thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: wait for kanidm to start

Browse Source
This commit is contained in:
nhnn
2025-07-01 15:00:49 +03:00
parent 114faa7b6b
commit ee5b7fdddc
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
auth/auth-module.nix
View File

@@ -34,12 +34,35 @@ let
kanidmServiceAccountTokenName = "${oauthClientID}-service-account-token"; kanidmServiceAccountTokenName = "${oauthClientID}-service-account-token";
kanidmServiceAccountTokenFP = auth-passthru.mkServiceAccountTokenFP linuxGroup; kanidmServiceAccountTokenFP = auth-passthru.mkServiceAccountTokenFP linuxGroup;
isRW = oauthClientID == "selfprivacy-api"; isRW = oauthClientID == "selfprivacy-api";
# TODO: Copied from Forgejo module. Maybe generalize as lib. function?
waitForURL = url: maxRetries: delaySec: ''
for ((i=1; i<=${toString maxRetries}; i++))
do
if ${lib.getExe pkgs.curl} -X GET --silent --fail "${url}" > /dev/null
then
echo "${url} responds to GET HTTP request (attempt #$i)"
break
else
echo "${url} does not respond to GET HTTP request (attempt #$i)"
echo sleeping for ${toString delaySec} seconds
fi
sleep ${toString delaySec}
done
if [[ "$i" -gt "${toString maxRetries}" ]]
then
echo "error, max attempts to access "${url}" have been used unsuccessfully!"
exit 124
fi
'';
in in
pkgs.writeShellScript "${oauthClientID}-kanidm-ExecStartPost-script.sh" ( pkgs.writeShellScript "${oauthClientID}-kanidm-ExecStartPost-script.sh" (
'' ''
export HOME=$RUNTIME_DIRECTORY/client_home export HOME=$RUNTIME_DIRECTORY/client_home
readonly KANIDM="${config.services.kanidm.package}/bin/kanidm" readonly KANIDM="${config.services.kanidm.package}/bin/kanidm"
${waitForURL config.services.kanidm.serverSettings.origin 10 10}
# try to get existing Kanidm service account # try to get existing Kanidm service account
KANIDM_SERVICE_ACCOUNT="$($KANIDM service-account list --name idm_admin | grep -E "^name: ${kanidmServiceAccountName}$")" KANIDM_SERVICE_ACCOUNT="$($KANIDM service-account list --name idm_admin | grep -E "^name: ${kanidmServiceAccountName}$")"
echo KANIDM_SERVICE_ACCOUNT: "$KANIDM_SERVICE_ACCOUNT" echo KANIDM_SERVICE_ACCOUNT: "$KANIDM_SERVICE_ACCOUNT"