From f7a9e97a13a0084bd78fb2f2d8496f6717ada56f Mon Sep 17 00:00:00 2001
From: ibizaman <ibizapeanut@gmail.com>
Date: Sat, 14 Jan 2023 20:53:59 -0800
Subject: [PATCH] merge config with unit for keycloak-cli-config

---
 all-packages.nix                 | 10 +---
 keycloak-cli-config/config.nix   | 25 ---------
 keycloak-cli-config/mkconfig.nix | 24 ---------
 keycloak-cli-config/mkunit.nix   | 31 -----------
 keycloak-cli-config/unit.nix     | 90 +++++++++++++++++---------------
 5 files changed, 51 insertions(+), 129 deletions(-)
 delete mode 100644 keycloak-cli-config/config.nix
 delete mode 100644 keycloak-cli-config/mkconfig.nix
 delete mode 100644 keycloak-cli-config/mkunit.nix

diff --git a/all-packages.nix b/all-packages.nix
index 345551a..89a7b39 100644
--- a/all-packages.nix
+++ b/all-packages.nix
@@ -19,10 +19,7 @@ let
     CaddySiteConfig = callPackage ./caddy/siteconfig.nix {inherit utils;};
     mkCaddySiteConfig = callPackage ./caddy/mksiteconfig.nix {inherit CaddySiteConfig;};
 
-    NginxService = callPackage ./nginx/unit.nix {inherit utils;};
-    mkNginxService = callPackage ./nginx/mkunit.nix {inherit NginxService;};
-    NginxSiteConfig = callPackage ./nginx/siteconfig.nix {inherit utils;};
-    mkNginxSiteConfig = callPackage ./nginx/mksiteconfig.nix {inherit NginxSiteConfig;};
+    mkNginxService = callPackage ./nginx/unit.nix {inherit utils;};
 
     PHPConfig = callPackage ./php/config.nix {inherit utils;};
     mkPHPSiteConfig = callPackage ./php/siteconfig.nix {inherit PHPConfig;};
@@ -38,10 +35,7 @@ let
 
     mkKeycloakHaproxyService = callPackage ./keycloak-haproxy/unit.nix {inherit utils;};
 
-    KeycloakCliConfig = callPackage ./keycloak-cli-config/config.nix {inherit utils;};
-    mkKeycloakCliConfig = callPackage ./keycloak-cli-config/mkconfig.nix {inherit KeycloakCliConfig;};
-    KeycloakCliService = callPackage ./keycloak-cli-config/unit.nix {inherit utils;};
-    mkKeycloakCliService = callPackage ./keycloak-cli-config/mkunit.nix {inherit KeycloakCliService;};
+    mkKeycloakCliService = callPackage ./keycloak-cli-config/unit.nix {inherit utils;};
 
     TtrssEnvironment = callPackage ./ttrss/environment.nix {};
     TtrssConfig = callPackage ./ttrss/config.nix {};
diff --git a/keycloak-cli-config/config.nix b/keycloak-cli-config/config.nix
deleted file mode 100644
index 251d793..0000000
--- a/keycloak-cli-config/config.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ stdenv
-, pkgs
-, lib
-, utils
-}:
-{ configDir ? "/etc/keycloak-cli-config"
-, configFile ? "config.json"
-, realm
-, domain
-, roles ? {}
-, clients ? {}
-, users ? {}
-}:
-
-let
-  configcreator = pkgs.callPackage ./configcreator.nix {};
-in
-
-utils.mkConfigFile {
-  name = configFile;
-  dir = configDir;
-  content = builtins.toJSON (configcreator {
-    inherit realm domain roles clients users;
-  });
-}
diff --git a/keycloak-cli-config/mkconfig.nix b/keycloak-cli-config/mkconfig.nix
deleted file mode 100644
index f8d0e7b..0000000
--- a/keycloak-cli-config/mkconfig.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ KeycloakCliConfig
-}:
-{ name
-, configDir ? "/etc/keycloak-cli-config"
-, configFile ? "config.json"
-, realm
-, domain
-, roles ? {}
-, clients ? {}
-, users ? {}
-}:
-
-{
-  inherit name configDir configFile;
-
-  pkg = KeycloakCliConfig {
-    inherit configDir configFile;
-
-    inherit realm domain roles clients users;
-  };
-
-  type = "fileset";
-}
-    
diff --git a/keycloak-cli-config/mkunit.nix b/keycloak-cli-config/mkunit.nix
deleted file mode 100644
index 4aec033..0000000
--- a/keycloak-cli-config/mkunit.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ KeycloakCliService
-}:
-{ name
-, configDir
-, configFile
-
-, keycloakServiceName
-, keycloakSecretsDir
-, keycloakAvailabilityTimeout ? "120s"
-, keycloakUrl
-, keycloakUser
-, keys
-
-, dependsOn ? {}
-}:
-
-{
-  inherit name configDir configFile;
-  pkg = KeycloakCliService {
-    inherit configDir configFile;
-
-    inherit keycloakServiceName;
-    inherit keycloakSecretsDir
-      keycloakAvailabilityTimeout
-      keycloakUrl keycloakUser
-      keys;
-  };
-
-  inherit dependsOn;
-  type = "systemd-unit";
-}
diff --git a/keycloak-cli-config/unit.nix b/keycloak-cli-config/unit.nix
index 12932f3..8509ffb 100644
--- a/keycloak-cli-config/unit.nix
+++ b/keycloak-cli-config/unit.nix
@@ -3,8 +3,9 @@
 , lib
 , utils
 }:
-{ configDir ? "/etc/keycloak-cli-config"
-, configFile ? null
+{ name
+
+, config
 
