfin.enable = false;
+            jellyfin.enable = true;
            "blunkall.us".enable = true;
            pihole.enable = false; #broken
            nextcloud.enable = true;
--- a/system-config/services/containers/keycloak/default.nix
+++ b/system-config/services/containers/keycloak/default.nix
@@ -14,6 +14,10 @@
            hostAddress = "192.168.100.10";
            localAddress = "192.168.100.22";
            extraFlags = [
                "--load-credential=dbpass:${config.sops.secrets."keycloak/dbpass".path}"
            ];
            bindMounts = {
                "/etc/keycloak" = {
                    hostPath = "/ssd1/Keycloak";
@@ -22,6 +26,21 @@
            };
            config = {
                systemd.services.secrets_setup = {
                    wantedBy = [ "keycloak.service" ];
                    serviceConfig = {
                        LoadCredential = [
                            "dbpass"
                        ];
                    };
                    script = ''
                        cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/keycloak/dbpass
                        chown keycloak:keycloak /etc/keycloak/*
                    '';
                };
                services.keycloak = {
@@ -29,10 +48,6 @@
                    settings = {
                        hostname = "auth.blunkall.us";
                        http-enabled = true;
                    };
                };