Keycloak17: use custom file paths instead of single kc.home.dir

The default kc.sh for keycloak17 (quarkus distribution) assumes that everything below kc.home.dir is writable for the uid of the running server. I’d like to separate code from data; with the code not writable. So when starting the server it should be possible to point to a separate tmpdir, datadir, etc where data can be written. Is this possible? The wildfly based installation used to have -Djboss.home.dir, -Djboss.server.base.dir, -Djboss.server.data.dir, -Djboss.server.log.dir, -Djboss.server.temp.dir and -Djboss.server.config.dir that could be used to point to different paths in the filesystem. How can this be achieved using the quarkus based server?

This might be of interest for you: Keycloak Quarkus volatile installation data · Discussion #10323 · keycloak/keycloak · GitHub

Spot on!
My solution so far is to create a “kc.home.dir” consisting of symlinks to the code / data.
Assume keycloak is installed below /path/to/keycloak; during installation time a “kc.sh build” is done to reconfigure /path/ro/keycloak to our needs. Runtime we do something like this:

mkdir /some/place/home; cd /some/place/home
ln -sfn /path/to/keycloak/lib
ln -sfn /path/to/keycloak/providers
ln -sfn /path/to/keycloak/themes
ln -sfn /path/to/writabe/directory/data

And then start keycloak with kc.home.dir=/some/place/home