add keycloak for OAuth, runbooks, and finish forgejo setup

author: Franck Cuny <franck@fcuny.net> 2025-08-14 10:18:27 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-08-14 10:18:27 -0700
commit: 1ccee14d3cfd66d8bd17270118f55662bb42d91d (patch)
tree: ff32b89c292c65b2d2f1d561b4b7c00abd33c206 /machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix
parent: initial setup for forgejo and caddy (diff)
download: infra-1ccee14d3cfd66d8bd17270118f55662bb42d91d.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix
new file mode 100644
index 0000000..fc1fe2d
--- /dev/null
+++ b/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix
@@ -0,0 +1,18 @@
+{ config, self, ... }:
+{
+  age.secrets.keycloak-db-password = {
+    file = "${self}/secrets/keycloak-db-password.age";
+  };
+
+  services.keycloak = {
+    enable = true;
+    database.passwordFile = config.age.secrets.keycloak-db-password.path;
+    settings = {
+      hostname = "id.fcuny.net";
+      http-host = "10.100.0.40";
+      http-port = 8080;
+      proxy-headers = "xforwarded";
+      http-enabled = true;
+    };
+  };
+}
author	Franck Cuny <franck@fcuny.net>	2025-08-14 10:18:27 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-08-14 10:18:27 -0700
commit	1ccee14d3cfd66d8bd17270118f55662bb42d91d (patch)
tree	ff32b89c292c65b2d2f1d561b4b7c00abd33c206 /machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix
parent	initial setup for forgejo and caddy (diff)
download	infra-1ccee14d3cfd66d8bd17270118f55662bb42d91d.tar.gz