From 3bd766d87a39058d522c48de4c8eec731018472c Mon Sep 17 00:00:00 2001
From: Histausse <histausse@protonmail.com>
Date: Thu, 20 Apr 2023 00:03:56 +0200
Subject: [PATCH] update keycloak

---
 pp-keycloak.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pp-keycloak.nix b/pp-keycloak.nix
index 7ed9ffd..fe6a18e 100644
--- a/pp-keycloak.nix
+++ b/pp-keycloak.nix
@@ -36,6 +36,14 @@ in
     };
     initialAdminPassword = cfg.initialAdminPassword;
     database.passwordFile = cfg.dbPasswordFile;
+    # Set the permittions for the db file
+    system.activationScripts = {
+      keycloakDbFilePermission.text =
+      ''
+        chmod 400 ${cfg.dbPasswordFile}
+        chown keycloak ${cfg.dbPasswordFile}
+      '';
+    };
     database.createLocally = true;
     # TODO: enable client cert lookup: https://www.keycloak.org/server/reverseproxy#_enabling_client_certificate_lookup