pyrox.dev
Merge pull request #162095 from midchildan/fix/keycloak-mysql
nixos/keycloak: fix database provisioning issues
authored by
Kim Lindberger
and committed by
GitHub
b71a8e23
0d651072
+6
-4
nixos/modules/services/web-apps/keycloak.nix
+6
-4
nixos/modules/services/web-apps/keycloak.nix
···
693
693
RemainAfterExit = true;
694
694
User = "postgres";
695
695
Group = "postgres";
696
+
LoadCredential = [ "db_password:${cfg.database.passwordFile}" ];
696
697
};
697
698
script = ''
698
699
set -o errexit -o pipefail -o nounset -o errtrace
···
701
702
create_role="$(mktemp)"
702
703
trap 'rm -f "$create_role"' ERR EXIT
703
704
704
-
echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$(<'${cfg.database.passwordFile}')' CREATEDB" > "$create_role"
705
+
db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
706
+
echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB" > "$create_role"
705
707
psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role"
706
708
psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
707
709
'';
···
717
719
RemainAfterExit = true;
718
720
User = config.services.mysql.user;
719
721
Group = config.services.mysql.group;
722
+
LoadCredential = [ "db_password:${cfg.database.passwordFile}" ];
720
723
};
721
724
script = ''
722
725
set -o errexit -o pipefail -o nounset -o errtrace
723
726
shopt -s inherit_errexit
724
-
725
-
db_password="$(<'${cfg.database.passwordFile}')"
727
+
db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
726
728
( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
727
-
echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
729
+
echo "CREATE DATABASE IF NOT EXISTS keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
728
730
echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';"
729
731
) | mysql -N
730
732
'';