public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/keycloak: Improve bash error handling

Browse Source
This commit is contained in:
talyz 2021-05-04 17:03:49 +02:00
parent d6727d28e1
commit c2bebf4ee2
No known key found for this signature in database
GPG Key ID: 2DED2151F4671A2B
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/modules/services/web-apps/keycloak.nix
View File

@ -588,7 +588,8 @@ in
Group = "postgres"; Group = "postgres";
}; };
script = '' script = ''
set -eu set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
PSQL=${config.services.postgresql.package}/bin/psql PSQL=${config.services.postgresql.package}/bin/psql
@ -612,7 +613,8 @@ in
Group = config.services.mysql.group; Group = config.services.mysql.group;
}; };
script = '' script = ''
set -eu set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
db_password="$(<'${cfg.databasePasswordFile}')" db_password="$(<'${cfg.databasePasswordFile}')"
( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';" ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
@ -647,14 +649,16 @@ in
serviceConfig = { serviceConfig = {
ExecStartPre = let ExecStartPre = let
startPreFullPrivileges = '' startPreFullPrivileges = ''
set -eu set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
install -T -m 0400 -o keycloak -g keycloak '${cfg.databasePasswordFile}' /run/keycloak/secrets/db_password install -T -m 0400 -o keycloak -g keycloak '${cfg.databasePasswordFile}' /run/keycloak/secrets/db_password
'' + lib.optionalString (cfg.certificatePrivateKeyBundle != null) '' '' + lib.optionalString (cfg.certificatePrivateKeyBundle != null) ''
install -T -m 0400 -o keycloak -g keycloak '${cfg.certificatePrivateKeyBundle}' /run/keycloak/secrets/ssl_cert_pk_bundle install -T -m 0400 -o keycloak -g keycloak '${cfg.certificatePrivateKeyBundle}' /run/keycloak/secrets/ssl_cert_pk_bundle
''; '';
startPre = '' startPre = ''
set -eu set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration
install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml