diff options
author | Maciej Krüger <mkg20001@gmail.com> | 2021-10-03 20:26:29 +0200 |
---|---|---|
committer | Maciej Krüger <mkg20001@gmail.com> | 2021-12-13 17:49:58 +0100 |
commit | 891f2053a019c5fa834988e59c9639b4b47545c5 (patch) | |
tree | 6f6faabc944682216a88abeca439dc80c49215d7 /nixos | |
parent | 74801dd0ea01ba714071cc80922a379c0019262b (diff) | |
download | nixlib-891f2053a019c5fa834988e59c9639b4b47545c5.tar nixlib-891f2053a019c5fa834988e59c9639b4b47545c5.tar.gz nixlib-891f2053a019c5fa834988e59c9639b4b47545c5.tar.bz2 nixlib-891f2053a019c5fa834988e59c9639b4b47545c5.tar.lz nixlib-891f2053a019c5fa834988e59c9639b4b47545c5.tar.xz nixlib-891f2053a019c5fa834988e59c9639b4b47545c5.tar.zst nixlib-891f2053a019c5fa834988e59c9639b4b47545c5.zip |
nixos/keycloak: add plugins option
Co-authored-by: Kim Lindberger <kim.lindberger@gmail.com>
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-apps/keycloak.nix | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index df8c7114102f..699c88bc2395 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -216,6 +216,14 @@ in ''; }; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.path; + default = []; + description = '' + Keycloak plugin jar, ear files or derivations with them + ''; + }; + initialAdminPassword = lib.mkOption { type = lib.types.str; default = "changeme"; @@ -675,8 +683,18 @@ in umask u=rwx,g=,o= + install_plugin() { + if [ -d "$1" ]; then + find "$1" -type f \( -iname \*.ear -o -iname \*.jar \) -exec install -m 0500 -o keycloak -g keycloak "{}" "/run/keycloak/deployments/" \; + else + install -m 0500 -o keycloak -g keycloak "$1" "/run/keycloak/deployments/" + fi + } + install -T -m 0400 -o keycloak -g keycloak '${cfg.database.passwordFile}' /run/keycloak/secrets/db_password - '' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' + '' + lib.optionalString (cfg.plugins != []) (lib.concatStringsSep "\n" (map (pl: "install_plugin ${lib.escapeShellArg pl}") cfg.plugins)) + + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' + install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificate}' /run/keycloak/secrets/ssl_cert install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificateKey}' /run/keycloak/secrets/ssl_key ''; |