From 5106a2f74fd0fcf8f0ed6b4d9fef2eb0a2281f68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:08:18 +0200 Subject: [PATCH 01/13] javaPackages.mavenfod: init --- pkgs/development/java-modules/maven-fod.nix | 55 +++++++++++++++++++++ pkgs/top-level/java-packages.nix | 4 +- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/java-modules/maven-fod.nix diff --git a/pkgs/development/java-modules/maven-fod.nix b/pkgs/development/java-modules/maven-fod.nix new file mode 100644 index 000000000000..3e0d460ee488 --- /dev/null +++ b/pkgs/development/java-modules/maven-fod.nix @@ -0,0 +1,55 @@ +{ lib +, stdenv +, maven +}: + +{ src +, patches ? [] +, pname +, version +, mvnSha256 ? "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" +, mvnHash ? "sha256-${mvnSha256}" +, mvnFetchExtraArgs ? {} +, ... +} @args: + +# originally extracted from dbeaver +# created to allow using maven packages in the same style as rust + +stdenv.mkDerivation (rec { + fetchedMavenDeps = stdenv.mkDerivation ({ + name = "${pname}-${version}-maven-deps"; + inherit src; + + buildInputs = [ + maven + ]; + + buildPhase = '' + mvn package -Dmaven.repo.local=$out/.m2 -P desktop,all-platforms + ''; + + # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside + installPhase = '' + find $out -type f \ + -name \*.lastUpdated -or \ + -name resolver-status.properties -or \ + -name _remote.repositories \ + -delete + ''; + + # don't do any fixup + dontFixup = true; + outputHashMode = "recursive"; + outputHash = mvnHash; + } // mvnFetchExtraArgs); + + buildPhase = '' + runHook preBuild + + mvnDeps=$(cp -dpR ${fetchedMavenDeps}/.m2 ./ && chmod +w -R .m2 && pwd) + mvn package --offline "-Dmaven.repo.local=$mvnDeps/.m2" -P desktop,all-platforms + + runHook postBuild + ''; +} // args) diff --git a/pkgs/top-level/java-packages.nix b/pkgs/top-level/java-packages.nix index cf6474f0da5b..6f0f802f38e8 100644 --- a/pkgs/top-level/java-packages.nix +++ b/pkgs/top-level/java-packages.nix @@ -9,8 +9,10 @@ let openjfx11 = callPackage ../development/compilers/openjdk/openjfx/11.nix { }; openjfx15 = callPackage ../development/compilers/openjdk/openjfx/15.nix { }; + mavenfod = callPackage ../development/java-modules/maven-fod.nix { }; + in { - inherit mavenbuild fetchMaven openjfx11 openjfx15; + inherit mavenbuild mavenfod fetchMaven openjfx11 openjfx15; compiler = let From a61cf20944911e20b91fa69b84749e52e72eefd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:08:33 +0200 Subject: [PATCH 02/13] dbeaver: use javaPackages.mavenfod --- pkgs/applications/misc/dbeaver/default.nix | 37 ++-------------------- 1 file changed, 3 insertions(+), 34 deletions(-) diff --git a/pkgs/applications/misc/dbeaver/default.nix b/pkgs/applications/misc/dbeaver/default.nix index 156cc7188dcf..a53ed73532ac 100644 --- a/pkgs/applications/misc/dbeaver/default.nix +++ b/pkgs/applications/misc/dbeaver/default.nix @@ -16,9 +16,10 @@ , maven , webkitgtk , glib-networking +, javaPackages }: -stdenv.mkDerivation rec { +javaPackages.mavenfod rec { pname = "dbeaver"; version = "21.3.0"; # When updating also update fetchedMavenDeps.sha256 @@ -29,31 +30,7 @@ stdenv.mkDerivation rec { sha256 = "iKxnuMm5hpreP706N+XxaBrDVVwVFRWKNmiCyXkOUCQ="; }; - fetchedMavenDeps = stdenv.mkDerivation { - name = "dbeaver-${version}-maven-deps"; - inherit src; - - buildInputs = [ - maven - ]; - - buildPhase = "mvn package -Dmaven.repo.local=$out/.m2 -P desktop,all-platforms"; - - # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside - installPhase = '' - find $out -type f \ - -name \*.lastUpdated -or \ - -name resolver-status.properties -or \ - -name _remote.repositories \ - -delete - ''; - - # don't do any fixup - dontFixup = true; - outputHashAlgo = "sha256"; - outputHashMode = "recursive"; - outputHash = "7Sm1hAoi5xc4MLONOD8ySLLkpao0qmlMRRva/8zR210="; - }; + mvnSha256 = "7Sm1hAoi5xc4MLONOD8ySLLkpao0qmlMRRva/8zR210="; nativeBuildInputs = [ copyDesktopItems @@ -88,14 +65,6 @@ stdenv.mkDerivation rec { }) ]; - buildPhase = '' - runHook preBuild - - mvn package --offline -Dmaven.repo.local=$(cp -dpR ${fetchedMavenDeps}/.m2 ./ && chmod +w -R .m2 && pwd)/.m2 -P desktop,all-platforms - - runHook postBuild - ''; - installPhase = let productTargetPath = "product/community/target/products/org.jkiss.dbeaver.core.product"; From d8110b0e75cd576adb82f4eb4946ddb8f90c578f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:08:59 +0200 Subject: [PATCH 03/13] keycloak: add keycloak.plugins --- pkgs/servers/keycloak/all-plugins.nix | 4 ++++ pkgs/servers/keycloak/default.nix | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 pkgs/servers/keycloak/all-plugins.nix diff --git a/pkgs/servers/keycloak/all-plugins.nix b/pkgs/servers/keycloak/all-plugins.nix new file mode 100644 index 000000000000..4a3fcd1cded0 --- /dev/null +++ b/pkgs/servers/keycloak/all-plugins.nix @@ -0,0 +1,4 @@ +{ callPackage }: + +{ +} diff --git a/pkgs/servers/keycloak/default.nix b/pkgs/servers/keycloak/default.nix index cd8373f0842b..6bd2d3afd28b 100644 --- a/pkgs/servers/keycloak/default.nix +++ b/pkgs/servers/keycloak/default.nix @@ -1,5 +1,6 @@ { stdenv, lib, fetchzip, makeWrapper, jre, writeText, nixosTests , postgresql_jdbc ? null, mysql_jdbc ? null +, callPackage }: let @@ -55,7 +56,10 @@ stdenv.mkDerivation rec { wrapProgram $out/bin/jboss-cli.sh --set JAVA_HOME ${jre} ''; - passthru.tests = nixosTests.keycloak; + passthru = { + tests = nixosTests.keycloak; + plugins = callPackage ./all-plugins.nix {}; + }; meta = with lib; { homepage = "https://www.keycloak.org/"; From 74801dd0ea01ba714071cc80922a379c0019262b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:09:19 +0200 Subject: [PATCH 04/13] keycloak.plugins.scim-for-keycloak: init at kc-15-b2 --- pkgs/servers/keycloak/all-plugins.nix | 1 + .../keycloak/scim-for-keycloak/default.nix | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 pkgs/servers/keycloak/scim-for-keycloak/default.nix diff --git a/pkgs/servers/keycloak/all-plugins.nix b/pkgs/servers/keycloak/all-plugins.nix index 4a3fcd1cded0..e821becc872e 100644 --- a/pkgs/servers/keycloak/all-plugins.nix +++ b/pkgs/servers/keycloak/all-plugins.nix @@ -1,4 +1,5 @@ { callPackage }: { + scim-for-keycloak = callPackage ./scim-for-keycloak {}; } diff --git a/pkgs/servers/keycloak/scim-for-keycloak/default.nix b/pkgs/servers/keycloak/scim-for-keycloak/default.nix new file mode 100644 index 000000000000..b2fa2accdec0 --- /dev/null +++ b/pkgs/servers/keycloak/scim-for-keycloak/default.nix @@ -0,0 +1,36 @@ +{ lib +, stdenv +, fetchFromGitHub +, maven +, javaPackages +}: + +javaPackages.mavenfod rec { + pname = "scim-for-keycloak"; + version = "kc-15-b2"; # When updating also update mvnHash + + src = fetchFromGitHub { + owner = "Captain-P-Goldfish"; + repo = "scim-for-keycloak"; + rev = version; + sha256 = "K34c7xISjEETI3jFkRLdZ0C8pZHTWtPtrrIzwC76Tv0="; + }; + + mvnHash = "sha256-L1i9Fn9l6Xun6usvqiDLtMkMscQMEcqgaWXV3OUKrwQ="; + + nativeBuildInputs = [ + maven + ]; + + installPhase = '' + EAR=$(find -iname "*.ear") + install -D "$EAR" "$out/$(basename $EAR)" + ''; + + meta = with lib; { + homepage = "https://github.com/Captain-P-Goldfish/scim-for-keycloak"; + description = "A third party module that extends Keycloak with SCIM functionality"; + license = licenses.bsd3; + maintainers = with maintainers; [ mkg20001 ]; + }; +} From 891f2053a019c5fa834988e59c9639b4b47545c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:26:29 +0200 Subject: [PATCH 05/13] nixos/keycloak: add plugins option Co-authored-by: Kim Lindberger --- nixos/modules/services/web-apps/keycloak.