From 9da50149b1099016e5bed247ede7845506c0ec2e Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Tue, 14 Oct 2025 22:09:56 -0400
Subject: [PATCH] testing keycloak

---
 justfile                                   |  3 +++
 modules/services/auth-provider/default.nix | 11 +++++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/justfile b/justfile
index 5d0135b..a640034 100644
--- a/justfile
+++ b/justfile
@@ -12,6 +12,9 @@ build:
 [confirm('Rebuild the system?')]
 rebuild:
   sudo nixos-rebuild switch --flake .
+# For hacking on modules
+rebuild-fast:
+  sudo nixos-rebuild switch --fast --flake .
 # Update all flake inputs
 update:
   nix flake update --commit-lock-file
diff --git a/modules/services/auth-provider/default.nix b/modules/services/auth-provider/default.nix
index 1776fc5..e370ded 100644
--- a/modules/services/auth-provider/default.nix
+++ b/modules/services/auth-provider/default.nix
@@ -1,15 +1,18 @@
-{pkgs, ...}: {
-  environment.etc."testing-keycloak-pass".text = "PWD";
+{config, ...}: {
   services.caddy = {
     enable = true;
     virtualHosts."auth.wanderingcrow.net".extraConfig = ''
       reverse_proxy http://localhost:5555
     '';
   };
+
+  sops.secrets."keycloak/database/pass" = {};
+
   services.keycloak = {
     enable = true;
+    initialAdminPassword = "changeme";
     settings = {
-      hostname = "localhost";
+      hostname = "https://auth.wanderingcrow.net";
       http-port = 5555;
       https-port = 9443;
       http-enabled = true;
@@ -18,7 +21,7 @@
     database = {
       type = "postgresql";
       createLocally = true;
-      passwordFile = "/etc/testing-keycloak-pass";
+      passwordFile = config.sops.secrets."keycloak/database/pass".path;
     };
   };
 }