commit 82a382ed09b6ce67bd8b723bddb97a0e9cfdb9f2 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2505.section.md

···

       614
       614
        
       

     

       615
       615
        
       - `services.soft-serve` now restarts upon config change.

     

       616
       616
        
       

     

       617
       617
       +
       - `services.keycloak` now provides a `realmFiles` option that allows to import realms during startup. See https://www.keycloak.org/server/importExport

     

       618
       618
       +
       

     

       617
       619
        
       - `bind.cacheNetworks` now only controls access for recursive queries, where it previously controlled access for all queries.

     

       618
       620
        
       

     

       619
       621
        
       - [`services.mongodb.enableAuth`](#opt-services.mongodb.enableAuth) now uses the newer [mongosh](https://github.com/mongodb-js/mongosh) shell instead of the legacy shell to configure the initial superuser. You can configure the mongosh package to use through the [`services.mongodb.mongoshPackage`](#opt-services.mongodb.mongoshPackage) option.

+39 -1

nixos/modules/services/web-apps/keycloak.nix

···

       90
       90
        
               enum

     

       91
       91
        
               package

     

       92
       92
        
               port

     

       93
       93
       +
               listOf

     

       93
       94
        
               ;

     

       94
       95
        
       

     

       95
       96
        
             assertStringPath =

     
···

       285
       286
        
                 different theme types: for example, `account`,

     

       286
       287
        
                 `login` etc. After adding a theme to this option you

     

       287
       288
        
                 can select it by its name in Keycloak administration console.

     

       289
       289
       +
               '';

     

       290
       290
       +
             };

     

       291
       291
       +
       

     

       292
       292
       +
             realmFiles = mkOption {

     

       293
       293
       +
               type = listOf path;

     

       294
       294
       +
               example = lib.literalExpression ''

     

       295
       295
       +
                 [

     

       296
       296
       +
                   ./some/realm.json

     

       297
       297
       +
                   ./another/realm.json

     

       298
       298
       +
                 ]

     

       299
       299
       +
               '';

     

       300
       300
       +
               default = [ ];

     

       301
       301
       +
               description = ''

     

       302
       302
       +
                 Realm files that the server is going to import during startup.

     

       303
       303
       +
                 If a realm already exists in the server, the import operation is

     

       304
       304
       +
                 skipped. Importing the master realm is not supported. All files are

     

       305
       305
       +
                 expected to be in `json` format. See the

     

       306
       306
       +
                 [documentation](https://www.keycloak.org/server/importExport) for

     

       307
       307
       +
                 further information.

     

       288
       308
        
               '';

     

       289
       309
        
             };

     

       290
       310
        
       

     
···

       644
       664
        
               '';

     

       645
       665
        
             };

     

       646
       666
        
       

     

       667
       667
       +
             systemd.tmpfiles.settings."10-keycloak" =

     

       668
       668
       +
               let

     

       669
       669
       +
                 mkTarget =

     

       670
       670
       +
                   file:

     

       671
       671
       +
                   let

     

       672
       672
       +
                     baseName = builtins.baseNameOf file;

     

       673
       673
       +
                     name = if lib.hasSuffix ".json" baseName then baseName else "${baseName}.json";

     

       674
       674
       +
                   in

     

       675
       675
       +
                   "/run/keycloak/data/import/${name}";

     

       676
       676
       +
                 settingsList = map (f: {

     

       677
       677
       +
                   name = mkTarget f;

     

       678
       678
       +
                   value = {

     

       679
       679
       +
                     "L+".argument = "${f}";

     

       680
       680
       +
                   };

     

       681
       681
       +
                 }) cfg.realmFiles;

     

       682
       682
       +
               in

     

       683
       683
       +
               builtins.listToAttrs settingsList;

     

       684
       684
       +
       

     

       647
       685
        
             systemd.services.keycloak =

     

       648
       686
        
               let

     

       649
       687
        
                 databaseServices =

     
···

       725
       763
        
                     cp $CREDENTIALS_DIRECTORY/ssl_{cert,key} /run/keycloak/ssl/

     

       726
       764
        
                   ''

     

       727
       765
        
                   + ''

     

       728
       728
       -
                     kc.sh --verbose start --optimized

     

       766
       766
       +
                     kc.sh --verbose start --optimized ${lib.optionalString (cfg.realmFiles != [ ]) "--import-realm"}

     

       729
       767
        
                   '';

     

       730
       768
        
               };

     

       731
       769