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index df8c7114102f..699c88bc2395 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -216,6 +216,14 @@ in ''; }; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.path; + default = []; + description = '' + Keycloak plugin jar, ear files or derivations with them + ''; + }; + initialAdminPassword = lib.mkOption { type = lib.types.str; default = "changeme"; @@ -675,8 +683,18 @@ in umask u=rwx,g=,o= + install_plugin() { + if [ -d "$1" ]; then + find "$1" -type f \( -iname \*.ear -o -iname \*.jar \) -exec install -m 0500 -o keycloak -g keycloak "{}" "/run/keycloak/deployments/" \; + else + install -m 0500 -o keycloak -g keycloak "$1" "/run/keycloak/deployments/" + fi + } + install -T -m 0400 -o keycloak -g keycloak '${cfg.database.passwordFile}' /run/keycloak/secrets/db_password - '' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' + '' + lib.optionalString (cfg.plugins != []) (lib.concatStringsSep "\n" (map (pl: "install_plugin ${lib.escapeShellArg pl}") cfg.plugins)) + + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' + install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificate}' /run/keycloak/secrets/ssl_cert install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificateKey}' /run/keycloak/secrets/ssl_key ''; From 985afdbb33cf546191307a2df7191ef9f470baf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:43:01 +0200 Subject: [PATCH 06/13] keycloak.plugins.keycloak-discord: init at 0.3.1 --- pkgs/servers/keycloak/all-plugins.nix | 1 + .../keycloak/keycloak-discord/default.nix | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 pkgs/servers/keycloak/keycloak-discord/default.nix diff --git a/pkgs/servers/keycloak/all-plugins.nix b/pkgs/servers/keycloak/all-plugins.nix index e821becc872e..84de940d0779 100644 --- a/pkgs/servers/keycloak/all-plugins.nix +++ b/pkgs/servers/keycloak/all-plugins.nix @@ -2,4 +2,5 @@ { scim-for-keycloak = callPackage ./scim-for-keycloak {}; + keycloak-discord = callPackage ./keycloak-discord {}; } diff --git a/pkgs/servers/keycloak/keycloak-discord/default.nix b/pkgs/servers/keycloak/keycloak-discord/default.nix new file mode 100644 index 000000000000..710e66eb747b --- /dev/null +++ b/pkgs/servers/keycloak/keycloak-discord/default.nix @@ -0,0 +1,28 @@ +{ stdenv +, lib +, fetchurl +}: + +stdenv.mkDerivation rec { + pname = "keycloak-discord"; + version = "0.3.1"; + + src = fetchurl { + url = "https://github.com/wadahiro/keycloak-discord/releases/download/v${version}/keycloak-discord-ear-${version}.ear"; + sha256 = "0fswhbnxc80dpfqf5y6j29dxk3vcnm4kki6qdk22qliasvpw5n9c"; + }; + + dontUnpack = true; + dontBuild = true; + + installPhase = '' + install "$src" "$out/${pname}-ear-${version}.ear" + ''; + + meta = with lib; { + homepage = "https://github.com/wadahiro/keycloak-discord"; + description = "Keycloak Social Login extension for Discord"; + license = licenses.apsl20; + maintainers = with maintainers; [ mkg20001 ]; + }; +} From bd33583c88f0859768dbf84186128ffc597864f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:43:29 +0200 Subject: [PATCH 07/13] nixosTests.keycloak: add discord plugin to test --- nixos/tests/keycloak.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix index 1be3fed6acc9..e86faa0c9a73 100644 --- a/nixos/tests/keycloak.nix +++ b/nixos/tests/keycloak.nix @@ -16,8 +16,7 @@ let }; nodes = { - keycloak = { ... }: { - + keycloak = { config, ... }: { security.pki.certificateFiles = [ certs.ca.cert ]; @@ -36,6 +35,9 @@ let username = "bogus"; passwordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"; }; + plugins = with config.services.keycloak.package.plugins; [ + keycloak-discord + ]; }; environment.systemPackages = with pkgs; [ From 8e317c16309c7fe6f30213e705f3cecdbd2275eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Mon, 13 Dec 2021 17:55:07 +0100 Subject: [PATCH 08/13] javaPackages.mavenfod: make maven parameters configurable --- pkgs/applications/misc/dbeaver/default.nix | 1 + pkgs/development/java-modules/maven-fod.nix | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/misc/dbeaver/default.nix