feat: add group configuration (+)

will only check users of such group

also cleaned some code:
- Input doesn't need to be UTF-8 valid.
- Main fuction is dead-simple, very readable.
- Added some modularity.
- Add some docs on behavior details.
This commit is contained in:
2026-05-09 19:40:00 +02:00
parent d2a2baebc8
commit 0f736b1fc4
11 changed files with 224 additions and 81 deletions
+10 -4
View File
@@ -94,9 +94,14 @@ in
};
};
users.users.admin = {
password = config.services.keycloak.initialAdminPassword;
isNormalUser = true;
users = {
users.admin = {
password = config.services.keycloak.initialAdminPassword;
isNormalUser = true;
extraGroups = [ "keycloak-login" ];
};
groups.keycloak-login = { };
};
services.keycloak = {
@@ -141,7 +146,8 @@ in
"base_url": "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}",
"default_realm": "master",
"client_id": "account",
"client_secret": "7bsrMrRuNKpqsxcOOJavWjEqek12ZCkj"
"client_secret": "7bsrMrRuNKpqsxcOOJavWjEqek12ZCkj",
"unix_group": "keycloak-login"
}
'';
};