keycloak wip

2025-07-24 16:03:43 -05:00
parent 375ee4aa93
commit 48514892af
2 changed files with 20 additions and 5 deletions
--- a/system-config/configuration/homebox/default.nix
+++ b/system-config/configuration/homebox/default.nix
@@ -260,7 +260,7 @@
        virtualization = {
            traefik.enable = true;
            authentik.enable = true;
-            jellyfin.enable = false;
+            jellyfin.enable = true;
            "blunkall.us".enable = true;
            pihole.enable = false; #broken
            nextcloud.enable = true;
--- a/system-config/services/containers/keycloak/default.nix
+++ b/system-config/services/containers/keycloak/default.nix
@@ -14,6 +14,10 @@
            hostAddress = "192.168.100.10";
            localAddress = "192.168.100.22";

+            extraFlags = [
+                "--load-credential=dbpass:${config.sops.secrets."keycloak/dbpass".path}"
+            ];
+
            bindMounts = {
                "/etc/keycloak" = {
                    hostPath = "/ssd1/Keycloak";
@@ -23,16 +27,27 @@

            config = {

+                systemd.services.secrets_setup = {
+                    wantedBy = [ "keycloak.service" ];
+
+                    serviceConfig = {
+                        LoadCredential = [
+                            "dbpass"
+                        ];
+                    };
+
+                    script = ''
+                        cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/keycloak/dbpass
+                        chown keycloak:keycloak /etc/keycloak/*
+                    '';
+                };
+                
                services.keycloak = {
                    
                    enable = true;

                    settings = {
                        hostname = "auth.blunkall.us";
-
-                        http-enabled = true;
-
-                        
                    };
                };