cluster/services/sso: use patroni incandescence

This commit is contained in:
Max Headroom 2024-08-28 17:01:41 +02:00
parent 272b4ddd01
commit aa46d46d9d
3 changed files with 14 additions and 8 deletions

View file

@ -1,4 +1,4 @@
{ depot, ... }: { config, depot, ... }:
{ {
services.sso = { services.sso = {
@ -18,4 +18,12 @@
login.target = ssoAddr; login.target = ssoAddr;
account.target = ssoAddr; account.target = ssoAddr;
}; };
patroni = config.lib.forService "sso" {
databases.keycloak = {};
users.keycloak.locksmith = {
nodes = config.services.sso.nodes.host;
format = "raw";
};
};
} }

View file

@ -8,12 +8,10 @@ in
{ {
links.keycloak.protocol = "http"; links.keycloak.protocol = "http";
age.secrets.keycloak-dbpass = { services.locksmith.waitForSecrets.keycloak = [
file = ../../../secrets/keycloak-dbpass.age; "patroni-keycloak"
owner = "root"; ];
group = "root";
mode = "0400";
};
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"${login}" = lib.recursiveUpdate (vhosts.proxy kc.url) { "${login}" = lib.recursiveUpdate (vhosts.proxy kc.url) {
locations = { locations = {
@ -36,7 +34,7 @@ in
host = patroni.ipv4; host = patroni.ipv4;
inherit (patroni) port; inherit (patroni) port;
useSSL = false; useSSL = false;
passwordFile = config.age.secrets.keycloak-dbpass.path; passwordFile = "/run/locksmith/patroni-keycloak";
}; };
settings = { settings = {
http-host = kc.ipv4; http-host = kc.ipv4;

Binary file not shown.