pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #140406 from mkg20001/mvn

authored by Maciej Krüger and committed by GitHub 511e56d7 d6e2e39a

+207 -16
unified split
+19 -1
nixos/modules/services/web-apps/keycloak.nix
··· 129 ''; 130 }; 131 132 database = { 133 type = mkOption { 134 type = enum [ "mysql" "postgresql" ]; ··· 787 788 umask u=rwx,g=,o= 789 790 install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration 791 install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml 792 ··· 794 795 export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration 796 add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}' 797 - '' + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' 798 pushd /run/keycloak/ssl/ 799 cat "$CREDENTIALS_DIRECTORY/ssl_cert" <(echo) \ 800 "$CREDENTIALS_DIRECTORY/ssl_key" <(echo) \
··· 129 ''; 130 }; 131 132 + plugins = lib.mkOption { 133 + type = lib.types.listOf lib.types.path; 134 + default = []; 135 + description = '' 136 + Keycloak plugin jar, ear files or derivations with them 137 + ''; 138 + }; 139 + 140 database = { 141 type = mkOption { 142 type = enum [ "mysql" "postgresql" ]; ··· 795 796 umask u=rwx,g=,o= 797 798 + install_plugin() { 799 + if [ -d "$1" ]; then 800 + find "$1" -type f \( -iname \*.ear -o -iname \*.jar \) -exec install -m 0500 -o keycloak -g keycloak "{}" "/run/keycloak/deployments/" \; 801 + else 802 + install -m 0500 -o keycloak -g keycloak "$1" "/run/keycloak/deployments/" 803 + fi 804 + } 805 + 806 install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration 807 install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml 808 ··· 810 811 export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration 812 add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}' 813 + '' 814 + + lib.optionalString (cfg.plugins != []) (lib.concatStringsSep "\n" (map (pl: "install_plugin ${lib.escapeShellArg pl}") cfg.plugins)) + "\n" 815 + + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' 816 pushd /run/keycloak/ssl/ 817 cat "$CREDENTIALS_DIRECTORY/ssl_cert" <(echo) \ 818 "$CREDENTIALS_DIRECTORY/ssl_key" <(echo) \
+19 -3
nixos/tests/keycloak.nix
··· 16 }; 17 18 nodes = { 19 - keycloak = { ... }: { 20 - 21 security.pki.certificateFiles = [ 22 certs.ca.cert 23 ]; ··· 36 username = "bogus"; 37 passwordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"; 38 }; 39 }; 40 41 environment.systemPackages = with pkgs; [ ··· 102 ### Realm Setup ### 103 104 # Get an admin interface access token 105 keycloak.succeed( 106 - "curl -sSf -d 'client_id=admin-cli' -d 'username=admin' -d 'password=${initialAdminPassword}' -d 'grant_type=password' '${frontendUrl}/realms/master/protocol/openid-connect/token' | jq -r '\"Authorization: bearer \" + .access_token' >admin_auth_header" 107 ) 108 109 # Publish the realm, including a test OIDC client and user
··· 16 }; 17 18 nodes = { 19 + keycloak = { config, ... }: { 20 security.pki.certificateFiles = [ 21 certs.ca.cert 22 ]; ··· 35 username = "bogus"; 36 passwordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"; 37 }; 38 + plugins = with config.services.keycloak.package.plugins; [ 39 + keycloak-discord 40 + keycloak-metrics-spi 41 + ]; 42 }; 43 44 environment.systemPackages = with pkgs; [ ··· 105 ### Realm Setup ### 106 107 # Get an admin interface access token 108 + keycloak.succeed(""" 109 + curl -sSf -d 'client_id=admin-cli' \ 110 + -d 'username=admin' \ 111 + -d 'password=${initialAdminPassword}' \ 112 + -d 'grant_type=password' \ 113 + '${frontendUrl}/realms/master/protocol/openid-connect/token' \ 114 + | jq -r '"Authorization: bearer " + .access_token' >admin_auth_header 115 + """) 116 + 117 + # Register the metrics SPI 118 keycloak.succeed( 119 + "${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt", 120 + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'", 121 + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'", 122 + "curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'" 123 ) 124 125 # Publish the realm, including a test OIDC client and user
