move keycloak and forgejo on rivendell

I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak.
author: Franck Cuny <franck@fcuny.net> 2025-10-18 14:46:47 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-10-18 14:46:47 -0700
commit: d09952fcd5ae3b73ea91f0f308527f70c0dc5c21 (patch)
tree: 08a570d4da8fd6c15285b461d3df6b283c477226 /profiles/keycloak.nix
parent: configure wireguard for rivendell (diff)
download: infra-d09952fcd5ae3b73ea91f0f308527f70c0dc5c21.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/profiles/keycloak.nix b/profiles/keycloak.nix
new file mode 100644
index 0000000..7aac133
--- /dev/null
+++ b/profiles/keycloak.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+{
+  age.secrets.keycloak-db-password = {
+    file = ../secrets/keycloak-db-password.age;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8080 ];
+
+  services.keycloak = {
+    enable = true;
+    database.passwordFile = config.age.secrets.keycloak-db-password.path;
+    settings = {
+      hostname = "id.fcuny.net";
+      http-port = 8080;
+      proxy-headers = "xforwarded";
+      http-enabled = true;
+    };
+  };
+}
author	Franck Cuny <franck@fcuny.net>	2025-10-18 14:46:47 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-10-18 14:46:47 -0700
commit	d09952fcd5ae3b73ea91f0f308527f70c0dc5c21 (patch)
tree	08a570d4da8fd6c15285b461d3df6b283c477226 /profiles/keycloak.nix
parent	configure wireguard for rivendell (diff)
download	infra-d09952fcd5ae3b73ea91f0f308527f70c0dc5c21.tar.gz