From 14e8ab7b37915207b8af530cb384d96a6110635b Mon Sep 17 00:00:00 2001 From: ibizaman Date: Wed, 19 Oct 2022 00:29:14 -0700 Subject: [PATCH] add initial password to keycloak users --- keycloak-cli-config/configcreator.nix | 8 ++++++++ keycloak-cli-config/unit.nix | 7 ++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/keycloak-cli-config/configcreator.nix b/keycloak-cli-config/configcreator.nix index 89da343..f8e95ff 100644 --- a/keycloak-cli-config/configcreator.nix +++ b/keycloak-cli-config/configcreator.nix @@ -60,6 +60,14 @@ let enabled = "true"; inherit (config) email firstName lastName realmRoles; + } // optionalAttrs (hasAttr "initialPassword" config && config.initialPassword) { + credentials = [ + { + type = "password"; + userLabel = "initial"; + value = "$(keycloak.users.${k}.password)"; + } + ]; }; in diff --git a/keycloak-cli-config/unit.nix b/keycloak-cli-config/unit.nix index dfa6080..4eb1ecd 100644 --- a/keycloak-cli-config/unit.nix +++ b/keycloak-cli-config/unit.nix @@ -30,6 +30,7 @@ let "KEYCLOAK_USER=${keycloakUser}" "KEYCLOAK_AVAILABILITYCHECK_ENABLED=true" "KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=${keycloakAvailabilityTimeout}" + "IMPORT_VARSUBSTITUTION_ENABLED=true" "IMPORT_FILES_LOCATIONS=${configFileLocation}" ] ++ (if !debug then [] else [ "DEBUG=true" @@ -39,6 +40,10 @@ let "LOGGING_LEVEL_KEYCLOAKCONFIGCLI=debug" ])); + envfiles = lib.concatMapStrings (x: "\nEnvironmentFile=" + x) ([ + "/run/keys/keycloakusers" + ]); + keycloak-cli-config = pkgs.stdenv.mkDerivation rec { pname = "keycloak-cli-config"; version = "5.3.1"; @@ -74,7 +79,7 @@ utils.systemd.mkService rec { User=keycloakcli Group=keycloakcli - Type=oneshot${envs} + Type=oneshot${envs}${envfiles} ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar RuntimeDirectory=keycloak-cli-config