packages/keycloak: init at 24.0.4

2024-05-17 14:03:01 +02:00 · 2024-05-17 14:03:01 +02:00 · a7cc61d97e
commit a7cc61d97e
parent 58394ea184
9 changed files with 267 additions and 1 deletions
--- a/packages/patched-derivations.nix
+++ b/packages/patched-derivations.nix
@ -38,7 +38,7 @@ super: rec {
  kanidm = patch super.kanidm "patches/base/kanidm";
-  keycloak = super.keycloak.override {
+  keycloak = super.callPackage ./security/keycloak {
    jre = jre17_standard;
  };
--- a/packages/security/keycloak/all-plugins.nix
+++ b/packages/security/keycloak/all-plugins.nix
@ -0,0 +1,9 @@
 { callPackage }:
 {
  scim-for-keycloak = callPackage ./scim-for-keycloak {};
  scim-keycloak-user-storage-spi = callPackage ./scim-keycloak-user-storage-spi {};
  keycloak-discord = callPackage ./keycloak-discord {};
  keycloak-metrics-spi = callPackage ./keycloak-metrics-spi {};
  keycloak-restrict-client-auth = callPackage ./keycloak-restrict-client-auth {};
 }
--- a/packages/security/keycloak/config_vars.patch
+++ b/packages/security/keycloak/config_vars.patch
@ -0,0 +1,15 @@
 diff --git a/quarkus/dist/src/main/content/bin/kc.sh b/quarkus/dist/src/main/content/bin/kc.sh
 index d7be862cde..16f9aa78e0 100644
 --- a/bin/kc.sh
 +++ b/bin/kc.sh
@@ -32,8 +32,8 @@ abs_path () {
   fi
 }
 -SERVER_OPTS="-Dkc.home.dir='$(abs_path '..')'"
 -SERVER_OPTS="$SERVER_OPTS -Djboss.server.config.dir='$(abs_path '../conf')'"
 +SERVER_OPTS="-Dkc.home.dir=$KC_HOME_DIR"
 +SERVER_OPTS="$SERVER_OPTS -Djboss.server.config.dir=$KC_CONF_DIR"
 SERVER_OPTS="$SERVER_OPTS -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
 SERVER_OPTS="$SERVER_OPTS -Dquarkus-log-max-startup-records=10000"
 CLASSPATH_OPTS="'$(abs_path "../lib/quarkus-run.jar"):$(abs_path "../lib/bootstrap/*")'"
--- a/packages/security/keycloak/default.nix
+++ b/packages/security/keycloak/default.nix
@ -0,0 +1,90 @@
 { stdenv
 , lib
 , fetchzip
 , makeWrapper
 , jre
 , nixosTests
 , callPackage
 , confFile ? null
 , plugins ? [ ]
 , extraFeatures ? [ ]
 , disabledFeatures ? [ ]
 }:
 let
  featuresSubcommand = ''
    ${lib.optionalString (extraFeatures != [ ]) "--features=${lib.concatStringsSep "," extraFeatures}"} \
    ${lib.optionalString (disabledFeatures != [ ]) "--features-disabled=${lib.concatStringsSep "," disabledFeatures}"}
  '';
 in stdenv.mkDerivation rec {
  pname = "keycloak";
  version = "24.0.3";
  src = fetchzip {
    url = "https://github.com/keycloak/keycloak/releases/download/${version}/keycloak-${version}.zip";
    hash = "sha256-VlCAUAa3e8ho8s1pA935B+bz4mvziDtayu0GB9yOTI4=";
  };
  nativeBuildInputs = [ makeWrapper jre ];
