From 60546992b20a8eaf58ad87f152ed28073aae0620 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Fri, 28 Oct 2022 15:24:23 +0200
Subject: [PATCH] keycloak: Only expose recommended endpoints. Redirect main
 page to account page.

---
 hosts/architect/keycloak.nix | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/hosts/architect/keycloak.nix b/hosts/architect/keycloak.nix
index 563c683..4dc6b81 100644
--- a/hosts/architect/keycloak.nix
+++ b/hosts/architect/keycloak.nix
@@ -33,10 +33,34 @@ in {
     nginx.virtualHosts.${domain} = {
       forceSSL = true;
       enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:${
-            toString config.services.keycloak.settings.http-port
-          }";
+
+      locations = {
+        "/" = { return = "301 https://${domain}/realms/master/account"; };
+        
+        "/js" = {
+          proxyPass = "http://localhost:${
+              toString config.services.keycloak.settings.http-port
+            }";
+        };
+
+        "/realms" = {
+          proxyPass = "http://localhost:${
+              toString config.services.keycloak.settings.http-port
+            }";
+        };
+
+        "/resources" = {
+          proxyPass = "http://localhost:${
+              toString config.services.keycloak.settings.http-port
+            }";
+        };
+
+        "/robots.txt" = {
+          proxyPass = "http://localhost:${
+              toString config.services.keycloak.settings.http-port
+            }";
+        };
+
       };
     };
   };