+7 -10
pkgs/applications/misc/dbeaver/default.nix
··· 16 , maven 17 , webkitgtk 18 , glib-networking 19 }: 20 21 - stdenv.mkDerivation rec { 22 pname = "dbeaver"; 23 version = "22.0.1"; # When updating also update fetchedMavenDeps.sha256 24 ··· 29 sha256 = "sha256-IG5YWwq3WVzQBvAslQ9Z2Ou6ADzf4n9NkQCtH4Jgkac="; 30 }; 31 32 fetchedMavenDeps = stdenv.mkDerivation { 33 name = "dbeaver-${version}-maven-deps"; 34 inherit src; ··· 37 maven 38 ]; 39 40 - buildPhase = "mvn package -Dmaven.repo.local=$out/.m2 -P desktop,all-platforms"; 41 42 # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside 43 installPhase = '' ··· 87 categories = [ "Development" ]; 88 }) 89 ]; 90 - 91 - buildPhase = '' 92 - runHook preBuild 93 - 94 - mvn package --offline -Dmaven.repo.local=$(cp -dpR ${fetchedMavenDeps}/.m2 ./ && chmod +w -R .m2 && pwd)/.m2 -P desktop,all-platforms 95 - 96 - runHook postBuild 97 - ''; 98 99 installPhase = 100 let
··· 16 , maven 17 , webkitgtk 18 , glib-networking 19 + , javaPackages 20 }: 21 22 + javaPackages.mavenfod rec { 23 pname = "dbeaver"; 24 version = "22.0.1"; # When updating also update fetchedMavenDeps.sha256 25 ··· 30 sha256 = "sha256-IG5YWwq3WVzQBvAslQ9Z2Ou6ADzf4n9NkQCtH4Jgkac="; 31 }; 32 33 + 34 + mvnSha256 = "7Sm1hAoi5xc4MLONOD8ySLLkpao0qmlMRRva/8zR210="; 35 + mvnParameters = "-P desktop,all-platforms"; 36 + 37 fetchedMavenDeps = stdenv.mkDerivation { 38 name = "dbeaver-${version}-maven-deps"; 39 inherit src; ··· 42 maven 43 ]; 44 45 + buildPhase = "mvn package -Dmaven.repo.local=$out/.m2 ${mvnParameters}"; 46 47 # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside 48 installPhase = '' ··· 92 categories = [ "Development" ]; 93 }) 94 ]; 95 96 installPhase = 97 let
+56
pkgs/development/java-modules/maven-fod.nix
···
··· 1 + { lib 2 + , stdenv 3 + , maven 4 + }: 5 + 6 + { src 7 + , patches ? [] 8 + , pname 9 + , version 10 + , mvnSha256 ? "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" 11 + , mvnHash ? "sha256-${mvnSha256}" 12 + , mvnFetchExtraArgs ? {} 13 + , mvnParameters ? "" 14 + , ... 15 + } @args: 16 + 17 + # originally extracted from dbeaver 18 + # created to allow using maven packages in the same style as rust 19 + 20 + stdenv.mkDerivation (rec { 21 + fetchedMavenDeps = stdenv.mkDerivation ({ 22 + name = "${pname}-${version}-maven-deps"; 23 + inherit src; 24 + 25 + buildInputs = [ 26 + maven 27 + ]; 28 + 29 + buildPhase = '' 30 + mvn package -Dmaven.repo.local=$out/.m2 ${mvnParameters} 31 + ''; 32 + 33 + # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside 34 + installPhase = '' 35 + find $out -type f \ 36 + -name \*.lastUpdated -or \ 37 + -name resolver-status.properties -or \ 38 + -name _remote.repositories \ 39 + -delete 40 + ''; 41 + 42 + # don't do any fixup 43 + dontFixup = true; 44 + outputHashMode = "recursive"; 45 + outputHash = mvnHash; 46 + } // mvnFetchExtraArgs); 47 + 48 + buildPhase = '' 49 + runHook preBuild 50 + 51 + mvnDeps=$(cp -dpR ${fetchedMavenDeps}/.m2 ./ && chmod +w -R .m2 && pwd) 52 + mvn package --offline "-Dmaven.repo.local=$mvnDeps/.m2" -P desktop,all-platforms 53 + 54 + runHook postBuild 55 + ''; 56 + } // args)
+7
pkgs/servers/keycloak/all-plugins.nix
···
··· 1 + { callPackage }: 2 + 3 + { 4 + scim-for-keycloak = callPackage ./scim-for-keycloak {}; 5 + keycloak-discord = callPackage ./keycloak-discord {}; 6 + keycloak-metrics-spi = callPackage ./keycloak-metrics-spi {}; 7 + }
+5 -1
pkgs/servers/keycloak/default.nix
··· 1 { stdenv, lib, fetchzip, makeWrapper, jre, writeText, nixosTests 2 , postgresql_jdbc ? null, mysql_jdbc ? null 3 }: 4 5 let ··· 57 wrapProgram $out/bin/kcreg.sh --prefix PATH : ${jre}/bin 58 ''; 59 60 - passthru.tests = nixosTests.keycloak; 61 62 meta = with lib; { 63 homepage = "https://www.keycloak.org/";
··· 1 { stdenv, lib, fetchzip, makeWrapper, jre, writeText, nixosTests 2 , postgresql_jdbc ? null, mysql_jdbc ? null 3 + , callPackage 4 }: 5 6 let ··· 58 wrapProgram $out/bin/kcreg.sh --prefix PATH : ${jre}/bin 59 ''; 60 61 + passthru = { 62 + tests = nixosTests.keycloak; 63 + plugins = callPackage ./all-plugins.nix {}; 64 + }; 65 66 meta = with lib; { 67 homepage = "https://www.keycloak.org/";
+29
pkgs/servers/keycloak/keycloak-discord/default.nix
···
··· 1 + { stdenv 2 + , lib 3 + , fetchurl 4 + }: 5 + 6 + stdenv.mkDerivation rec { 7 + pname = "keycloak-discord"; 8 + version = "0.3.1"; 9 + 10 + src = fetchurl { 11 + url = "https://github.com/wadahiro/keycloak-discord/releases/download/v${version}/keycloak-discord-ear-${version}.ear"; 12 + sha256 = "0fswhbnxc80dpfqf5y6j29dxk3vcnm4kki6qdk22qliasvpw5n9c"; 13 + }; 14 + 15 + dontUnpack = true; 16 + dontBuild = true; 17 + 18 + installPhase = '' 19 + mkdir -p "$out" 20 + install "$src" "$out/${pname}-ear-${version}.ear" 21 + ''; 22 + 23 + meta = with lib; { 24 + homepage = "https://github.com/wadahiro/keycloak-discord"; 25 + description = "Keycloak Social Login extension for Discord"; 26 + license = licenses.apsl20; 27 + maintainers = with maintainers; [ mkg20001 ]; 28 + }; 29 + }
+26
pkgs/servers/keycloak/keycloak-metrics-spi/default.nix
···
··· 1 + { stdenv, lib, fetchurl }: 2 + 3 + stdenv.mkDerivation rec { 4 + pname = "keycloak-metrics-spi"; 5 + version = "2.5.3"; 6 + 7 + src = fetchurl { 8 + url = "https://github.com/aerogear/keycloak-metrics-spi/releases/download/${version}/keycloak-metrics-spi-${version}.jar"; 9 + sha256 = "15lsy8wjw6nlfdfhllc45z9l5474p0lsghrwzzsssvd68bw54gwv"; 10 + }; 11 + 12 + dontUnpack = true; 13 + dontBuild = true; 14 + 15 + installPhase = '' 16 + mkdir -p $out 17 + install "$src" "$out" 18 + ''; 19 + 20 + meta = with lib; { 21 + homepage = "https://github.com/aerogear/keycloak-metrics-spi"; 22 + description = "Keycloak Service Provider that adds a metrics endpoint"; 23 + license = licenses.apsl20; 24 + maintainers = with maintainers; [ benley ]; 25 + }; 26 + }
+36
pkgs/servers/keycloak/scim-for-keycloak/default.nix
···
··· 1 + { lib 2 + , stdenv 3 + , fetchFromGitHub 4 + , maven 5 + , javaPackages 6 + }: 7 + 8 + javaPackages.mavenfod rec { 9 + pname = "scim-for-keycloak"; 10 + version = "kc-15-b2"; # When updating also update mvnHash 11 + 12 + src = fetchFromGitHub { 13 + owner = "Captain-P-Goldfish"; 14 + repo = "scim-for-keycloak"; 15 + rev = version; 16 + sha256 = "K34c7xISjEETI3jFkRLdZ0C8pZHTWtPtrrIzwC76Tv0="; 17 + }; 18 + 19 + mvnHash = "sha256-kDYhXTEOAWH/dcRJalKtbwBpoxcD1aX9eqcRKs6ewbE="; 20 + 21 + nativeBuildInputs = [ 22 + maven 23 + ]; 24 + 25 + installPhase = '' 26 + EAR=$(find -iname "*.ear") 27 + install -D "$EAR" "$out/$(basename $EAR)" 28 + ''; 29 + 30 + meta = with lib; { 31 + homepage = "https://github.com/Captain-P-Goldfish/scim-for-keycloak"; 32 + description = "A third party module that extends Keycloak with SCIM functionality"; 33 + license = licenses.bsd3; 34 + maintainers = with maintainers; [ mkg20001 ]; 35 + }; 36 + }
+3 -1
pkgs/top-level/java-packages.nix
··· 10 openjfx15 = callPackage ../development/compilers/openjdk/openjfx/15.nix { }; 11 openjfx17 = callPackage ../development/compilers/openjdk/openjfx/17.nix { }; 12 13 in { 14 - inherit mavenbuild fetchMaven openjfx11 openjfx15 openjfx17; 15 16 compiler = let 17
··· 10 openjfx15 = callPackage ../development/compilers/openjdk/openjfx/15.nix { }; 11 openjfx17 = callPackage ../development/compilers/openjdk/openjfx/17.nix { }; 12 13 + mavenfod = callPackage ../development/java-modules/maven-fod.nix { }; 14 + 15 in { 16 + inherit mavenbuild mavenfod fetchMaven openjfx11 openjfx15 openjfx17; 17 18 compiler = let 19