yeet authentik, add keycloak and radicale

2025-01-14 21:24:05 +00:00 · 2025-01-14 21:24:05 +00:00 · 5c3f0886e5
commit 5c3f0886e5
parent 2f2318aaaa
15 changed files with 263 additions and 366 deletions
--- a/hosts/cloud/proxy/auth.nix
+++ b/hosts/cloud/proxy/auth.nix
@ -0,0 +1,24 @@
+{ ... }:
+{
+  services.nginx.upstreams.keycloak = {
+    servers = {
+      "10.89.88.11:38080" = {};
+      "[fd31:185d:722f::11]:38080" = {};
+    };
+  };
+
+  services.nginx.virtualHosts."auth.oxapentane.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://keycloak";
+      extraConfig = ''
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port 433;
+      '';
+    };
+  };
+}