Merge pull request #250638 from benley/keycloak-systemd-notify
nixos/keycloak: Add systemd startup notification
This commit is contained in:
commit
f05ecf16e6
|
@ -577,20 +577,22 @@ in
|
|||
|
||||
users.groups.oauth2-proxy = {};
|
||||
|
||||
systemd.services.oauth2-proxy = {
|
||||
description = "OAuth2 Proxy";
|
||||
path = [ cfg.package ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
systemd.services.oauth2-proxy =
|
||||
let needsKeycloak = lib.elem cfg.provider ["keycloak" "keycloak-oidc"]
|
||||
&& config.services.keycloak.enable;
|
||||
in {
|
||||
description = "OAuth2 Proxy";
|
||||
path = [ cfg.package ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ] ++ lib.optionals needsKeycloak [ "keycloak.service" ];
|
||||
after = [ "network-online.target" ] ++ lib.optionals needsKeycloak [ "keycloak.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "oauth2-proxy";
|
||||
Restart = "always";
|
||||
ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}";
|
||||
EnvironmentFile = lib.mkIf (cfg.keyFile != null) cfg.keyFile;
|
||||
serviceConfig = {
|
||||
User = "oauth2-proxy";
|
||||
Restart = "always";
|
||||
ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}";
|
||||
EnvironmentFile = lib.mkIf (cfg.keyFile != null) cfg.keyFile;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -466,7 +466,8 @@ in
|
|||
confFile = pkgs.writeText "keycloak.conf" (keycloakConfig filteredConfig);
|
||||
keycloakBuild = cfg.package.override {
|
||||
inherit confFile;
|
||||
plugins = cfg.package.enabledPlugins ++ cfg.plugins;
|
||||
plugins = cfg.package.enabledPlugins ++ cfg.plugins ++
|
||||
(with cfg.package.plugins; [quarkus-systemd-notify quarkus-systemd-notify-deployment]);
|
||||
};
|
||||
in
|
||||
mkIf cfg.enable
|
||||
|
@ -638,6 +639,8 @@ in
|
|||
RuntimeDirectory = "keycloak";
|
||||
RuntimeDirectoryMode = "0700";
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
Type = "notify"; # Requires quarkus-systemd-notify plugin
|
||||
NotifyAccess = "all";
|
||||
};
|
||||
script = ''
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ callPackage }:
|
||||
{ callPackage, fetchMavenArtifact }:
|
||||
|
||||
{
|
||||
scim-for-keycloak = callPackage ./scim-for-keycloak {};
|
||||
|
@ -6,4 +6,20 @@
|
|||
keycloak-discord = callPackage ./keycloak-discord {};
|
||||
keycloak-metrics-spi = callPackage ./keycloak-metrics-spi {};
|
||||
keycloak-restrict-client-auth = callPackage ./keycloak-restrict-client-auth {};
|
||||
|
||||
# These could theoretically be used by something other than Keycloak, but
|
||||
# there are no other quarkus apps in nixpkgs (as of 2023-08-21)
|
||||
quarkus-systemd-notify = (fetchMavenArtifact {
|
||||
groupId = "io.quarkiverse.systemd.notify";
|
||||
artifactId = "quarkus-systemd-notify";
|
||||
version = "1.0.1";
|
||||
hash = "sha256-3I4j22jyIpokU4kdobkt6cDsALtxYFclA+DV+BqtmLY=";
|
||||
}).passthru.jar;
|
||||
|
||||
quarkus-systemd-notify-deployment = (fetchMavenArtifact {
|
||||
groupId = "io.quarkiverse.systemd.notify";
|
||||
artifactId = "quarkus-systemd-notify-deployment";
|
||||
version = "1.0.1";
|
||||
hash = "sha256-xHxzBxriSd/OU8gEcDG00VRkJYPYJDfAfPh/FkQe+zg=";
|
||||
}).passthru.jar;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user