alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge pull request #162095 from midchildan/fix/keycloak-mysql

Browse source 
nixos/keycloak: fix database provisioning issues
This commit is contained in:
Kim Lindberger 2022-03-07 20:13:01 +01:00 committed by GitHub
parent 0d651072c3 0334498c74
commit b71a8e2383
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
nixos/modules/services/web-apps/keycloak.nix
View file

@ -693,6 +693,7 @@ in
RemainAfterExit = true; RemainAfterExit = true;
User = "postgres"; User = "postgres";
Group = "postgres"; Group = "postgres";
LoadCredential = [ "db_password:${cfg.database.passwordFile}" ];
}; };
script = '' script = ''
set -o errexit -o pipefail -o nounset -o errtrace set -o errexit -o pipefail -o nounset -o errtrace
@ -701,7 +702,8 @@ in
create_role="$(mktemp)" create_role="$(mktemp)"
trap 'rm -f "$create_role"' ERR EXIT trap 'rm -f "$create_role"' ERR EXIT
echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$(<'${cfg.database.passwordFile}')' CREATEDB" > "$create_role" db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB" > "$create_role"
psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role" psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role"
psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"' psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
''; '';
@ -717,14 +719,14 @@ in
RemainAfterExit = true; RemainAfterExit = true;
User = config.services.mysql.user; User = config.services.mysql.user;
Group = config.services.mysql.group; Group = config.services.mysql.group;
LoadCredential = [ "db_password:${cfg.database.passwordFile}" ];
}; };
script = '' script = ''
set -o errexit -o pipefail -o nounset -o errtrace set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit shopt -s inherit_errexit
db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
db_password="$(<'${cfg.database.passwordFile}')"
( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';" ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;" echo "CREATE DATABASE IF NOT EXISTS keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';" echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';"
) | mysql -N ) | mysql -N
''; '';

2
nixos/tests/keycloak.nix
View file

@ -40,7 +40,7 @@ let
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
xmlstarlet xmlstarlet
libtidy html-tidy
jq jq
]; ];
}; };