Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/keycloak: Init #99906

Merged
merged 6 commits into from Nov 3, 2020
Merged

nixos/keycloak: Init #99906

merged 6 commits into from Nov 3, 2020

Conversation

talyz
Copy link
Contributor

@talyz talyz commented Oct 6, 2020
edited

Motivation for this change

Add a module for Keycloak, an open source identity and access management server.

I just found out about #91734 - my intention was not to step on your toes, @ngerstle; I started work on this module in early 2019 and have had it deployed at work since then, but just now had time to update and polish it for upstreaming.

The module features explicit configuration options for common settings put into the standalone.xml configuration file (address, port, tls, etc) and allows for arbitrary settings through an extraConfig option. The settings are applied on top of the shipped default configuration via the jboss-cli.

Fixes #87673.

Todo
  • Write test(s)
  • Document and clean up the jboss-cli functions
  • Add a section to the manual
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@talyz talyz requested review from aanderse and bbigras October 6, 2020 22:21
@bbigras
Copy link
Contributor

bbigras commented Oct 6, 2020

just found out about #99517

did you mean to link #91734?

@talyz
Copy link
Contributor Author

talyz commented Oct 7, 2020

@bbigras I did indeed. Thanks!

@aanderse
Copy link
Member

aanderse commented Oct 7, 2020

I might be recalling incorrectly, but I thought @Mic92 had some comments about relying on ACLs in our modules.

@aanderse aanderse requested review from flokli and Mic92 October 7, 2020 10:20
@talyz
Copy link
Contributor Author

talyz commented Oct 7, 2020

@aanderse Aha, well, I don't think the setfacl commands are actually crucial here - they were mostly added as a safeguard IIRC.

aanderse
aanderse reviewed Oct 7, 2020
View reviewed changes
Copy link
Member

@aanderse aanderse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have left some discussion points I hope aren't entirely useless.

nixos/modules/services/web-apps/keycloak.nix Outdated Show resolved Hide resolved
nixos/modules/services/web-apps/keycloak.nix Outdated Show resolved Hide resolved
nixos/modules/services/web-apps/keycloak.nix Outdated Show resolved Hide resolved
nixos/modules/services/web-apps/keycloak.nix Outdated Show resolved Hide resolved
nixos/modules/services/web-apps/keycloak.nix Outdated Show resolved Hide resolved
nixos/modules/services/web-apps/keycloak.nix Outdated Show resolved Hide resolved
@talyz talyz force-pushed the keycloak branch 3 times, most recently from b3a594f to 47250fb Compare October 7, 2020 17:38
@ngerstle
Copy link
Contributor

Motivation for this change

Add a module for Keycloak, an open source identity and access management server.

I just found out about #91734 - my intention was not to step on your toes, @ngerstle; I started work on this module in early 2019 and have had it deployed at work since then, but just now had time to update and polish it for upstreaming.

The module features explicit configuration options for common settings put into the standalone.xml configuration file (address, port, tls, etc) and allows for arbitrary settings through an extraConfig option. The settings are applied on top of the shipped default configuration via the jboss-cli.

Fixes #87673.

No worries, @talyz - this is far beyond what I was slowly working on!

@talyz talyz requested a review from aanderse October 20, 2020 20:04
@talyz talyz changed the title [WIP] nixos/keycloak: Init nixos/keycloak: Init Oct 21, 2020
@talyz talyz requested a review from arianvp October 21, 2020 16:14
@talyz talyz force-pushed the keycloak branch 2 times, most recently from 5fc29eb to 0390767 Compare October 23, 2020 15:02
@talyz
Copy link
Contributor Author

talyz commented Oct 29, 2020

I've added support for MySQL and secure external database connections, which was the last thing I wanted to get in. I consider this done now and will merge in a few days unless someone objects to it.

@talyz talyz requested a review from wmertens October 30, 2020 10:56
@talyz talyz merged commit cf2d180 into NixOS:master Nov 3, 2020
@talyz talyz deleted the keycloak branch November 3, 2020 17:31
@talyz talyz mentioned this pull request Nov 3, 2020
Closed
10 tasks
@talyz talyz mentioned this pull request Apr 6, 2021
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bbigras bbigras Awaiting requested review from bbigras

@flokli flokli Awaiting requested review from flokli

@Mic92 Mic92 Awaiting requested review from Mic92

@aanderse aanderse Awaiting requested review from aanderse

@arianvp arianvp Awaiting requested review from arianvp

@wmertens wmertens Awaiting requested review from wmertens

Assignees
No one assigned
Labels
6.topic: nixos 8.has: changelog 8.has: documentation 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

module request: keycloak
5 participants
@talyz @bbigras @aanderse @ngerstle @arianvp