From ee5b7fdddc85224363b75e87c6a11e242eb6933b Mon Sep 17 00:00:00 2001
From: nhnn <nhnn@nhnn.dev>
Date: Tue, 1 Jul 2025 15:00:49 +0300
Subject: [PATCH] fix: wait for kanidm to start

---
 auth/auth-module.nix | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/auth/auth-module.nix b/auth/auth-module.nix
index a7c11e1..e85a768 100644
--- a/auth/auth-module.nix
+++ b/auth/auth-module.nix
@@ -34,12 +34,35 @@ let
       kanidmServiceAccountTokenName = "${oauthClientID}-service-account-token";
       kanidmServiceAccountTokenFP = auth-passthru.mkServiceAccountTokenFP linuxGroup;
       isRW = oauthClientID == "selfprivacy-api";
+
+      # TODO: Copied from Forgejo module. Maybe generalize as lib. function?
+      waitForURL = url: maxRetries: delaySec: ''
+        for ((i=1; i<=${toString maxRetries}; i++))
+        do
+            if ${lib.getExe pkgs.curl} -X GET --silent --fail "${url}" > /dev/null
+            then
+                echo "${url} responds to GET HTTP request (attempt #$i)"
+                break
+            else
+                echo "${url} does not respond to GET HTTP request (attempt #$i)"
+                echo sleeping for ${toString delaySec} seconds
+            fi
+            sleep ${toString delaySec}
+        done
+        if [[ "$i" -gt "${toString maxRetries}" ]]
+        then
+            echo "error, max attempts to access "${url}" have been used unsuccessfully!"
+            exit 124
+        fi
+      '';
     in
     pkgs.writeShellScript "${oauthClientID}-kanidm-ExecStartPost-script.sh" (
       ''
         export HOME=$RUNTIME_DIRECTORY/client_home
         readonly KANIDM="${config.services.kanidm.package}/bin/kanidm"
 
+        ${waitForURL config.services.kanidm.serverSettings.origin 10 10}
+
         # try to get existing Kanidm service account
         KANIDM_SERVICE_ACCOUNT="$($KANIDM service-account list --name idm_admin | grep -E "^name: ${kanidmServiceAccountName}$")"
         echo KANIDM_SERVICE_ACCOUNT: "$KANIDM_SERVICE_ACCOUNT"