1
0
Fork 0
selfhostblocks/_disnix/tests/integration/keycloak/network.nix

77 lines
1.9 KiB
Nix
Raw Normal View History

2023-02-23 08:04:44 +01:00
rec {
test1 = { system
, pkgs
, lib
, ... }:
let
domain = "local";
utils = pkgs.lib.callPackageWith pkgs ../../../utils.nix { };
2023-03-07 09:21:20 +01:00
customPkgs = import ../../../all-packages.nix {
2023-02-23 08:04:44 +01:00
inherit system pkgs utils;
};
in
rec {
users.groups = {
keycloak = {
name = "keycloak";
};
};
users.users = {
keycloak = {
name = "keycloak";
group = "keycloak";
isSystemUser = true;
};
};
# Normally, you'd provision the deploy target with secrets.
2023-03-15 07:55:17 +01:00
systemd.tmpfiles.rules = [
# Type Path Mode User Group Age Argument...
''d /run/keys 0755 root root - -''
''f+ /run/keys/keycloackinitialadmin 0755 root root - KEYCLOAK_ADMIN_PASSWORD="KEYCLOAK_ADMIN_PASSWORD"''
];
2023-02-23 08:04:44 +01:00
services = {
openssh = {
enable = true;
};
disnix = {
enable = true;
# useWebServiceInterface = true;
};
postgresql = {
enable = true;
package = pkgs.postgresql_14;
port = 5432;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
};
dysnomia = {
enable = true;
enableLegacyModules = false;
extraContainerProperties = {
system = {
inherit domain;
};
postgresql-database = {
service_name = "postgresql.service";
port = builtins.toString services.postgresql.port;
};
};
};
networking.firewall.allowedTCPPorts = [ services.postgresql.port ];
};
}