New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/keycloak: init module #91734
nixos/keycloak: init module #91734
Conversation
The service will fail to run if the necessary configuration is missing- several property files and
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for contributing this module! I have left some initial comments I hope are useful. Note that I don't know much about keycloak
so if I'm way off base on any comment just mention as such.
''; | ||
}; | ||
|
||
user = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DynamicUser
might be a good thing to consider here.
description = "Package that should be used for keycloak"; | ||
}; | ||
|
||
jbossBaseDir = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm under the impression configuration can be immutable and keycloak
will operate fine that way. Is there a way we can separate configuration into an immutable directory (like /nix/store/...
)? It might be nice to specify a separate logs directory as well (like /var/log/keycloak
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When you say configuration can be immutable, what level of configuration are you thinking of?
Most usage supposes management of realms/clients/users/etc dynamically- are you thinking of the files listed above?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there no concept of root
owned configuration under /etc
that isn't modified at runtime? While some java
apps follow this pattern many do not... but I thought there was at least some concept of configuration (not state) with keycloak
like this. I defer to your knowledge as I don't know much about the application.
}; | ||
|
||
serviceConfig = { | ||
User = "${cfg.user}"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quotation marks not required, but see above comment about DynamicUser
.
cfg = config.services.keycloak; | ||
in { | ||
options = { | ||
services.keycloak = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no documentation provided about the user needing to setup a reverse proxy with a web server like nginx
, httpd
, etc...
Note that the current package does not provide database support, the jdbc driver needs to be provided "in-tree" to keycloack: relevant documentation. |
Yeah that might work well. |
Superseded by #99906. |
Motivation for this change
Request to add a module for keycloak: #87673
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)