commit b71a8e2383f4f7beea239ce647c12a43f0228067

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #162095 from midchildan/fix/keycloak-mysql

nixos/keycloak: fix database provisioning issues

authored by

Kim Lindberger and committed by

GitHub 4 years ago b71a8e23 0d651072

+7 -5

2 changed files

expand all

unified split

nixos

modules

services

web-apps

keycloak.nix

tests

keycloak.nix

+6 -4

nixos/modules/services/web-apps/keycloak.nix

··· 693 RemainAfterExit = true; 694 User = "postgres"; 695 Group = "postgres"; 696 }; 697 script = '' 698 set -o errexit -o pipefail -o nounset -o errtrace ··· 701 create_role="$(mktemp)" 702 trap 'rm -f "$create_role"' ERR EXIT 703 704 - echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$(<'${cfg.database.passwordFile}')' CREATEDB" > "$create_role" 705 psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role" 706 psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"' 707 ''; ··· 717 RemainAfterExit = true; 718 User = config.services.mysql.user; 719 Group = config.services.mysql.group; 720 }; 721 script = '' 722 set -o errexit -o pipefail -o nounset -o errtrace 723 shopt -s inherit_errexit 724 - 725 - db_password="$(<'${cfg.database.passwordFile}')" 726 ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';" 727 - echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;" 728 echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';" 729 ) | mysql -N 730 '';

··· 693 RemainAfterExit = true; 694 User = "postgres"; 695 Group = "postgres"; 696 + LoadCredential = [ "db_password:${cfg.database.passwordFile}" ]; 697 }; 698 script = '' 699 set -o errexit -o pipefail -o nounset -o errtrace ··· 702 create_role="$(mktemp)" 703 trap 'rm -f "$create_role"' ERR EXIT 704 705 + db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")" 706 + echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB" > "$create_role" 707 psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role" 708 psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"' 709 ''; ··· 719 RemainAfterExit = true; 720 User = config.services.mysql.user; 721 Group = config.services.mysql.group; 722 + LoadCredential = [ "db_password:${cfg.database.passwordFile}" ]; 723 }; 724 script = '' 725 set -o errexit -o pipefail -o nounset -o errtrace 726 shopt -s inherit_errexit 727 + db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")" 728 ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';" 729 + echo "CREATE DATABASE IF NOT EXISTS keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;" 730 echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';" 731 ) | mysql -N 732 '';

+1 -1

nixos/tests/keycloak.nix

··· 40 41 environment.systemPackages = with pkgs; [ 42 xmlstarlet 43 - libtidy 44 jq 45 ]; 46 };

··· 40 41 environment.systemPackages = with pkgs; [ 42 xmlstarlet 43 + html-tidy 44 jq 45 ]; 46 };