1
0
Fork 0
selfhostblocks/_disnix/tests/integration/keycloak/network.nix

76 lines
1.9 KiB
Nix

rec {
test1 = { system
, pkgs
, lib
, ... }:
let
domain = "local";
utils = pkgs.lib.callPackageWith pkgs ../../../utils.nix { };
customPkgs = import ../../../all-packages.nix {
inherit system pkgs utils;
};
in
rec {
users.groups = {
keycloak = {
name = "keycloak";
};
};
users.users = {
keycloak = {
name = "keycloak";
group = "keycloak";
isSystemUser = true;
};
};
# Normally, you'd provision the deploy target with secrets.
systemd.tmpfiles.rules = [
# Type Path Mode User Group Age Argument...
''d /run/keys 0755 root root - -''
''f+ /run/keys/keycloackinitialadmin 0755 root root - KEYCLOAK_ADMIN_PASSWORD="KEYCLOAK_ADMIN_PASSWORD"''
];
services = {
openssh = {
enable = true;
};
disnix = {
enable = true;
# useWebServiceInterface = true;
};
postgresql = {
enable = true;
package = pkgs.postgresql_14;
port = 5432;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
};
dysnomia = {
enable = true;
enableLegacyModules = false;
extraContainerProperties = {
system = {
inherit domain;
};
postgresql-database = {
service_name = "postgresql.service";
port = builtins.toString services.postgresql.port;
};
};
};
networking.firewall.allowedTCPPorts = [ services.postgresql.port ];
};
}