From 0a54e1e3e1111d461d45bdc8bf036c3a791c3674 Mon Sep 17 00:00:00 2001 From: Kjetil Orbekk Date: Sun, 23 Sep 2018 20:25:17 -0400 Subject: keycloak --- config/keycloak.nix | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 config/keycloak.nix (limited to 'config/keycloak.nix') diff --git a/config/keycloak.nix b/config/keycloak.nix new file mode 100644 index 0000000..7327bfb --- /dev/null +++ b/config/keycloak.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.keycloak; + + defaultConfig = "${pkgs.keycloak}/standalone/configuration"; + + keycloakConfig = pkgs.runCommand "keycloak-config" {} '' + mkdir $out + cp ${defaultConfig}/application-roles.properties $out/ + cp ${defaultConfig}/application-users.properties $out/ + cp ${defaultConfig}/mgmt-groups.properties $out/ + cp ${defaultConfig}/mgmt-users.properties $out/ + cp ${defaultConfig}/standalone.xml $out/ + { + grep -v FILE ${defaultConfig}/logging.properties + echo "logger.handlers=CONSOLE" + echo "handler.CONSOLE.level=ALL" + } > $out/logging.properties + ''; + +in { + options = { + services.keycloak = { + enable = mkEnableOption "Keycloak Identity and Access Management Server"; + }; + }; + + config = mkIf cfg.enable { + systemd.services.keycloak = { + description = "Keycloak Identity and Access Management Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + preStart = '' + mkdir -p /var/lib/keycloak/logs + mkdir -p /var/lib/keycloak/config + cp ${keycloakConfig}/*.properties /var/lib/keycloak/config + ''; + serviceConfig = { + ExecStart = "${pkgs.keycloak}/bin/standalone.sh -Djboss.server.base.dir=/var/lib/keycloak -Djboss.server.config.dir=/var/lib/keycloak/config --read-only-server-config=${keycloakConfig}/standalone.xml"; + }; + }; + }; +} + + -- cgit v1.2.3