add more keycloak options and add config creator
This commit is contained in:
parent
eec5b5c24e
commit
99139a774c
3 changed files with 97 additions and 4 deletions
|
@ -5,11 +5,21 @@
|
|||
}:
|
||||
{ configDir ? "/etc/keycloak-cli-config"
|
||||
, configFile ? "config.json"
|
||||
, config ? {}
|
||||
, realm
|
||||
, domain
|
||||
, roles ? {}
|
||||
, clients ? {}
|
||||
, users ? {}
|
||||
}:
|
||||
|
||||
let
|
||||
configcreator = pkgs.callPackage ./configcreator.nix {};
|
||||
in
|
||||
|
||||
utils.mkConfigFile {
|
||||
name = configFile;
|
||||
dir = configDir;
|
||||
content = builtins.toJSON config;
|
||||
content = builtins.toJSON (configcreator {
|
||||
inherit realm domain roles clients users;
|
||||
});
|
||||
}
|
||||
|
|
79
keycloak-cli-config/configcreator.nix
Normal file
79
keycloak-cli-config/configcreator.nix
Normal file
|
@ -0,0 +1,79 @@
|
|||
{ stdenv
|
||||
, pkgs
|
||||
, lib
|
||||
}:
|
||||
{ realm
|
||||
, domain
|
||||
, roles ? {}
|
||||
, clients ? {}
|
||||
, users ? {}
|
||||
}:
|
||||
|
||||
with builtins;
|
||||
with (pkgs.lib.attrsets);
|
||||
let
|
||||
mkRole = k: v:
|
||||
let
|
||||
iscomposite = (length v) > 0;
|
||||
in {
|
||||
name = k;
|
||||
composite = if iscomposite then "true" else "false";
|
||||
} // optionalAttrs iscomposite {
|
||||
composites = {
|
||||
realm = v;
|
||||
};
|
||||
};
|
||||
|
||||
mkClientRole =
|
||||
let
|
||||
roles = config:
|
||||
if (hasAttr "roles" config)
|
||||
then config.roles
|
||||
else [];
|
||||
|
||||
c = v:
|
||||
{
|
||||
name = v;
|
||||
clientRole = "true";
|
||||
};
|
||||
in k: config: map c (roles config);
|
||||
|
||||
mkClient = k: config:
|
||||
let
|
||||
url = "https://${k}.${domain}";
|
||||
in
|
||||
{
|
||||
clientId = k;
|
||||
rootUrl = url;
|
||||
clientAuthenticatorType = "client-secret";
|
||||
redirectUris = ["${url}/*"];
|
||||
webOrigins = [url];
|
||||
authorizationServicesEnabled = "true";
|
||||
serviceAccountsEnabled = "true";
|
||||
protocol = "openid-connect";
|
||||
publicClient = "false";
|
||||
};
|
||||
|
||||
mkUser = k: config:
|
||||
{
|
||||
username = k;
|
||||
enabled = "true";
|
||||
|
||||
inherit (config) email firstName lastName realmRoles;
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
inherit realm;
|
||||
id = realm;
|
||||
enabled = "true";
|
||||
|
||||
clients = mapAttrsToList mkClient clients;
|
||||
|
||||
roles = {
|
||||
realm = mapAttrsToList mkRole roles;
|
||||
client = mapAttrs mkClientRole clients;
|
||||
};
|
||||
|
||||
users = mapAttrsToList mkUser users;
|
||||
}
|
|
@ -3,7 +3,11 @@
|
|||
{ name
|
||||
, configDir ? "/etc/keycloak-cli-config"
|
||||
, configFile ? "config.json"
|
||||
, config ? ""
|
||||
, realm
|
||||
, domain
|
||||
, roles ? {}
|
||||
, clients ? {}
|
||||
, users ? {}
|
||||
}:
|
||||
|
||||
{
|
||||
|
@ -12,7 +16,7 @@
|
|||
pkg = KeycloakCliConfig {
|
||||
inherit configDir configFile;
|
||||
|
||||
inherit config;
|
||||
inherit realm domain roles clients users;
|
||||
};
|
||||
|
||||
type = "fileset";
|
||||
|
|
Loading…
Reference in a new issue