nixos/keycloak: use db username in db init scripts

[leona-ya]

Motivation for this change

I would like to use a different database username, but want to use the automatic provisioning scripts provided by the NixOS Keycloak module

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

[leona-ya]

/cc @talyz

[talyz]

Hi! The problem with this is that changing databaseUsername after deploying will cause issues. I had an implementation that solved this initially, but it felt a bit overly complex: #99906 (comment). It also didn't support MySQL at that point. Can I ask why you want to change the database user name?

[aanderse]

ping @grahamc for informational purposes.

[leona-ya]

I'm unsure if this module should handle changing the database username after deployment. The reason I wanted to change the database username is that I know people having a specific schema for database users and 'keycloak' doesn't fit into this schema. But it's not that important to support this.

[ghost]

Maybe it would be fine to add a note that tells users they have to manually adjust the state to make sure the user has the permissions when changing the value assigned to this option after the first deployment?

[leona-ya]

For me that would be a good option

[ghost]

LGTM