 , keycloakServiceName
 , keycloakSecretsDir
@@ -13,8 +14,8 @@
 , keycloakUser
 , keys
 , debug ? false
-}:
-{ ...
+
+, dependsOn ? {}
 }:
 
 # https://github.com/adorsys/keycloak-config-cli
@@ -22,9 +23,9 @@
 # Password must be given through a file name "keycloak.password" under keycloakSecretsDir.
 
 let
+  configcreator = pkgs.callPackage ./configcreator.nix {};
 
-  configFileLocation =
-    configDir + (if configFile != null then "/" + configFile else "");
+  configfile = pkgs.writeText "keycloakcliconfig.json" (builtins.toJSON (configcreator config));
 
   envs = lib.concatMapStrings (x: "\nEnvironment=" + x) ([
     "SPRING_CONFIG_IMPORT=configtree:${keycloakSecretsDir}/"
@@ -33,7 +34,7 @@ let
     "KEYCLOAK_AVAILABILITYCHECK_ENABLED=true"
     "KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=${keycloakAvailabilityTimeout}"
     "IMPORT_VARSUBSTITUTION_ENABLED=true"
-    "IMPORT_FILES_LOCATIONS=${configFileLocation}"
+    "IMPORT_FILES_LOCATIONS=${configfile}"
   ] ++ (if !debug then [] else [
     "DEBUG=true"
     "LOGGING_LEVEL_ROOT=debug"
@@ -64,43 +65,50 @@ let
 
 in
 
-utils.systemd.mkService rec {
-  name = "keycloak-cli-config";
+{
+  inherit name;
 
-  content = ''
-  [Unit]
-  Description=Keycloak Realm Config
-  After=${keycloakServiceName}
-  Wants=${keycloakServiceName}
-  After=${utils.keyServiceDependencies keys}
-  Wants=${utils.keyServiceDependencies keys}
+  pkg = {...}: utils.systemd.mkService rec {
+    name = "keycloak-cli-config";
 
-  [Service]
-  User=keycloakcli
-  Group=keycloakcli
+    content = ''
+    [Unit]
+    Description=Keycloak Realm Config
+    After=${keycloakServiceName}
+    Wants=${keycloakServiceName}
+    After=${utils.keyServiceDependencies keys}
+    Wants=${utils.keyServiceDependencies keys}
 
-  ${utils.keyEnvironmentFile keys.userpasswords}
-  Type=oneshot${envs}
-  ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar
+    [Service]
+    User=keycloakcli
+    Group=keycloakcli
 
-  RuntimeDirectory=keycloak-cli-config
+    ${utils.keyEnvironmentFile keys.userpasswords}
+    Type=oneshot${envs}
+    ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar
 
-  PrivateDevices=true
-  LockPersonality=true
-  NoNewPrivileges=true
-  PrivateDevices=true
-  PrivateTmp=true
-  ProtectClock=true
-  ProtectControlGroups=true
-  ProtectHome=true
-  ProtectHostname=true
-  ProtectKernelLogs=true
-  ProtectKernelModules=true
-  ProtectKernelTunables=true
-  ProtectSystem=full
-  RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
-  RestrictNamespaces=true
-  RestrictRealtime=true
-  RestrictSUIDSGID=true
-  '';
+    RuntimeDirectory=keycloak-cli-config
+
+    PrivateDevices=true
+    LockPersonality=true
+    NoNewPrivileges=true
+    PrivateDevices=true
+    PrivateTmp=true
+    ProtectClock=true
+    ProtectControlGroups=true
+    ProtectHome=true
+    ProtectHostname=true
+    ProtectKernelLogs=true
+    ProtectKernelModules=true
+    ProtectKernelTunables=true
+    ProtectSystem=full
+    RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
+    RestrictNamespaces=true
+    RestrictRealtime=true
+    RestrictSUIDSGID=true
+    '';
+  };
+
+  inherit dependsOn;
+  type = "systemd-unit";
 }