hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

merge config with unit for keycloak-cli-config

Browse source
This commit is contained in:
ibizaman 2023-01-14 20:53:59 -08:00
parent 61bad67112
commit f7a9e97a13
5 changed files with 51 additions and 129 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
all-packages.nix
View file

@ -19,10 +19,7 @@ let
CaddySiteConfig = callPackage ./caddy/siteconfig.nix {inherit utils;}; CaddySiteConfig = callPackage ./caddy/siteconfig.nix {inherit utils;};
mkCaddySiteConfig = callPackage ./caddy/mksiteconfig.nix {inherit CaddySiteConfig;}; mkCaddySiteConfig = callPackage ./caddy/mksiteconfig.nix {inherit CaddySiteConfig;};
NginxService = callPackage ./nginx/unit.nix {inherit utils;}; mkNginxService = callPackage ./nginx/unit.nix {inherit utils;};
mkNginxService = callPackage ./nginx/mkunit.nix {inherit NginxService;};
NginxSiteConfig = callPackage ./nginx/siteconfig.nix {inherit utils;};
mkNginxSiteConfig = callPackage ./nginx/mksiteconfig.nix {inherit NginxSiteConfig;};
PHPConfig = callPackage ./php/config.nix {inherit utils;}; PHPConfig = callPackage ./php/config.nix {inherit utils;};
mkPHPSiteConfig = callPackage ./php/siteconfig.nix {inherit PHPConfig;}; mkPHPSiteConfig = callPackage ./php/siteconfig.nix {inherit PHPConfig;};
@ -38,10 +35,7 @@ let
mkKeycloakHaproxyService = callPackage ./keycloak-haproxy/unit.nix {inherit utils;}; mkKeycloakHaproxyService = callPackage ./keycloak-haproxy/unit.nix {inherit utils;};
KeycloakCliConfig = callPackage ./keycloak-cli-config/config.nix {inherit utils;}; mkKeycloakCliService = callPackage ./keycloak-cli-config/unit.nix {inherit utils;};
mkKeycloakCliConfig = callPackage ./keycloak-cli-config/mkconfig.nix {inherit KeycloakCliConfig;};
KeycloakCliService = callPackage ./keycloak-cli-config/unit.nix {inherit utils;};
mkKeycloakCliService = callPackage ./keycloak-cli-config/mkunit.nix {inherit KeycloakCliService;};
TtrssEnvironment = callPackage ./ttrss/environment.nix {}; TtrssEnvironment = callPackage ./ttrss/environment.nix {};
TtrssConfig = callPackage ./ttrss/config.nix {}; TtrssConfig = callPackage ./ttrss/config.nix {};

25
keycloak-cli-config/config.nix
View file

@ -1,25 +0,0 @@
{ stdenv
, pkgs
, lib
, utils
}:
{ configDir ? "/etc/keycloak-cli-config"
, configFile ? "config.json"
, realm
, domain
, roles ? {}
, clients ? {}
, users ? {}
}:
let
configcreator = pkgs.callPackage ./configcreator.nix {};
in
utils.mkConfigFile {
name = configFile;
dir = configDir;
content = builtins.toJSON (configcreator {
inherit realm domain roles clients users;
});
}

24
keycloak-cli-config/mkconfig.nix
View file

@ -1,24 +0,0 @@
{ KeycloakCliConfig
}:
{ name
, configDir ? "/etc/keycloak-cli-config"
, configFile ? "config.json"
, realm
, domain
, roles ? {}
, clients ? {}
, users ? {}
}:
{
inherit name configDir configFile;
pkg = KeycloakCliConfig {
inherit configDir configFile;
inherit realm domain roles clients users;
};
type = "fileset";
}

31
keycloak-cli-config/mkunit.nix
View file

@ -1,31 +0,0 @@
{ KeycloakCliService
}:
{ name
, configDir
, configFile
, keycloakServiceName
, keycloakSecretsDir
, keycloakAvailabilityTimeout ? "120s"
, keycloakUrl
, keycloakUser
, keys
, dependsOn ? {}
}:
{
inherit name configDir configFile;
pkg = KeycloakCliService {
inherit configDir configFile;
inherit keycloakServiceName;
inherit keycloakSecretsDir
keycloakAvailabilityTimeout
keycloakUrl keycloakUser
keys;
};
inherit dependsOn;
type = "systemd-unit";
}

