add initial password to keycloak users
This commit is contained in:
parent
99139a774c
commit
14e8ab7b37
2 changed files with 14 additions and 1 deletions
|
@ -60,6 +60,14 @@ let
|
|||
enabled = "true";
|
||||
|
||||
inherit (config) email firstName lastName realmRoles;
|
||||
} // optionalAttrs (hasAttr "initialPassword" config && config.initialPassword) {
|
||||
credentials = [
|
||||
{
|
||||
type = "password";
|
||||
userLabel = "initial";
|
||||
value = "$(keycloak.users.${k}.password)";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
in
|
||||
|
|
|
@ -30,6 +30,7 @@ let
|
|||
"KEYCLOAK_USER=${keycloakUser}"
|
||||
"KEYCLOAK_AVAILABILITYCHECK_ENABLED=true"
|
||||
"KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=${keycloakAvailabilityTimeout}"
|
||||
"IMPORT_VARSUBSTITUTION_ENABLED=true"
|
||||
"IMPORT_FILES_LOCATIONS=${configFileLocation}"
|
||||
] ++ (if !debug then [] else [
|
||||
"DEBUG=true"
|
||||
|
@ -39,6 +40,10 @@ let
|
|||
"LOGGING_LEVEL_KEYCLOAKCONFIGCLI=debug"
|
||||
]));
|
||||
|
||||
envfiles = lib.concatMapStrings (x: "\nEnvironmentFile=" + x) ([
|
||||
"/run/keys/keycloakusers"
|
||||
]);
|
||||
|
||||
keycloak-cli-config = pkgs.stdenv.mkDerivation rec {
|
||||
pname = "keycloak-cli-config";
|
||||
version = "5.3.1";
|
||||
|
@ -74,7 +79,7 @@ utils.systemd.mkService rec {
|
|||
User=keycloakcli
|
||||
Group=keycloakcli
|
||||
|
||||
Type=oneshot${envs}
|
||||
Type=oneshot${envs}${envfiles}
|
||||
ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar
|
||||
|
||||
RuntimeDirectory=keycloak-cli-config
|
||||
|
|
Loading…
Reference in a new issue