b/pkgs/applications/misc/dbeaver/default.nix index a53ed73532ac..1a1a6753b067 100644 --- a/pkgs/applications/misc/dbeaver/default.nix +++ b/pkgs/applications/misc/dbeaver/default.nix @@ -31,6 +31,7 @@ javaPackages.mavenfod rec { }; mvnSha256 = "7Sm1hAoi5xc4MLONOD8ySLLkpao0qmlMRRva/8zR210="; + mvnParameters = "-P desktop,all-platforms"; nativeBuildInputs = [ copyDesktopItems diff --git a/pkgs/development/java-modules/maven-fod.nix b/pkgs/development/java-modules/maven-fod.nix index 3e0d460ee488..24ce572af574 100644 --- a/pkgs/development/java-modules/maven-fod.nix +++ b/pkgs/development/java-modules/maven-fod.nix @@ -10,6 +10,7 @@ , mvnSha256 ? "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" , mvnHash ? "sha256-${mvnSha256}" , mvnFetchExtraArgs ? {} +, mvnParameters ? "" , ... } @args: @@ -26,7 +27,7 @@ stdenv.mkDerivation (rec { ]; buildPhase = '' - mvn package -Dmaven.repo.local=$out/.m2 -P desktop,all-platforms + mvn package -Dmaven.repo.local=$out/.m2 ${mvnParameters} ''; # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside From 467c3cc4cd9ddf546945deb7d6b515f42293adfe Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Mon, 21 Mar 2022 19:40:26 -0400 Subject: [PATCH 09/13] keycloak-discord: fix installPhase --- pkgs/servers/keycloak/keycloak-discord/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/servers/keycloak/keycloak-discord/default.nix b/pkgs/servers/keycloak/keycloak-discord/default.nix index 710e66eb747b..047bc67fbc56 100644 --- a/pkgs/servers/keycloak/keycloak-discord/default.nix +++ b/pkgs/servers/keycloak/keycloak-discord/default.nix @@ -16,6 +16,7 @@ stdenv.mkDerivation rec { dontBuild = true; installPhase = '' + mkdir -p "$out" install "$src" "$out/${pname}-ear-${version}.ear" ''; From 6bf2168e2b9be5731e49037bcbbfc7944934e720 Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Mon, 21 Mar 2022 19:40:50 -0400 Subject: [PATCH 10/13] scim-for-keycloak: fix mvnHash --- pkgs/servers/keycloak/scim-for-keycloak/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/servers/keycloak/scim-for-keycloak/default.nix b/pkgs/servers/keycloak/scim-for-keycloak/default.nix index b2fa2accdec0..1ef06061326e 100644 --- a/pkgs/servers/keycloak/scim-for-keycloak/default.nix +++ b/pkgs/servers/keycloak/scim-for-keycloak/default.nix @@ -16,7 +16,7 @@ javaPackages.mavenfod rec { sha256 = "K34c7xISjEETI3jFkRLdZ0C8pZHTWtPtrrIzwC76Tv0="; }; - mvnHash = "sha256-L1i9Fn9l6Xun6usvqiDLtMkMscQMEcqgaWXV3OUKrwQ="; + mvnHash = "sha256-kDYhXTEOAWH/dcRJalKtbwBpoxcD1aX9eqcRKs6ewbE="; nativeBuildInputs = [ maven From d6f50a5c8ec3ed386531011027a56908829f7124 Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Tue, 22 Mar 2022 12:36:14 -0400 Subject: [PATCH 11/13] keycloak: fix a missing newline when using plugins --- nixos/modules/services/web-apps/keycloak.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index 88cba0febfc0..c4a2127663a9 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -811,7 +811,7 @@ in export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}' '' - + lib.optionalString (cfg.plugins != []) (lib.concatStringsSep "\n" (map (pl: "install_plugin ${lib.escapeShellArg pl}") cfg.plugins)) + + lib.optionalString (cfg.plugins != []) (lib.concatStringsSep "\n" (map (pl: "install_plugin ${lib.escapeShellArg pl}") cfg.plugins)) + "\n" + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' pushd /run/keycloak/ssl/ cat "$CREDENTIALS_DIRECTORY/ssl_cert" <(echo) \ From a12b2ce73c8cd2c2e1d7b469b205d5b93ec0949f Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Tue, 22 Mar 2022 15:03:47 -0400 Subject: [PATCH 12/13] keycloak: wrap all the shell scripts Most of these just need JAVA_HOME, but a few assume that java is in PATH --- pkgs/servers/keycloak/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/keycloak/default.nix b/pkgs/servers/keycloak/default.nix index 