diff --git a/flake.lock b/flake.lock index 6be4c2c1..3132d583 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1719037157, - "narHash": "sha256-aOKd8+mhBsLQChCu1mn/W5ww79ta5cXVE59aJFrifM8=", + "lastModified": 1719180626, + "narHash": "sha256-vZAzm5KQpR6RGple1dzmSJw5kPivES2heCFM+ZWkt0I=", "owner": "nix-community", "repo": "home-manager", - "rev": "cd886711998fe5d9ff7979fdd4b4cbd17b1f1511", + "rev": "6b1f90a8ff92e81638ae6eb48cd62349c3e387bb", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718895438, - "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=", + "lastModified": 1719075281, + "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3", + "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af", "type": "github" }, "original": { @@ -206,11 +206,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1718478900, - "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", + "lastModified": 1719099622, + "narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c884223af91820615a6146af1ae1fea25c107005", + "rev": "5e8e3b89adbd0be63192f6e645e0a54080004924", "type": "github" }, "original": { @@ -267,11 +267,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1718506969, - "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", + "lastModified": 1719111739, + "narHash": "sha256-kr2QzRrplzlCP87ddayCZQS+dhGW98kw2zy7+jUXtF4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", + "rev": "5e2e9421e9ed2b918be0a441c4535cfa45e04811", "type": "github" }, "original": { diff --git a/outputs.nix b/outputs.nix index 05305381..2070a500 100644 --- a/outputs.nix +++ b/outputs.nix @@ -30,13 +30,16 @@ # see overlays/builders.nix in pkgs.__withSubBuilders; - patchedNixpkgs = pkgs.applyPatches { - name = "nixpkgs"; - src = inputs.nixpkgs; + patchedNixpkgs = let patches = [ ./packages/nixpkgs-keycloak-nullhostname.patch ]; - }; + patchedNixpkgs = pkgs.applyPatches { + name = "nixpkgs"; + src = inputs.nixpkgs; + inherit patches; + }; + in if patches != [] then patchedNixpkgs else pkgs; deploy-rs = let deployLib = inputs.deploy-rs.lib.${system} diff --git a/packages/nixpkgs-keycloak-nullhostname.patch b/packages/nixpkgs-keycloak-nullhostname.patch index 94c281f2..f7c43a70 100644 --- a/packages/nixpkgs-keycloak-nullhostname.patch +++ b/packages/nixpkgs-keycloak-nullhostname.patch @@ -1,14 +1,23 @@ diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix -@@ -480,10 +480,6 @@ in +@@ -328,7 +328,7 @@ in + }; + + hostname = mkOption { +- type = str; ++ type = nullOr str; + example = "keycloak.example.com"; + description = '' + The hostname part of the public URL used as base for +@@ -477,6 +477,10 @@ in assertion = createLocalPostgreSQL -> config.services.postgresql.settings.standard_conforming_strings or true; message = "Setting up a local PostgreSQL db for Keycloak requires `standard_conforming_strings` turned on to work reliably"; } -- { -- assertion = cfg.settings.hostname != null || cfg.settings.hostname-url or null != null; -- message = "Setting the Keycloak hostname is required, see `services.keycloak.settings.hostname`"; -- } ++ { ++ assertion = cfg.settings.hostname != null || ! cfg.settings.hostname-strict or true; ++ message = "Setting the Keycloak hostname is required, see `services.keycloak.settings.hostname`"; ++ } { - assertion = !(cfg.settings.hostname != null && cfg.settings.hostname-url or null != null); - message = "`services.keycloak.settings.hostname` and `services.keycloak.settings.hostname-url` are mutually exclusive"; + assertion = cfg.settings.hostname-url or null == null; + message = ''