feat(cloud): a lot of shitty stuff

2025-09-16 15:01:48 +02:00
parent eb76e0242d
commit 73960162b0
14 changed files with 333 additions and 151 deletions
--- a/modules/server/keycloak/default.nix
+++ b/modules/server/keycloak/default.nix
@@ -0,0 +1,100 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  unit = "keycloak";
+  cfg = config.server.${unit};
+  srv = config.server;
+in {
+  options.server.${unit} = {
+    enable = lib.mkEnableOption {
+      description = "Enable ${unit}";
+    };
+    url = lib.mkOption {
+      type = lib.types.str;
+      default = "login.${srv.domain}";
+    };
+    homepage.name = lib.mkOption {
+      type = lib.types.str;
+      default = "Keycloak";
+    };
+    homepage.description = lib.mkOption {
+      type = lib.types.str;
+      default = "Open Source Identity and Access Management";
+    };
+    homepage.icon = lib.mkOption {
+      type = lib.types.str;
+      default = "keycloak.svg";
+    };
+    homepage.category = lib.mkOption {
+      type = lib.types.str;
+      default = "Services";
+    };
+    dbPasswordFile = lib.mkOption {
+      type = lib.types.path;
+    };
+    cloudflared = {
+      credentialsFile = lib.mkOption {
+        type = lib.types.str;
+        example = lib.literalExpression ''
+          pkgs.writeText "cloudflare-credentials.json" '''
+          {"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
+          '''
+        '';
+      };
+      tunnelId = lib.mkOption {
+        type = lib.types.str;
+        example = "00000000-0000-0000-0000-000000000000";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    server.postgresql.databases = [
+      {
+        database = "keycloak";
+      }
+    ];
+    services.cloudflared = {
+      enable = true;
+      tunnels.${cfg.cloudflared.tunnelId} = {
+        credentialsFile = cfg.cloudflared.credentialsFile;
+        default = "http_status:404";
+        ingress."${cfg.url}".service = "http://127.0.0.1:${
+          toString config.services.${unit}.settings.http-port
+        }";
+      };
+    };
+
+    environment.systemPackages = [
+      pkgs.keycloak
+    ];
+
+    services.${unit} = {
+      enable = true;
+      initialAdminPassword = "pwpwpw";
+      database = {
+        type = "postgresql";
+        host = "127.0.0.1";
+        port = 5432;
+        name = "keycloak";
+        username = "keycloak";
+        passwordFile = cfg.dbPasswordFile;
+        useSSL = false;
+      };
+      settings = {
+        spi-theme-static-max-age = "-1";
+        spi-theme-cache-themes = false;
+        spi-theme-cache-templates = false;
+        http-port = 8821;
+        hostname = cfg.url;
+        hostname-strict = false;
+        hostname-strict-https = false;
+        proxy-headers = "xforwarded";
+        http-enabled = true;
+      };
+    };
+  };
+}