diff options
author | Benjamin Staffin <benley@gmail.com> | 2023-08-21 18:16:06 -0400 |
---|---|---|
committer | Benjamin Staffin <bstaffin@singlestore.com> | 2024-05-14 14:26:35 -0400 |
commit | 64c94bd40ad53df26d1c2b4b8e769262422e8e66 (patch) | |
tree | 9a52465387ee9e04282b9b1e367b001be90a538a /nixos | |
parent | 44615ede3861a0cbfd1353458ba24c073ac5b5a5 (diff) |
nixos/keycloak: Add systemd startup notification
This makes it possible for other systemd units to depend on keycloak.service using `after` and `wants` relationships, and systemd will actually wait for Keycloak to finish its initialization before starting any dependent units. This can be important for services like oauth2-proxy, which (when configured to use Keycloak as its auth provider) will fail to start until Keycloak's `.well-known/openid-configuration` endpoint is available.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-apps/keycloak.nix | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index 201085daa74a8..6d472cf48cd01 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -466,7 +466,8 @@ in confFile = pkgs.writeText "keycloak.conf" (keycloakConfig filteredConfig); keycloakBuild = cfg.package.override { inherit confFile; - plugins = cfg.package.enabledPlugins ++ cfg.plugins; + plugins = cfg.package.enabledPlugins ++ cfg.plugins ++ + (with cfg.package.plugins; [quarkus-systemd-notify quarkus-systemd-notify-deployment]); }; in mkIf cfg.enable @@ -638,6 +639,8 @@ in RuntimeDirectory = "keycloak"; RuntimeDirectoryMode = "0700"; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + Type = "notify"; # Requires quarkus-systemd-notify plugin + NotifyAccess = "all"; }; script = '' set -o errexit -o pipefail -o nounset -o errtrace |