diff options
Diffstat (limited to 'nixos/modules/services/web-apps/keycloak.nix')
-rw-r--r-- | nixos/modules/services/web-apps/keycloak.nix | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index b6e87c89e0a..5b578cd8c4a 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -168,10 +168,15 @@ in type = lib.types.str; default = "keycloak"; description = '' - Username to use when connecting to the database. - This is also used for automatic provisioning of the database. - Changing this after the initial installation doesn't delete the - old user and can cause further problems. + Username to use when connecting to an external or manually + provisioned database; has no effect when a local database is + automatically provisioned. + + To use this with a local database, set <xref + linkend="opt-services.keycloak.databaseCreateLocally" /> to + <literal>false</literal> and create the database and user + manually. The database should be called + <literal>keycloak</literal>. ''; }; @@ -588,8 +593,8 @@ in PSQL=${config.services.postgresql.package}/bin/psql db_password="$(<'${cfg.databasePasswordFile}')" - $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${cfg.databaseUsername}'" | grep -q 1 || $PSQL -tAc "CREATE ROLE ${cfg.databaseUsername} WITH LOGIN PASSWORD '$db_password' CREATEDB" - $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "${cfg.databaseUsername}"' + $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || $PSQL -tAc "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB" + $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"' ''; }; @@ -607,9 +612,9 @@ in set -eu db_password="$(<'${cfg.databasePasswordFile}')" - ( echo "CREATE USER IF NOT EXISTS '${cfg.databaseUsername}'@'localhost' IDENTIFIED BY '$db_password';" + ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';" echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;" - echo "GRANT ALL PRIVILEGES ON keycloak.* TO '${cfg.databaseUsername}'@'localhost';" + echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';" ) | ${config.services.mysql.package}/bin/mysql -N ''; }; |