hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

merge config with unit for keycloak-cli-config

Browse source
This commit is contained in:
ibizaman 2023-01-14 20:53:59 -08:00
parent 61bad67112
commit f7a9e97a13
5 changed files with 51 additions and 129 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
all-packages.nix
View file

@ -19,10 +19,7 @@ let
CaddySiteConfig = callPackage ./caddy/siteconfig.nix {inherit utils;};
mkCaddySiteConfig = callPackage ./caddy/mksiteconfig.nix {inherit CaddySiteConfig;};
NginxService = callPackage ./nginx/unit.nix {inherit utils;};
mkNginxService = callPackage ./nginx/mkunit.nix {inherit NginxService;};
NginxSiteConfig = callPackage ./nginx/siteconfig.nix {inherit utils;};
mkNginxSiteConfig = callPackage ./nginx/mksiteconfig.nix {inherit NginxSiteConfig;};
mkNginxService = callPackage ./nginx/unit.nix {inherit utils;};
PHPConfig = callPackage ./php/config.nix {inherit utils;};
mkPHPSiteConfig = callPackage ./php/siteconfig.nix {inherit PHPConfig;};
@ -38,10 +35,7 @@ let
mkKeycloakHaproxyService = callPackage ./keycloak-haproxy/unit.nix {inherit utils;};
KeycloakCliConfig = callPackage ./keycloak-cli-config/config.nix {inherit utils;};
mkKeycloakCliConfig = callPackage ./keycloak-cli-config/mkconfig.nix {inherit KeycloakCliConfig;};
KeycloakCliService = callPackage ./keycloak-cli-config/unit.nix {inherit utils;};
mkKeycloakCliService = callPackage ./keycloak-cli-config/mkunit.nix {inherit KeycloakCliService;};
mkKeycloakCliService = callPackage ./keycloak-cli-config/unit.nix {inherit utils;};
TtrssEnvironment = callPackage ./ttrss/environment.nix {};
TtrssConfig = callPackage ./ttrss/config.nix {};

25
keycloak-cli-config/config.nix
View file

@ -1,25 +0,0 @@
{ stdenv
, pkgs
, lib
, utils
}:
{ configDir ? "/etc/keycloak-cli-config"
, configFile ? "config.json"
, realm
, domain
, roles ? {}
, clients ? {}
, users ? {}
}:
let
configcreator = pkgs.callPackage ./configcreator.nix {};
in
utils.mkConfigFile {
name = configFile;
dir = configDir;
content = builtins.toJSON (configcreator {
inherit realm domain roles clients users;
});
}

24
keycloak-cli-config/mkconfig.nix
View file

@ -1,24 +0,0 @@
{ KeycloakCliConfig
}:
{ name
, configDir ? "/etc/keycloak-cli-config"
, configFile ? "config.json"
, realm
, domain
, roles ? {}
, clients ? {}
, users ? {}
}:
{
inherit name configDir configFile;
pkg = KeycloakCliConfig {
inherit configDir configFile;
inherit realm domain roles clients users;
};
type = "fileset";
}

31
keycloak-cli-config/mkunit.nix
View file

@ -1,31 +0,0 @@
{ KeycloakCliService
}:
{ name
, configDir
, configFile
, keycloakServiceName
, keycloakSecretsDir
, keycloakAvailabilityTimeout ? "120s"
, keycloakUrl
, keycloakUser
, keys
, dependsOn ? {}
}:
{
inherit name configDir configFile;
pkg = KeycloakCliService {
inherit configDir configFile;
inherit keycloakServiceName;
inherit keycloakSecretsDir
keycloakAvailabilityTimeout
keycloakUrl keycloakUser
keys;
};
inherit dependsOn;
type = "systemd-unit";
}

90
keycloak-cli-config/unit.nix
View file

@ -3,8 +3,9 @@
, lib
, utils
}:
{ configDir ? "/etc/keycloak-cli-config"
, configFile ? null
{ name
, config
, keycloakServiceName
, keycloakSecretsDir
@ -13,8 +14,8 @@
, keycloakUser
, keys
, debug ? false
}:
{ ...
, dependsOn ? {}
}:
# https://github.com/adorsys/keycloak-config-cli
@ -22,9 +23,9 @@
# Password must be given through a file name "keycloak.password" under keycloakSecretsDir.
let
configcreator = pkgs.callPackage ./configcreator.nix {};
configFileLocation =
configDir + (if configFile != null then "/" + configFile else "");
configfile = pkgs.writeText "keycloakcliconfig.json" (builtins.toJSON (configcreator config));
envs = lib.concatMapStrings (x: "\nEnvironment=" + x) ([
"SPRING_CONFIG_IMPORT=configtree:${keycloakSecretsDir}/"
@ -33,7 +34,7 @@ let
"KEYCLOAK_AVAILABILITYCHECK_ENABLED=true"
"KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=${keycloakAvailabilityTimeout}"
"IMPORT_VARSUBSTITUTION_ENABLED=true"
"IMPORT_FILES_LOCATIONS=${configFileLocation}"
"IMPORT_FILES_LOCATIONS=${configfile}"
] ++ (if !debug then [] else [
"DEBUG=true"
"LOGGING_LEVEL_ROOT=debug"
@ -64,43 +65,50 @@ let
in
utils.systemd.mkService rec {
name = "keycloak-cli-config";
{
inherit name;
content = ''
[Unit]
Description=Keycloak Realm Config
After=${keycloakServiceName}
Wants=${keycloakServiceName}
After=${utils.keyServiceDependencies keys}
Wants=${utils.keyServiceDependencies keys}
pkg = {...}: utils.systemd.mkService rec {
name = "keycloak-cli-config";
[Service]
User=keycloakcli
Group=keycloakcli
content = ''
[Unit]
Description=Keycloak Realm Config
After=${keycloakServiceName}
Wants=${keycloakServiceName}
After=${utils.keyServiceDependencies keys}
Wants=${utils.keyServiceDependencies keys}
${utils.keyEnvironmentFile keys.userpasswords}
Type=oneshot${envs}
ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar
[Service]
User=keycloakcli
Group=keycloakcli
RuntimeDirectory=keycloak-cli-config
${utils.keyEnvironmentFile keys.userpasswords}
Type=oneshot${envs}
ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar
PrivateDevices=true
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
'';
RuntimeDirectory=keycloak-cli-config
PrivateDevices=true
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
'';
};
inherit dependsOn;
type = "systemd-unit";
}