forked from mirrors_public/oddlama_nix-config
chore(kanidm): reenable provisioning (waiting for new package release still)
This commit is contained in:
oddlama
parent
31602de07d
commit
ec47f80bb8
1 changed files with 11 additions and 12 deletions
|
|
@ -39,7 +39,7 @@
|
||||||
default = script;
|
default = script;
|
||||||
};
|
};
|
||||||
|
|
||||||
provisionScript = pkgs.writeShellScrip "post-start-provision" ''
|
provisionScript = pkgs.writeShellScript "post-start-provision" ''
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Wait for the kanidm server to come online
|
# Wait for the kanidm server to come online
|
||||||
|
|
@ -75,15 +75,15 @@
|
||||||
[[ -n "$(${getExe jq} <<< "$known_groups" '. | select(.name[0] == "$1")')" ]]
|
[[ -n "$(${getExe jq} <<< "$known_groups" '. | select(.name[0] == "$1")')" ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
#known_persons=$(kanidm person list --output=json)
|
known_persons=$(kanidm person list --output=json)
|
||||||
#function person_exists() {
|
function person_exists() {
|
||||||
# [[ -n "$(${getExe jq} <<< "$known_persons" '. | select(.name[0] == "$1")')" ]]
|
[[ -n "$(${getExe jq} <<< "$known_persons" '. | select(.name[0] == "$1")')" ]]
|
||||||
#}
|
}
|
||||||
|
|
||||||
#known_oauth2_systems=$(kanidm person list --output=json)
|
known_oauth2_systems=$(kanidm person list --output=json)
|
||||||
#function oauth2_system_exists() {
|
function oauth2_system_exists() {
|
||||||
# [[ -n "$(${getExe jq} <<< "$known_oauth2_systems" '. | select(.oauth2_rs_name[0] == "$1")')" ]]
|
[[ -n "$(${getExe jq} <<< "$known_oauth2_systems" '. | select(.oauth2_rs_name[0] == "$1")')" ]]
|
||||||
#}
|
}
|
||||||
|
|
||||||
${concatMapStrings (x: x._script) (attrValues cfg.provision.groups)}
|
${concatMapStrings (x: x._script) (attrValues cfg.provision.groups)}
|
||||||
${concatMapStrings (x: x._script) (attrValues cfg.provision.persons)}
|
${concatMapStrings (x: x._script) (attrValues cfg.provision.persons)}
|
||||||
|
|
@ -99,7 +99,7 @@
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
if test -e "$STATE_DIRECTORY/.needs_restart"; then
|
if test -e "$STATE_DIRECTORY/.needs_restart"; then
|
||||||
rm -f "$STATE_DIRECTORY/.needs_restart"
|
rm -f "$STATE_DIRECTORY/.needs_restart"
|
||||||
systemctl restart kanidm
|
/run/current-system/systemd/bin/systemctl restart kanidm
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
|
|
@ -299,9 +299,8 @@ in {
|
||||||
systemd.services.kanidm = {
|
systemd.services.kanidm = {
|
||||||
serviceConfig.ExecStartPost =
|
serviceConfig.ExecStartPost =
|
||||||
[provisioningScript]
|
[provisioningScript]
|
||||||
++
|
|
||||||
# Only the restarter runs with elevated privileges
|
# Only the restarter runs with elevated privileges
|
||||||
optional (cfg.provision.systems.oauth2 != {}) "+${restarterScript}";
|
++ optional (cfg.provision.systems.oauth2 != {}) "+${restarterScript}";
|
||||||
|
|
||||||
preStart = let
|
preStart = let
|
||||||
mappingsJson = pkgs.writeText "mappings.json" (builtins.toJSON {
|
mappingsJson = pkgs.writeText "mappings.json" (builtins.toJSON {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue