diff options
author | Vincent Ambo <mail@tazj.in> | 2021-12-25T14·06+0300 |
---|---|---|
committer | clbot <clbot@tvl.fyi> | 2021-12-25T21·11+0000 |
commit | d8a1802b3ed804fb26c50a6f23036aede1ac1182 (patch) | |
tree | 0998d2f973e81841c0034c3dd657c3062215b14d /ops/modules/www/auth.tvl.fyi.nix | |
parent | 1ee31d67fcf6e30e182229ceb9377c647395bfd1 (diff) |
feat(whitby): Configure initial Keycloak setup r/3401
Trialing this as an alternative to CAS that is a little easier to configure and can help us delegate authentication to other OIDC services. Change-Id: Iad63724d349334910af8fed0b148e4ba428f796b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4608 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
Diffstat (limited to 'ops/modules/www/auth.tvl.fyi.nix')
-rw-r--r-- | ops/modules/www/auth.tvl.fyi.nix | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/ops/modules/www/auth.tvl.fyi.nix b/ops/modules/www/auth.tvl.fyi.nix new file mode 100644 index 000000000000..e0c031bf700c --- /dev/null +++ b/ops/modules/www/auth.tvl.fyi.nix @@ -0,0 +1,24 @@ +{ config, ... }: + +{ + imports = [ + ./base.nix + ]; + + config = { + services.nginx.virtualHosts."auth.tvl.fyi" = { + serverName = "auth.tvl.fyi"; + enableACME = true; + forceSSL = true; + + extraConfig = '' + location / { + proxy_pass http://localhost:${config.services.keycloak.httpPort}; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $host; + } + ''; + }; + }; +} |