diff options
author | talyz <kim.lindberger@gmail.com> | 2021-05-04 13:45:28 +0200 |
---|---|---|
committer | Milan <milan@petabyte.dev> | 2021-05-04 19:27:08 +0200 |
commit | fdf6bb5b958f3d55804ffbd6b7d017c417281640 (patch) | |
tree | 09aaef318eb4fbb30038f824ebe073a794be938d /nixos/modules/services/web-apps | |
parent | f65f1a404744a603cb0615cca1f31d2382cb237c (diff) | |
download | nixpkgs-fdf6bb5b958f3d55804ffbd6b7d017c417281640.tar nixpkgs-fdf6bb5b958f3d55804ffbd6b7d017c417281640.tar.gz nixpkgs-fdf6bb5b958f3d55804ffbd6b7d017c417281640.tar.bz2 nixpkgs-fdf6bb5b958f3d55804ffbd6b7d017c417281640.tar.lz nixpkgs-fdf6bb5b958f3d55804ffbd6b7d017c417281640.tar.xz nixpkgs-fdf6bb5b958f3d55804ffbd6b7d017c417281640.tar.zst nixpkgs-fdf6bb5b958f3d55804ffbd6b7d017c417281640.zip |
Revert "nixos/keycloak: use db username in db init scripts"
This reverts commit d9e18f4e7f77fffde95384d36cc8ac5d1d51b356. This change is broken, since it doesn't configure the proper database username in keycloak when provisioning a local database with a custom username. Its intended behavior is also potentially confusing and dangerous, so rather than fixing it, let's revert to the old one.
Diffstat (limited to 'nixos/modules/services/web-apps')
-rw-r--r-- | nixos/modules/services/web-apps/keycloak.nix | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index b6e87c89e0a..a93e9327933 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -168,10 +168,9 @@ in type = lib.types.str; default = "keycloak"; description = '' - Username to use when connecting to the database. - This is also used for automatic provisioning of the database. - Changing this after the initial installation doesn't delete the - old user and can cause further problems. + Username to use when connecting to an external or manually + provisioned database; has no effect when a local database is + automatically provisioned. ''; }; @@ -588,8 +587,8 @@ in PSQL=${config.services.postgresql.package}/bin/psql db_password="$(<'${cfg.databasePasswordFile}')" - $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${cfg.databaseUsername}'" | grep -q 1 || $PSQL -tAc "CREATE ROLE ${cfg.databaseUsername} WITH LOGIN PASSWORD '$db_password' CREATEDB" - $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "${cfg.databaseUsername}"' + $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || $PSQL -tAc "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB" + $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"' ''; }; @@ -607,9 +606,9 @@ in set -eu db_password="$(<'${cfg.databasePasswordFile}')" - ( echo "CREATE USER IF NOT EXISTS '${cfg.databaseUsername}'@'localhost' IDENTIFIED BY '$db_password';" + ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';" echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;" - echo "GRANT ALL PRIVILEGES ON keycloak.* TO '${cfg.databaseUsername}'@'localhost';" + echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';" ) | ${config.services.mysql.package}/bin/mysql -N ''; }; |