ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-20 20:20:26 +03:00
Code Issues Projects Releases Wiki Activity

keycloak service: update HTTPS configuration

Browse Source 
Keycloak 16.1.0 uses different way to configure HTTPS.
This requires us to order commands correctly, otherwise linked
objects will fail.
This commit is contained in:
Nikolay Amiantov 2022-01-10 00:43:45 +03:00
parent 3c7e78cc6a
commit 827267a27f
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/services/web-apps/keycloak.nix
View File

@ -348,11 +348,23 @@ in
})
(lib.optionalAttrs (cfg.sslCertificate != null && cfg.sslCertificateKey != null) {
"socket-binding-group=standard-sockets"."socket-binding=https".port = cfg.httpsPort;
"core-service=management"."security-realm=UndertowRealm"."server-identity=ssl" = {
keystore-path = "/run/keycloak/ssl/certificate_private_key_bundle.p12";
keystore-password = "notsosecretpassword";
"subsystem=elytron" = lib.mkOrder 900 {
"key-store=httpsKS" = lib.mkOrder 900 {
path = "/run/keycloak/ssl/certificate_private_key_bundle.p12";
credential-reference.clear-text = "notsosecretpassword";
type = "JKS";
};
"key-manager=httpsKM" = lib.mkOrder 901 {
key-store = "httpsKS";
credential-reference.clear-text = "notsosecretpassword";
};
"server-ssl-context=httpsSSC" = lib.mkOrder 902 {
key-manager = "httpsKM";
};
};
"subsystem=undertow" = lib.mkOrder 901 {
"server=default-server"."https-listener=https".ssl-context = "httpsSSC";
};
"subsystem=undertow"."server=default-server"."https-listener=https".security-realm = "UndertowRealm";
})
cfg.extraConfig
];