nix-infra/config/hosts/keycloak/keycloak.nix

{ ... }:
{
  services.keycloak = {
    enable = true;
    settings = {
      hostname = "https://id.nekover.se";
      hostname-admin = "https://keycloak-admin.nekover.se";
      proxy-headers = "xforwarded";
      http-enabled = true;
      http-host = "127.0.0.1";
      http-port = 8080;
    };
    database.passwordFile = "/secrets/keycloak-database-password.secret";
  };
}