1
0
Fork 0

add initial password to keycloak users

This commit is contained in:
ibizaman 2022-10-19 00:29:14 -07:00
parent 99139a774c
commit 14e8ab7b37
2 changed files with 14 additions and 1 deletions

View file

@ -60,6 +60,14 @@ let
enabled = "true";
inherit (config) email firstName lastName realmRoles;
} // optionalAttrs (hasAttr "initialPassword" config && config.initialPassword) {
credentials = [
{
type = "password";
userLabel = "initial";
value = "$(keycloak.users.${k}.password)";
}
];
};
in

View file

@ -30,6 +30,7 @@ let
"KEYCLOAK_USER=${keycloakUser}"
"KEYCLOAK_AVAILABILITYCHECK_ENABLED=true"
"KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=${keycloakAvailabilityTimeout}"
"IMPORT_VARSUBSTITUTION_ENABLED=true"
"IMPORT_FILES_LOCATIONS=${configFileLocation}"
] ++ (if !debug then [] else [
"DEBUG=true"
@ -39,6 +40,10 @@ let
"LOGGING_LEVEL_KEYCLOAKCONFIGCLI=debug"
]));
envfiles = lib.concatMapStrings (x: "\nEnvironmentFile=" + x) ([
"/run/keys/keycloakusers"
]);
keycloak-cli-config = pkgs.stdenv.mkDerivation rec {
pname = "keycloak-cli-config";
version = "5.3.1";
@ -74,7 +79,7 @@ utils.systemd.mkService rec {
User=keycloakcli
Group=keycloakcli
Type=oneshot${envs}
Type=oneshot${envs}${envfiles}
ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar
RuntimeDirectory=keycloak-cli-config