onny/nixos-nextcloud-testumgebung
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

auto setup keycloak realm

Browse source
This commit is contained in:
Jonas Heinrich 2024-07-21 00:26:18 +02:00
parent 474cdbec34
commit cdac7ad5fc
3 changed files with 59 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

17
flake.lock generated
View file

@ -1,5 +1,21 @@
{ {
"nodes": { "nodes": {
"keycloak-realms": {
"locked": {
"lastModified": 1721493163,
"narHash": "sha256-VmHIhv0VKcpL4IhP8kc5gIeIZNMS4Df9yHlPVc7LAlg=",
"owner": "rorosen",
"repo": "nixpkgs",
"rev": "162639ea7c3ac6578e77698ce71c2b1dc49ceffd",
"type": "github"
},
"original": {
"owner": "rorosen",
"ref": "keycloak-realm-import",
"repo": "nixpkgs",
"type": "github"
}
},
"nixos-shell": { "nixos-shell": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
@ -51,6 +67,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"keycloak-realms": "keycloak-realms",
"nixos-shell": "nixos-shell", "nixos-shell": "nixos-shell",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
} }

4
flake.nix
View file

@ -6,9 +6,10 @@
#nixpkgs.url = "nixpkgs/nixos-24.05"; #nixpkgs.url = "nixpkgs/nixos-24.05";
nixpkgs.url = "github:onny/nixpkgs/hmr-enabler"; nixpkgs.url = "github:onny/nixpkgs/hmr-enabler";
nixos-shell.url = "github:Mic92/nixos-shell"; nixos-shell.url = "github:Mic92/nixos-shell";
keycloak-realms.url = "github:rorosen/nixpkgs/keycloak-realm-import";
}; };
outputs = { self, nixpkgs, nixos-shell }: let outputs = { self, nixpkgs, nixos-shell, ... }@inputs: let
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
start = start =
pkgs.writeShellScriptBin "start" '' pkgs.writeShellScriptBin "start" ''
@ -20,6 +21,7 @@
nixosConfigurations.vm = nixpkgs.lib.nixosSystem { nixosConfigurations.vm = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs.inputs = inputs;
modules = [ modules = [
(import ./vm-nextcloud.nix) (import ./vm-nextcloud.nix)
nixos-shell.nixosModules.nixos-shell nixos-shell.nixosModules.nixos-shell

41
vm-nextcloud.nix
View file

@ -1,12 +1,17 @@
{ pkgs, config, lib, options, ... }: { { pkgs, config, lib, options, inputs, ... }: {
virtualisation = { virtualisation = {
memorySize = 8000; memorySize = 8000;
cores = 4; cores = 4;
}; };
disabledModules = [
"services/web-apps/keycloak.nix"
];
imports = [ imports = [
./nextcloud-extras.nix ./nextcloud-extras.nix
"${inputs.keycloak-realms}/nixos/modules/services/web-apps/keycloak.nix"
]; ];
nixpkgs = { nixpkgs = {
@ -191,7 +196,32 @@
# How to setup https://www.schiessle.org/articles/2023/07/04/nextcloud-and-openid-connect/ # How to setup https://www.schiessle.org/articles/2023/07/04/nextcloud-and-openid-connect/
# FIXME auto setup realm https://github.com/NixOS/nixpkgs/pull/273833 # FIXME auto setup realm https://github.com/NixOS/nixpkgs/pull/273833
services.keycloak = { services.keycloak = let
realm = {
realm = "OIDCDemo";
enabled = true;
clients = [{
clientId = "nextcloud";
secret = "4KoWtOWtg8xpRdAoorNan4PdfFMATo91";
rootUrl = "http://localhost:8080";
redirectUris = [
"http://localhost:8080/*"
];
}];
users = [{
enabled = true;
firstName = "Hans";
lastName = "Wurst";
username = "onny";
email = "onny@localhost";
credentials = [{
type = "password";
temporary = false;
value = "test123";
}];
}];
};
in {
enable = true; enable = true;
settings = { settings = {
hostname = "localhost"; hostname = "localhost";
@ -200,6 +230,7 @@
hostname-strict-https = false; hostname-strict-https = false;
}; };
database.passwordFile = "${pkgs.writeText "dbPassword" ''test123''}"; database.passwordFile = "${pkgs.writeText "dbPassword" ''test123''}";
realmFiles.OIDCDemo = builtins.toJSON realm;
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.05";
@ -220,4 +251,10 @@
nixos.enable = false; nixos.enable = false;
}; };
nix = {
package = pkgs.nixFlakes;
registry.nixpkgs.flake = inputs.nixpkgs;
settings.experimental-features = [ "nix-command" "flakes" ];
};
} }