cluster/services/sso: use patroni incandescence
This commit is contained in:
parent
272b4ddd01
commit
aa46d46d9d
3 changed files with 14 additions and 8 deletions
|
@ -1,4 +1,4 @@
|
||||||
{ depot, ... }:
|
{ config, depot, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.sso = {
|
services.sso = {
|
||||||
|
@ -18,4 +18,12 @@
|
||||||
login.target = ssoAddr;
|
login.target = ssoAddr;
|
||||||
account.target = ssoAddr;
|
account.target = ssoAddr;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
patroni = config.lib.forService "sso" {
|
||||||
|
databases.keycloak = {};
|
||||||
|
users.keycloak.locksmith = {
|
||||||
|
nodes = config.services.sso.nodes.host;
|
||||||
|
format = "raw";
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,12 +8,10 @@ in
|
||||||
{
|
{
|
||||||
links.keycloak.protocol = "http";
|
links.keycloak.protocol = "http";
|
||||||
|
|
||||||
age.secrets.keycloak-dbpass = {
|
services.locksmith.waitForSecrets.keycloak = [
|
||||||
file = ../../../secrets/keycloak-dbpass.age;
|
"patroni-keycloak"
|
||||||
owner = "root";
|
];
|
||||||
group = "root";
|
|
||||||
mode = "0400";
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"${login}" = lib.recursiveUpdate (vhosts.proxy kc.url) {
|
"${login}" = lib.recursiveUpdate (vhosts.proxy kc.url) {
|
||||||
locations = {
|
locations = {
|
||||||
|
@ -36,7 +34,7 @@ in
|
||||||
host = patroni.ipv4;
|
host = patroni.ipv4;
|
||||||
inherit (patroni) port;
|
inherit (patroni) port;
|
||||||
useSSL = false;
|
useSSL = false;
|
||||||
passwordFile = config.age.secrets.keycloak-dbpass.path;
|
passwordFile = "/run/locksmith/patroni-keycloak";
|
||||||
};
|
};
|
||||||
settings = {
|
settings = {
|
||||||
http-host = kc.ipv4;
|
http-host = kc.ipv4;
|
||||||
|
|
Binary file not shown.
Loading…
Reference in a new issue