use keys attrs for dependencies in keycloak service

2022-12-03 22:35:20 -08:00 · 2022-12-03 22:35:20 -08:00 · 2b332886c4
commit 2b332886c4
parent 453899c46a
4 changed files with 16 additions and 13 deletions
--- a/keycloak-cli-config/mkunit.nix
+++ b/keycloak-cli-config/mkunit.nix
@ -9,6 +9,7 @@
 , keycloakAvailabilityTimeout ? "120s"
 , keycloakUrl
 , keycloakUser
+, keys

 , dependsOn ? {}
 }:
@ -21,7 +22,8 @@
    inherit keycloakServiceName;
    inherit keycloakSecretsDir
      keycloakAvailabilityTimeout
-      keycloakUrl keycloakUser;
+      keycloakUrl keycloakUser
+      keys;
  };

  inherit dependsOn;
--- a/keycloak-cli-config/unit.nix
+++ b/keycloak-cli-config/unit.nix
@ -11,6 +11,7 @@
 , keycloakAvailabilityTimeout ? "120s"
 , keycloakUrl
 , keycloakUser
+, keys
 , debug ? false
 }:
 {...}:
@ -40,10 +41,6 @@ let
    "LOGGING_LEVEL_KEYCLOAKCONFIGCLI=debug"
  ]));

-  envfiles = lib.concatMapStrings (x: "\nEnvironmentFile=" + x) ([
-    "/run/keys/keycloakusers"
-  ]);
-
  keycloak-cli-config = pkgs.stdenv.mkDerivation rec {
    pname = "keycloak-cli-config";
    version = "5.3.1";
@ -74,12 +71,15 @@ utils.systemd.mkService rec {
  Description=Keycloak Realm Config
  After=${keycloakServiceName}
  Wants=${keycloakServiceName}
+  After=${utils.keyServiceDependencies keys}
+  Wants=${utils.keyServiceDependencies keys}

  [Service]
  User=keycloakcli
  Group=keycloakcli

-  Type=oneshot${envs}${envfiles}
+  ${utils.keyEnvironmentFile keys.userpasswords}
+  Type=oneshot${envs}
  ExecStart=${pkgs.jre}/bin/java -jar ${keycloak-cli-config}/bin/keycloak-cli-config.jar

  RuntimeDirectory=keycloak-cli-config
--- a/keycloak/mkunit.nix
+++ b/keycloak/mkunit.nix
@ -5,10 +5,9 @@
 , configFile
 , user
 , group
-, dbPasswordFile
 , postgresServiceName
 , initialAdminUsername ? "admin"
-, initialAdminFile ? null
+, keys

 , dependsOn ? {}
 }:
@ -20,7 +19,7 @@
  pkg = KeycloakService {
    inherit configDir configFile;
    inherit user group;
-    inherit dbPasswordFile initialAdminUsername initialAdminFile;
+    inherit keys initialAdminUsername;
    inherit postgresServiceName;
  };

--- a/keycloak/unit.nix
+++ b/keycloak/unit.nix
@ -8,10 +8,9 @@
 , user ? "keycloak"
 , group ? "keycloak"
 , dbType ? "postgres"
-, dbPasswordFile
 , postgresServiceName
 , initialAdminUsername ? null
-, initialAdminFile ? null
+, keys
 }:
 { ... }:

@ -26,6 +25,7 @@ let
  };
 in

+with lib.attrsets;
 utils.systemd.mkService rec {
  name = "keycloak";

@ -34,14 +34,16 @@ utils.systemd.mkService rec {
  Description=Keycloak server
  After=network-online.target
  Wants=network-online.target systemd-networkd-wait-online.service ${postgresServiceName}
+  After=${utils.keyServiceDependencies keys}
+  Wants=${utils.keyServiceDependencies keys}
  
  [Service]
  User=${user}
  Group=${group}
  
-  EnvironmentFile=${dbPasswordFile}
+  ${utils.keyEnvironmentFile keys.dbPassword}
  ${if initialAdminUsername != null then "Environment=KEYCLOAK_ADMIN="+initialAdminUsername else ""}
-  ${if initialAdminFile != null then "EnvironmentFile="+initialAdminFile else ""}
+  ${if hasAttr "initialAdminPassword" keys then utils.keyEnvironmentFile keys.initialAdminPassword else ""}
  Environment=PATH=${pkgs.coreutils}/bin
  Environment=KC_HOME_DIR="/run/keycloak"