diff options
author | talyz <kim.lindberger@gmail.com> | 2021-05-14 14:34:22 +0200 |
---|---|---|
committer | talyz <kim.lindberger@gmail.com> | 2021-05-21 13:09:38 +0200 |
commit | ba00b0946ea624860032d836d1a3105e365cd84e (patch) | |
tree | 2d57dc683d7b28e0d505fd045ef721479ce622f2 /nixos/modules/services/web-apps/keycloak.xml | |
parent | dbf91bc2f12e80dd1933261e049b801d1a626a4e (diff) | |
download | nixpkgs-ba00b0946ea624860032d836d1a3105e365cd84e.tar nixpkgs-ba00b0946ea624860032d836d1a3105e365cd84e.tar.gz nixpkgs-ba00b0946ea624860032d836d1a3105e365cd84e.tar.bz2 nixpkgs-ba00b0946ea624860032d836d1a3105e365cd84e.tar.lz nixpkgs-ba00b0946ea624860032d836d1a3105e365cd84e.tar.xz nixpkgs-ba00b0946ea624860032d836d1a3105e365cd84e.tar.zst nixpkgs-ba00b0946ea624860032d836d1a3105e365cd84e.zip |
nixos/keycloak: Split certificatePrivateKeyBundle into two options
Instead of requiring the user to bundle the certificate and private key into a single file, provide separate options for them. This is more in line with most other modules.
Diffstat (limited to 'nixos/modules/services/web-apps/keycloak.xml')
-rw-r--r-- | nixos/modules/services/web-apps/keycloak.xml | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml index b622735ca10..7ba656c20f1 100644 --- a/nixos/modules/services/web-apps/keycloak.xml +++ b/nixos/modules/services/web-apps/keycloak.xml @@ -115,17 +115,17 @@ </para> <para> - For HTTPS support, a TLS certificate and private key is - required. They should be <link + HTTPS support requires a TLS/SSL certificate and a private key, + both <link xlink:href="https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail">PEM - formatted</link> and concatenated into a single file. The path - to this file should be configured in - <xref linkend="opt-services.keycloak.certificatePrivateKeyBundle" />. + formatted</link>. Their paths should be set through <xref + linkend="opt-services.keycloak.sslCertificate" /> and <xref + linkend="opt-services.keycloak.sslCertificateKey" />. </para> <warning> <para> - The path should be provided as a string, not a Nix path, + The paths should be provided as a strings, not a Nix paths, since Nix paths are copied into the world readable Nix store. </para> </warning> @@ -195,7 +195,8 @@ services.keycloak = { <link linkend="opt-services.keycloak.initialAdminPassword">initialAdminPassword</link> = "e6Wcm0RrtegMEHl"; # change on first login <link linkend="opt-services.keycloak.frontendUrl">frontendUrl</link> = "https://keycloak.example.com/auth"; <link linkend="opt-services.keycloak.forceBackendUrlToFrontendUrl">forceBackendUrlToFrontendUrl</link> = true; - <link linkend="opt-services.keycloak.certificatePrivateKeyBundle">certificatePrivateKeyBundle</link> = "/run/keys/ssl_cert"; + <link linkend="opt-services.keycloak.sslCertificate">sslCertificate</link> = "/run/keys/ssl_cert"; + <link linkend="opt-services.keycloak.sslCertificateKey">sslCertificateKey</link> = "/run/keys/ssl_key"; <link linkend="opt-services.keycloak.database.passwordFile">database.passwordFile</link> = "/run/keys/db_password"; }; </programlisting> |