90
keycloak-cli-config/unit.nix
View file

@ -3,8 +3,9 @@
, lib , lib
, utils , utils
}: }:
{ configDir ? "/etc/keycloak-cli-config" { name
, configFile ? null
, config
, keycloakServiceName , keycloakServiceName
, keycloakSecretsDir , keycloakSecretsDir
@ -13,8 +14,8 @@
, keycloakUser , keycloakUser
, keys , keys
, debug ? false , debug ? false
}:
{ ... , dependsOn ? {}
}: }:
# https://github.com/adorsys/keycloak-config-cli # https://github.com/adorsys/keycloak-config-cli
@ -22,9 +23,9 @@
# Password must be given through a file name "keycloak.password" under keycloakSecretsDir. # Password must be given through a file name "keycloak.password" under keycloakSecretsDir.
let let
configcreator = pkgs.callPackage ./configcreator.nix {};
configFileLocation = configfile = pkgs.writeText "keycloakcliconfig.json" (builtins.toJSON (configcreator config));
configDir + (if configFile != null then "/" + configFile else "");
envs = lib.concatMapStrings (x: "\nEnvironment=" + x) ([ envs = lib.concatMapStrings (x: "\nEnvironment=" + x) ([
"SPRING_CONFIG_IMPORT=configtree:${keycloakSecretsDir}/" "SPRING_CONFIG_IMPORT=configtree:${keycloakSecretsDir}/"
@ -33,7 +34,7 @@ let
"KEYCLOAK_AVAILABILITYCHECK_ENABLED=true" "KEYCLOAK_AVAILABILITYCHECK_ENABLED=true"
"KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=${keycloakAvailabilityTimeout}" "KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=${keycloakAvailabilityTimeout}"
"IMPORT_VARSUBSTITUTION_ENABLED=true" "IMPORT_VARSUBSTITUTION_ENABLED=true"
"IMPORT_FILES_LOCATIONS=${configFileLocation}" "IMPORT_FILES_LOCATIONS=${configfile}"
] ++ (if !debug then [] else [ ] ++ (if !debug then [] else [
"DEBUG=true" "DEBUG=true"
"LOGGING_LEVEL_ROOT=debug" "LOGGING_LEVEL_ROOT=debug"
@ -64,43 +65,50 @@ let
in in
utils.systemd.mkService rec { {
name = "keycloak-cli-config"; inherit name;
content = '' pkg = {...}: utils.systemd.mkService rec {
[Unit] name = "keycloak-cli-config";
Description=Keycloak Realm Config
After=${keycloakServiceName}
Wants=${keycloakServiceName}
After=${utils.keyServiceDependencies keys}
Wants=${utils.keyServiceDependencies keys}
[Service] content = ''
User=keycloakcli [Unit]
Group=keycloakcli Description=Keycloak Realm Config
After=${keycloakServiceName}
Wants=${keycloakServiceName}
After=${utils.keyServiceDependencies keys}
Wants=${utils.keyServiceDependencies keys}
${utils.keyEnvironmentFile keys.userpasswords} [Service]
Type=oneshot${envs} User=keycloakcli
ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar Group=keycloakcli
RuntimeDirectory=keycloak-cli-config ${utils.keyEnvironmentFile keys.userpasswords}
Type=oneshot${envs}
ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar
PrivateDevices=true RuntimeDirectory=keycloak-cli-config
LockPersonality=true
NoNewPrivileges=true PrivateDevices=true
PrivateDevices=true LockPersonality=true
PrivateTmp=true NoNewPrivileges=true
ProtectClock=true PrivateDevices=true
ProtectControlGroups=true PrivateTmp=true
ProtectHome=true ProtectClock=true
ProtectHostname=true ProtectControlGroups=true
ProtectKernelLogs=true ProtectHome=true
ProtectKernelModules=true ProtectHostname=true
ProtectKernelTunables=true ProtectKernelLogs=true
ProtectSystem=full ProtectKernelModules=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX ProtectKernelTunables=true
RestrictNamespaces=true ProtectSystem=full
RestrictRealtime=true RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictSUIDSGID=true RestrictNamespaces=true
''; RestrictRealtime=true
RestrictSUIDSGID=true
'';
};
inherit dependsOn;
type = "systemd-unit";
} }