Revert "nixos/keycloak: use db username in db init scripts"

This reverts commit d9e18f4e7f. This change is broken, since it doesn't configure the proper database username in keycloak when provisioning a local database with a custom username. Its intended behavior is also potentially confusing and dangerous, so rather than fixing it, let's revert to the old one.
2021-05-04 13:45:28 +02:00 · 2021-05-04 13:45:28 +02:00 · fdf6bb5b95
commit fdf6bb5b95
parent f65f1a4047
1 changed files with 7 additions and 8 deletions
--- a/nixos/modules/services/web-apps/keycloak.nix
+++ b/nixos/modules/services/web-apps/keycloak.nix
@ -168,10 +168,9 @@ in
      type = lib.types.str;
      default = "keycloak";
      description = ''
-        Username to use when connecting to the database.
-        This is also used for automatic provisioning of the database.
-        Changing this after the initial installation doesn't delete the
-        old user and can cause further problems.
+        Username to use when connecting to an external or manually
+        provisioned database; has no effect when a local database is
+        automatically provisioned.
      '';
    };

@ -588,8 +587,8 @@ in
            PSQL=${config.services.postgresql.package}/bin/psql

            db_password="$(<'${cfg.databasePasswordFile}')"
-            $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${cfg.databaseUsername}'" | grep -q 1 || $PSQL -tAc "CREATE ROLE ${cfg.databaseUsername} WITH LOGIN PASSWORD '$db_password' CREATEDB"
-            $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "${cfg.databaseUsername}"'
+            $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || $PSQL -tAc "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB"
+            $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
          '';
        };

@ -607,9 +606,9 @@ in
            set -eu

            db_password="$(<'${cfg.databasePasswordFile}')"
-            ( echo "CREATE USER IF NOT EXISTS '${cfg.databaseUsername}'@'localhost' IDENTIFIED BY '$db_password';"
+            ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
              echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
-              echo "GRANT ALL PRIVILEGES ON keycloak.* TO '${cfg.databaseUsername}'@'localhost';"
+              echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';"
            ) | ${config.services.mysql.package}/bin/mysql -N
          '';
        };