  patches = [
    # Make home.dir and config.dir configurable through the
    # KC_HOME_DIR and KC_CONF_DIR environment variables.
    ./config_vars.patch
  ];
  buildPhase = ''
    runHook preBuild
  '' + lib.optionalString (confFile != null) ''
    install -m 0600 ${confFile} conf/keycloak.conf
  '' + ''
    install_plugin() {
      if [ -d "$1" ]; then
        find "$1" -type f \( -iname \*.ear -o -iname \*.jar \) -exec install -m 0500 "{}" "providers/" \;
      else
        install -m 0500 "$1" "providers/"
      fi
    }
    ${lib.concatMapStringsSep "\n" (pl: "install_plugin ${lib.escapeShellArg pl}") plugins}
  '' + ''
    patchShebangs bin/kc.sh
    export KC_HOME_DIR=$(pwd)
    export KC_CONF_DIR=$(pwd)/conf
    bin/kc.sh build ${featuresSubcommand}
    runHook postBuild
  '';
  installPhase = ''
    runHook preInstall
    mkdir $out
    cp -r * $out
    rm $out/bin/*.{ps1,bat}
    runHook postInstall
  '';
  postFixup = ''
    for script in $(find $out/bin -type f -executable); do
      wrapProgram "$script" --set JAVA_HOME ${jre} --prefix PATH : ${jre}/bin
    done
  '';
  passthru = {
    tests = nixosTests.keycloak;
    plugins = callPackage ./all-plugins.nix { };
    enabledPlugins = plugins;
  };
  meta = with lib; {
    homepage = "https://www.keycloak.org/";
    description = "Identity and access management for modern applications and services";
    sourceProvenance = with sourceTypes; [ binaryBytecode ];
    license = licenses.asl20;
    platforms = jre.meta.platforms;
    maintainers = with maintainers; [ ngerstle talyz nickcao ];
  };
 }
--- a/packages/security/keycloak/keycloak-discord/default.nix
+++ b/packages/security/keycloak/keycloak-discord/default.nix
@ -0,0 +1,31 @@
 { stdenv
 , lib
 , fetchurl
 }:
 stdenv.mkDerivation rec {
  pname = "keycloak-discord";
  version = "0.5.0";
  src = fetchurl {
    url = "https://github.com/wadahiro/keycloak-discord/releases/download/v${version}/keycloak-discord-${version}.jar";
    hash = "sha256-radvUu2a6t0lbo5f/ADqy7+I/ONXB7/8pk2d1BtYzQA=";
  };
  dontUnpack = true;
  dontBuild = true;
  installPhase = ''
    runHook preInstall
    install -Dm444 "$src" "$out/keycloak-discord-$version.jar"
    runHook postInstall
  '';
  meta = with lib; {
    homepage = "https://github.com/wadahiro/keycloak-discord";
    description = "Keycloak Social Login extension for Discord";
    license = licenses.asl20;
    maintainers = with maintainers; [ mkg20001 ];
    sourceProvenance = with sourceTypes; [ binaryBytecode ];
  };
 }
--- a/packages/security/keycloak/keycloak-metrics-spi/default.nix
+++ b/packages/security/keycloak/keycloak-metrics-spi/default.nix
@ -0,0 +1,28 @@
 { maven, lib, fetchFromGitHub }:
 maven.buildMavenPackage rec {
  pname = "keycloak-metrics-spi";
  version = "5.0.0";
  src = fetchFromGitHub {
    owner = "aerogear";
    repo = pname;
    rev = "refs/tags/${version}";
    hash = "sha256-iagXbsKsU4vNP9eg05bwXEo67iij3N2FF0BW50MjRGE=";
  };
  mvnHash = "sha256-+ySBrQ9yQ5ZxuVUh/mnHNEmugru3n8x5VR/RYEDCLAo=";
  installPhase = ''
    runHook preInstall
    install -Dm444 -t "$out" target/keycloak-metrics-spi-*.jar
    runHook postInstall
  '';
  meta = with lib; {
    homepage = "https://github.com/aerogear/keycloak-metrics-spi";
