diff options
Diffstat (limited to 'config/keycloak.nix')
-rw-r--r-- | config/keycloak.nix | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/config/keycloak.nix b/config/keycloak.nix new file mode 100644 index 0000000..7327bfb --- /dev/null +++ b/config/keycloak.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.keycloak; + + defaultConfig = "${pkgs.keycloak}/standalone/configuration"; + + keycloakConfig = pkgs.runCommand "keycloak-config" {} '' + mkdir $out + cp ${defaultConfig}/application-roles.properties $out/ + cp ${defaultConfig}/application-users.properties $out/ + cp ${defaultConfig}/mgmt-groups.properties $out/ + cp ${defaultConfig}/mgmt-users.properties $out/ + cp ${defaultConfig}/standalone.xml $out/ + { + grep -v FILE ${defaultConfig}/logging.properties + echo "logger.handlers=CONSOLE" + echo "handler.CONSOLE.level=ALL" + } > $out/logging.properties + ''; + +in { + options = { + services.keycloak = { + enable = mkEnableOption "Keycloak Identity and Access Management Server"; + }; + }; + + config = mkIf cfg.enable { + systemd.services.keycloak = { + description = "Keycloak Identity and Access Management Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + preStart = '' + mkdir -p /var/lib/keycloak/logs + mkdir -p /var/lib/keycloak/config + cp ${keycloakConfig}/*.properties /var/lib/keycloak/config + ''; + serviceConfig = { + ExecStart = "${pkgs.keycloak}/bin/standalone.sh -Djboss.server.base.dir=/var/lib/keycloak -Djboss.server.config.dir=/var/lib/keycloak/config --read-only-server-config=${keycloakConfig}/standalone.xml"; + }; + }; + }; +} + + |