From f0b4a2c37aba30094380561f07676a225f734904 Mon Sep 17 00:00:00 2001
From: Jonas Heinrich <heinrich@synyx.de>
Date: Wed, 26 Jun 2024 17:00:15 +0200
Subject: [PATCH] add keycloak service

---
 flake.lock       |  6 +++---
 flake.nix        |  4 ++--
 vm-nextcloud.nix | 22 +++++++++++++++++++---
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2c181f7..dc19b26 100644
--- a/flake.lock
+++ b/flake.lock
@@ -35,11 +35,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1718835956,
-        "narHash": "sha256-wM9v2yIxClRYsGHut5vHICZTK7xdrUGfrLkXvSuv6s4=",
+        "lastModified": 1719253556,
+        "narHash": "sha256-A/76RFUVxZ/7Y8+OMVL1Lc8LRhBxZ8ZE2bpMnvZ1VpY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "dd457de7e08c6d06789b1f5b88fc9327f4d96309",
+        "rev": "fc07dc3bdf2956ddd64f24612ea7fc894933eb2e",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index d7e427d..5ccedbf 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,7 +11,7 @@
     start =
       pkgs.writeShellScriptBin "start" ''
         set -e
-        export QEMU_NET_OPTS="hostfwd=tcp::8080-:80,hostfwd=tcp::1433-:143,hostfwd=tcp::5877-:587"
+        export QEMU_NET_OPTS="hostfwd=tcp::8080-:80,hostfwd=tcp::8081-:8081,hostfwd=tcp::1433-:143,hostfwd=tcp::5877-:587"
         ${pkgs.nixos-shell}/bin/nixos-shell --flake .
        '';
   in {
@@ -27,7 +27,7 @@
     devShells.x86_64-linux = {
       default = with pkgs; mkShell {
         nativeBuildInputs = [
-          php82Packages.composer
+          php83Packages.composer
           phpunit
           nodejs
           nodePackages.rollup
diff --git a/vm-nextcloud.nix b/vm-nextcloud.nix
index 161a06c..c7a8429 100644
--- a/vm-nextcloud.nix
+++ b/vm-nextcloud.nix
@@ -33,7 +33,7 @@
     package = pkgs.nextcloud29;
     hostName = "localhost";
     extraApps = with config.services.nextcloud.package.packages.apps; {
-     inherit contacts calendar;
+     inherit contacts calendar user_oidc;
      # FIXME
      # enable hmr when debug flag is enabled
      hmr_enabler = pkgs.php.buildComposerProject (finalAttrs: {
@@ -88,6 +88,8 @@
       trusted_domains = [ "10.100.100.1" ];
       "integrity.check.disabled" = true;
       debug = true;
+      # Required to allow insecure connection to KeyCloak on localhost
+      allow_local_remote_servers = true;
       #apps_paths = [
       #  {
       #    path = "/var/lib/nextcloud/server/apps";
@@ -153,11 +155,25 @@
     };
   };
 
+  # How to setup https://www.schiessle.org/articles/2023/07/04/nextcloud-and-openid-connect/
+  services.keycloak = {
+    enable = true;
+    settings = {
+      hostname = "localhost";
+      http-enabled = true;
+      http-port = 8081;
+      hostname-strict-https = false;
+    };
+    database.passwordFile = "${pkgs.writeText "dbPassword" ''test123''}";
+  };
+
   system.stateVersion = "24.05";
 
   environment.systemPackages = with pkgs; [
-    sqlite sqldiff
-    unzip wget
+    litecli
+    sqldiff
+    unzip
+    wget
   ];
 
   documentation = {