add more keycloak options and add config creator

2022-10-17 20:01:36 -07:00 · 2022-10-17 20:01:36 -07:00 · 99139a774c
commit 99139a774c
parent eec5b5c24e
3 changed files with 97 additions and 4 deletions
--- a/keycloak-cli-config/config.nix
+++ b/keycloak-cli-config/config.nix
@ -5,11 +5,21 @@
 }:
 { configDir ? "/etc/keycloak-cli-config"
 , configFile ? "config.json"
-, config ? {}
+, realm
 , domain
 , roles ? {}
 , clients ? {}
 , users ? {}
 }:
 let
  configcreator = pkgs.callPackage ./configcreator.nix {};
 in
 utils.mkConfigFile {
  name = configFile;
  dir = configDir;
-  content = builtins.toJSON config;
+  content = builtins.toJSON (configcreator {
    inherit realm domain roles clients users;
  });
 }
--- a/keycloak-cli-config/configcreator.nix
+++ b/keycloak-cli-config/configcreator.nix
@ -0,0 +1,79 @@
 { stdenv
 , pkgs
 , lib
 }:
 { realm
 , domain
 , roles ? {}
 , clients ? {}
 , users ? {}
 }:
 with builtins;
 with (pkgs.lib.attrsets);
 let
  mkRole = k: v:
    let
      iscomposite = (length v) > 0;
    in {
      name = k;
      composite = if iscomposite then "true" else "false";
    } // optionalAttrs iscomposite {
      composites = {
        realm = v;
      };
    };
  mkClientRole =
    let
      roles = config:
        if (hasAttr "roles" config)
        then config.roles
        else [];
      c = v:
        {
          name = v;
          clientRole = "true";
        };
    in k: config: map c (roles config);
  mkClient = k: config:
    let
      url = "https://${k}.${domain}";
    in
      {
        clientId = k;
        rootUrl = url;
        clientAuthenticatorType = "client-secret";
        redirectUris = ["${url}/*"];
        webOrigins = [url];
        authorizationServicesEnabled = "true";
        serviceAccountsEnabled = "true";
        protocol = "openid-connect";
        publicClient = "false";
      };
  mkUser = k: config:
    {
      username = k;
      enabled = "true";
      inherit (config) email firstName lastName realmRoles;
    };
 in
 {
  inherit realm;
  id = realm;
  enabled = "true";
  clients = mapAttrsToList mkClient clients;
  roles = {
    realm = mapAttrsToList mkRole roles;
    client = mapAttrs mkClientRole clients;
  };
  users = mapAttrsToList mkUser users;
 }
--- a/keycloak-cli-config/mkconfig.nix
+++ b/keycloak-cli-config/mkconfig.nix
@ -3,7 +3,11 @@
 { name
 , configDir ? "/etc/keycloak-cli-config"
 , configFile ? "config.json"
-, config ? ""
+, realm
 , domain
 , roles ? {}
 , clients ? {}
 , users ? {}
 }:
 {
@ -12,7 +16,7 @@
  pkg = KeycloakCliConfig {
    inherit configDir configFile;
-    inherit config;
+    inherit realm domain roles clients users;
  };
  type = "fileset";