NixOS Wiki

Keycloak: Difference between revisions

← Older edit
VisualWikitext
Onny (talk | contribs)
262 edits
Add simple setup instruction
m Reword note about 25.05
 
(7 intermediate revisions by 2 users not shown)
Line 4: Line 4:


== Setup ==
== Setup ==
Following configuration will enable a minimal Keycloak instance for testing purpose<syntaxhighlight lang="nix">
Following configuration will enable a minimal and insecure Keycloak instance for '''testing purpose'''.<syntaxhighlight lang="nix">
environment.etc."keycloak-database-pass".text = "PWD";
environment.etc."keycloak-database-pass".text = "PWD";
services.keycloak = {
services.keycloak = {
Line 11: Line 11:
     hostname = "localhost";
     hostname = "localhost";
     http-enabled = true;
     http-enabled = true;
    hostname-strict-https = false;
   };
   };
   database.passwordFile = "/etc/keycloak-database-pass";
   database.passwordFile = "/etc/keycloak-database-pass";
};
};
</syntaxhighlight>
</syntaxhighlight>After applying the configuration the Keycloak management interface will be available at http://localhost. Login with username <code>admin</code> and password <code>changeme</code>.


== Troubleshooting ==
== Configuration ==


=== Installing on system without X11 ===
=== Importing realms ===
{{Note|This module requires NixOS 25.05}}Using the realmFiles option, it is possible provision a realm from a JSON file or previous JSON export.<syntaxhighlight lang="nix">
{ ... }: let


If, when you perform:
  realm = {
    realm = "OIDCDemo";
    enabled = true;
    clients = [{
      clientId = "mydemo";
      rootUrl = "http://localhost:8080";
    }];
    users = [{
      enabled = true;
      firstName = "Christian";
      lastName = "Bauer";
      username = "cbauer";
      email = "cbauer@localhost";
      credentials = [{
        type = "password";
        temporary = false;
        value = "changeme";
      }];
    }];
  };


<syntaxhighlight lang="bash">
in {
nixos-rebuild switch
</syntaxhighlight>


... you encounter errors like:
  services.keycloak = {
    realmFiles = [
      (pkgs.writeText "OIDCDemo.json" (builtins.toJSON realm))
    ];
  };


<syntaxhighlight lang="bash">
}
building Nix...
 
...
 
checking for CAIRO_BACKEND... no
configure: error: Package requirements (cairo-xlib >= 1.6) were not met:
 
No package 'cairo-xlib' found
 
...
 
error: build of '/nix/store/vfz...2a0-nixos-system-nixos-21.11pre322478.e4ef597edfd.drv' failed
</syntaxhighlight>
</syntaxhighlight>
... it would be because the package expects X11 to be installed. The [https://nixos.org/manual/nixos/unstable/options.html#opt-environment.noXlibs environment.noXlibs] NixOS option will specify to not require the X11 libraries:
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{ config, pkgs, ... }:
{
  environment.noXlibs = false;
}
</nowiki>}}
== Tips and tricks ==
== Tips and tricks ==


Retrieved from "https://wiki.nixos.org/wiki/Keycloak"