d8a1802b3e
Trialing this as an alternative to CAS that is a little easier to configure and can help us delegate authentication to other OIDC services. Change-Id: Iad63724d349334910af8fed0b148e4ba428f796b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4608 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
24 lines
505 B
Nix
24 lines
505 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./base.nix
|
|
];
|
|
|
|
config = {
|
|
services.nginx.virtualHosts."auth.tvl.fyi" = {
|
|
serverName = "auth.tvl.fyi";
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
extraConfig = ''
|
|
location / {
|
|
proxy_pass http://localhost:${config.services.keycloak.httpPort};
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header Host $host;
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
}
|