    description = "Keycloak Service Provider that adds a metrics endpoint";
    license = licenses.asl20;
    maintainers = with maintainers; [ benley ];
  };
 }
--- a/packages/security/keycloak/keycloak-restrict-client-auth/default.nix
+++ b/packages/security/keycloak/keycloak-restrict-client-auth/default.nix
@ -0,0 +1,28 @@
 { maven, lib, fetchFromGitHub }:
 maven.buildMavenPackage rec {
  pname = "keycloak-restrict-client-auth";
  version = "24.0.0";
  src = fetchFromGitHub {
    owner = "sventorben";
    repo = "keycloak-restrict-client-auth";
    rev = "v${version}";
    hash = "sha256-Pk0tj8cTHSBwVIzINE7GLA5b/eI97wuOTvO7UoXBStM=";
  };
  mvnHash = "sha256-Pk2yYuBqGs4k1KwaU06RQe1LpohZu0VI1pHEUBU3EUE=";
  installPhase = ''
    runHook preInstall
    install -Dm444 -t "$out" target/keycloak-restrict-client-auth.jar
    runHook postInstall
  '';
  meta = with lib; {
    homepage = "https://github.com/sventorben/keycloak-restrict-client-auth";
    description = "A Keycloak authenticator to restrict authorization on clients";
    license = licenses.mit;
    maintainers = with maintainers; [ leona ];
  };
 }
--- a/packages/security/keycloak/scim-for-keycloak/default.nix
+++ b/packages/security/keycloak/scim-for-keycloak/default.nix
@ -0,0 +1,33 @@
 { lib
 , fetchFromGitHub
 , maven
 }:
 maven.buildMavenPackage rec {
  pname = "scim-for-keycloak";
  version = "kc-20-b1"; # When updating also update mvnHash
  src = fetchFromGitHub {
    owner = "Captain-P-Goldfish";
    repo = "scim-for-keycloak";
    rev = version;
    hash = "sha256-kHjCVkcD8C0tIaMExDlyQmcWMhypisR1nyG93laB8WU=";
  };
  mvnHash = "sha256-cOuJSU57OuP+U7lI+pDD7g9HPIfZAoDPYLf+eO+XuF4=";
  installPhase = ''
    install -D "scim-for-keycloak-server/target/scim-for-keycloak-${version}.jar" "$out/scim-for-keycloak-${version}.jar"
  '';
  meta = with lib; {
    homepage = "https://github.com/Captain-P-Goldfish/scim-for-keycloak";
    description = "A third party module that extends Keycloak with SCIM functionality";
    sourceProvenance = with sourceTypes; [
      fromSource
      binaryBytecode  # dependencies
    ];
    license = licenses.bsd3;
    maintainers = with maintainers; [ mkg20001 ];
  };
 }
--- a/packages/security/keycloak/scim-keycloak-user-storage-spi/default.nix
+++ b/packages/security/keycloak/scim-keycloak-user-storage-spi/default.nix
@ -0,0 +1,32 @@
 { lib
 , fetchFromGitHub
 , maven
 }:
 maven.buildMavenPackage {
  pname = "scim-keycloak-user-storage-spi";
  version = "unstable-2024-02-14";
  src = fetchFromGitHub {
    owner = "justin-stephenson";
    repo = "scim-keycloak-user-storage-spi";
    rev = "6c59915836d9a559983326bbb87f895324bb75e4";
    hash = "sha256-BSso9lU542Aroxu0RIX6NARc10lGZ04A/WIWOVtdxHw=";
  };
  mvnHash = "sha256-xbGlVZl3YtbF372kCDh+UdK5pLe6C6WnGgbEXahlyLw=";
  installPhase = ''
    install -D "target/scim-user-spi-0.0.1-SNAPSHOT.jar" "$out/scim-user-spi-0.0.1-SNAPSHOT.jar"
  '';
  meta = with lib; {
    homepage = "https://github.com/justin-stephenson/scim-keycloak-user-storage-spi";
    description = "A third party module that extends Keycloak, allow for user storage in an external scimv2 server";
    sourceProvenance = with sourceTypes; [
      fromSource
    ];
    license = licenses.mit;
    maintainers = with maintainers; [ s1341 ];
  };
 }