Keycloak: Difference between revisions
imported>Nix m Fix category |
imported>Edelagnier add guide to create a theme |
||
Line 99: | Line 99: | ||
} | } | ||
</nowiki>}} | |||
== Keycloak themes on NixOS == | |||
You need to create a package for your custom theme and configure the keycloak service to use it | |||
Here is a what a basic theme will look like : | |||
- configuration.nix | |||
- keycloak | |||
- custom_theme | |||
- login | |||
- resources | |||
- css | |||
- custom.css | |||
- theme.properties | |||
- default.nix <- set of packages to be imported in your configuration.nix | |||
- keycloak_custom_theme.nix <- package for your theme | |||
=== Create a theme === | |||
{{file|custom.css|css|<nowiki> | |||
body { | |||
background: red; | |||
color: blue; | |||
} | |||
</nowiki>}} | |||
{{file|theme.properties|bash|<nowiki> | |||
parent=base | |||
import=common/keycloak | |||
styles=css/custom.css | |||
</nowiki>}} | |||
=== Create a package === | |||
{{file|keycloak_custom_theme.nix|nix|<nowiki> | |||
{ stdenv }: | |||
stdenv.mkDerivation rec { | |||
name = "keycloak_custom_theme"; | |||
version = "1.0"; | |||
src = ./keycloak_custom_theme; | |||
nativeBuildInputs = [ ]; | |||
buildInputs = [ ]; | |||
installPhase = '' | |||
mkdir -p $out | |||
cp -a login $out | |||
''; | |||
} | |||
</nowiki>}} | |||
=== Create a packages set === | |||
{{file|default.nix|nix|<nowiki> | |||
{pkgs, ...}: let | |||
callPackage = pkgs.callPackage; | |||
in { | |||
nixpkgs.overlays = [(final: prev: { | |||
custom_keycloak_themes = { | |||
custom = callPackage ./keycloak_custom_theme.nix {}; | |||
}; | |||
})]; | |||
} | |||
</nowiki>}} | |||
=== Configure your keycloak service === | |||
{{file|configuration.nix|nix|<nowiki> | |||
{ config, pkgs, lib, ... }: | |||
{ | |||
imports = | |||
[ # Include the results of the hardware scan. | |||
./hardware-configuration.nix | |||
./keycloak | |||
]; | |||
... | |||
environment.systemPackages = with pkgs; [ | |||
... | |||
# authentication requires | |||
keycloak | |||
custom_keycloak_themes.agatha | |||
]; | |||
... | |||
services.keycloak = { | |||
enable = true; | |||
themes = with pkgs ; { | |||
custom = custom_keycloak_themes.custom; | |||
}; | |||
... | |||
} | |||
</nowiki>}} | </nowiki>}} | ||
[[Category: Applications]] | [[Category: Applications]] |
Revision as of 09:17, 29 March 2024
Keycloak (Wikipedia) is identity and access management software, and can serve as an authentication server for applications (providing support for OpenID Connect, OAuth 2.0, and SAML.)
Keycloak is...
- covered in the NixOS manual
- packaged for Nix
- available as a NixOS service
- written in Java
- maintained by Red Hat
Troubleshooting
Installing on system without X11
If, when you perform:
nixos-rebuild switch
... you encounter errors like:
building Nix...
...
checking for CAIRO_BACKEND... no
configure: error: Package requirements (cairo-xlib >= 1.6) were not met:
No package 'cairo-xlib' found
...
error: build of '/nix/store/vfz...2a0-nixos-system-nixos-21.11pre322478.e4ef597edfd.drv' failed
... it would be because the package expects X11 to be installed. The environment.noXlibs NixOS option will specify to not require the X11 libraries:
/etc/nixos/configuration.nix
{ config, pkgs, ... }:
{
environment.noXlibs = false;
}
Installation in subdirectory
Keycloak may be installed in a subdirectory of a domain. Thus you don't need to configure and expose a subdomain. For example with the following configuration, remember to edit domain.tld
, reflecting your used domain.
/etc/nixos/configuration.nix
{
services.nginx = {
enable = true;
# enable recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"domain.tld" = {
forceSSL = true;
enableACME = true;
locations = {
"/cloak/" = {
proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/cloak/";
};
};
};
};
};
services.postgresql.enable = true;
services.keycloak = {
enable = true;
database = {
type = "postgresql";
createLocally = true;
username = "keycloak";
passwordFile = "/etc/nixos/secrets/keycloak_psql_pass";
};
settings = {
hostname = "domain.tld";
http-relative-path = "/cloak";
http-port = 38080;
proxy = "passthrough";
http-enabled = true;
};
};
}
Keycloak themes on NixOS
You need to create a package for your custom theme and configure the keycloak service to use it
Here is a what a basic theme will look like :
- configuration.nix - keycloak - custom_theme - login - resources - css - custom.css - theme.properties - default.nix <- set of packages to be imported in your configuration.nix - keycloak_custom_theme.nix <- package for your theme
Create a theme
custom.css
body {
background: red;
color: blue;
}
theme.properties
parent=base
import=common/keycloak
styles=css/custom.css
Create a package
keycloak_custom_theme.nix
{ stdenv }:
stdenv.mkDerivation rec {
name = "keycloak_custom_theme";
version = "1.0";
src = ./keycloak_custom_theme;
nativeBuildInputs = [ ];
buildInputs = [ ];
installPhase = ''
mkdir -p $out
cp -a login $out
'';
}
Create a packages set
default.nix
{pkgs, ...}: let
callPackage = pkgs.callPackage;
in {
nixpkgs.overlays = [(final: prev: {
custom_keycloak_themes = {
custom = callPackage ./keycloak_custom_theme.nix {};
};
})];
}
Configure your keycloak service
configuration.nix
{ config, pkgs, lib, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./keycloak
];
...
environment.systemPackages = with pkgs; [
...
# authentication requires
keycloak
custom_keycloak_themes.agatha
];
...
services.keycloak = {
enable = true;
themes = with pkgs ; {
custom = custom_keycloak_themes.custom;
};
...
}