5913da777713..d9797de6d174 100644 --- a/pkgs/servers/keycloak/default.nix +++ b/pkgs/servers/keycloak/default.nix @@ -51,9 +51,11 @@ stdenv.mkDerivation rec { ln -s ${mkModuleXml "com.mysql" "mysql-connector-java.jar"} $module_path/com/mysql/main/module.xml ''} - wrapProgram $out/bin/standalone.sh --set JAVA_HOME ${jre} - wrapProgram $out/bin/add-user-keycloak.sh --set JAVA_HOME ${jre} - wrapProgram $out/bin/jboss-cli.sh --set JAVA_HOME ${jre} + for script in add-user-keycloak.sh add-user.sh domain.sh elytron-tool.sh jboss-cli.sh jconsole.sh jdr.sh standalone.sh wsconsume.sh wsprovide.sh; do + wrapProgram $out/bin/$script --set JAVA_HOME ${jre} + done + wrapProgram $out/bin/kcadm.sh --prefix PATH : ${jre}/bin + wrapProgram $out/bin/kcreg.sh --prefix PATH : ${jre}/bin ''; passthru = { From 6f5636223cf615d2c304c8335ee072726d775191 Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Tue, 22 Mar 2022 19:57:11 -0400 Subject: [PATCH 13/13] keycloak-metrics-spi: init at 2.5.3 --- nixos/tests/keycloak.nix | 16 +++++++++++- pkgs/servers/keycloak/all-plugins.nix | 1 + .../keycloak/keycloak-metrics-spi/default.nix | 26 +++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 pkgs/servers/keycloak/keycloak-metrics-spi/default.nix diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix index a4beea40279f..fce8df2b7e3a 100644 --- a/nixos/tests/keycloak.nix +++ b/nixos/tests/keycloak.nix @@ -37,6 +37,7 @@ let }; plugins = with config.services.keycloak.package.plugins; [ keycloak-discord + keycloak-metrics-spi ]; }; @@ -104,8 +105,21 @@ let ### Realm Setup ### # Get an admin interface access token + keycloak.succeed(""" + curl -sSf -d 'client_id=admin-cli' \ + -d 'username=admin' \ + -d 'password=${initialAdminPassword}' \ + -d 'grant_type=password' \ + '${frontendUrl}/realms/master/protocol/openid-connect/token' \ + | jq -r '"Authorization: bearer " + .access_token' >admin_auth_header + """) + + # Register the metrics SPI keycloak.succeed( - "curl -sSf -d 'client_id=admin-cli' -d 'username=admin' -d 'password=${initialAdminPassword}' -d 'grant_type=password' '${frontendUrl}/realms/master/protocol/openid-connect/token' | jq -r '\"Authorization: bearer \" + .access_token' >admin_auth_header" + "${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt", + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'", + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'", + "curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'" ) # Publish the realm, including a test OIDC client and user diff --git a/pkgs/servers/keycloak/all-plugins.nix b/pkgs/servers/keycloak/all-plugins.nix index 84de940d0779..4dbd24872631 100644 --- a/pkgs/servers/keycloak/all-plugins.nix +++ b/pkgs/servers/keycloak/all-plugins.nix @@ -3,4 +3,5 @@ { scim-for-keycloak = callPackage ./scim-for-keycloak {}; keycloak-discord = callPackage ./keycloak-discord {}; + keycloak-metrics-spi = callPackage ./keycloak-metrics-spi {}; } diff --git a/pkgs/servers/keycloak/keycloak-metrics-spi/default.nix b/pkgs/servers/keycloak/keycloak-metrics-spi/default.nix new file mode 100644 index 000000000000..b5e23d0fe22d --- /dev/null +++ b/pkgs/servers/keycloak/keycloak-metrics-spi/default.nix @@ -0,0 +1,26 @@ +{ stdenv, lib, fetchurl }: + +stdenv.mkDerivation rec { + pname = "keycloak-metrics-spi"; + version = "2.5.3"; + + src = fetchurl { + url = "https://github.com/aerogear/keycloak-metrics-spi/releases/download/${version}/keycloak-metrics-spi-${version}.jar"; + sha256 = "15lsy8wjw6nlfdfhllc45z9l5474p0lsghrwzzsssvd68bw54gwv"; + }; + + dontUnpack = true; + dontBuild = true; + + installPhase = '' + mkdir -p $out + install "$src" "$out" + ''; + + meta = with lib; { + homepage = "https://github.com/aerogear/keycloak-metrics-spi"; + description = "Keycloak Service Provider that adds a metrics endpoint"; + license = licenses.apsl20; + maintainers = with maintainers; [ benley ]; + }; +}