diff options
author | Robin Gloster <mail@glob.in> | 2017-09-02 23:29:04 +0200 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2017-09-02 23:29:04 +0200 |
commit | 0156db2da530a52265fbccc8ad7747b00ee8aaf3 (patch) | |
tree | f5facfdd70ac838997ed0538fd9f4e8edffe9936 /nixos/modules/services/databases | |
parent | 891a1662aa6cd6b2bcd2187d97f27822ed5df138 (diff) | |
parent | d784b830051bb86172b9a3669826774cc20e1f41 (diff) | |
download | nixlib-0156db2da530a52265fbccc8ad7747b00ee8aaf3.tar nixlib-0156db2da530a52265fbccc8ad7747b00ee8aaf3.tar.gz nixlib-0156db2da530a52265fbccc8ad7747b00ee8aaf3.tar.bz2 nixlib-0156db2da530a52265fbccc8ad7747b00ee8aaf3.tar.lz nixlib-0156db2da530a52265fbccc8ad7747b00ee8aaf3.tar.xz nixlib-0156db2da530a52265fbccc8ad7747b00ee8aaf3.tar.zst nixlib-0156db2da530a52265fbccc8ad7747b00ee8aaf3.zip |
Merge remote-tracking branch 'upstream/master' into HEAD
Diffstat (limited to 'nixos/modules/services/databases')
-rw-r--r-- | nixos/modules/services/databases/influxdb.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/databases/mongodb.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/databases/mysql.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/databases/postage.nix | 205 | ||||
-rw-r--r-- | nixos/modules/services/databases/postgresql.nix | 19 |
5 files changed, 229 insertions, 12 deletions
diff --git a/nixos/modules/services/databases/influxdb.nix b/nixos/modules/services/databases/influxdb.nix index dd88624f406c..9ffe9fdea2ce 100644 --- a/nixos/modules/services/databases/influxdb.nix +++ b/nixos/modules/services/databases/influxdb.nix @@ -68,9 +68,9 @@ let collectd = [{ enabled = false; - typesdb = "${pkgs.collectd}/share/collectd/types.db"; + typesdb = "${pkgs.collectd-data}/share/collectd/types.db"; database = "collectd_db"; - port = 25826; + bind-address = ":25826"; }]; opentsdb = [{ @@ -149,7 +149,6 @@ in type = types.attrs; }; }; - }; diff --git a/nixos/modules/services/databases/mongodb.nix b/nixos/modules/services/databases/mongodb.nix index c56564f57f36..78dbf0d784cf 100644 --- a/nixos/modules/services/databases/mongodb.nix +++ b/nixos/modules/services/databases/mongodb.nix @@ -108,7 +108,7 @@ in after = [ "network.target" ]; serviceConfig = { - ExecStart = "${mongodb}/bin/mongod --quiet --config ${mongoCnf} --fork --pidfilepath ${cfg.pidFile}"; + ExecStart = "${mongodb}/bin/mongod --config ${mongoCnf} --fork --pidfilepath ${cfg.pidFile}"; User = cfg.user; PIDFile = cfg.pidFile; Type = "forking"; diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index 6027f109285a..50766093307d 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -108,10 +108,13 @@ in initialDatabases = mkOption { default = []; - description = "List of database names and their initial schemas that should be used to create databases on the first startup of MySQL"; + description = '' + List of database names and their initial schemas that should be used to create databases on the first startup + of MySQL. The schema attribute is optional: If not specified, an empty database is created. + ''; example = [ { name = "foodatabase"; schema = literalExample "./foodatabase.sql"; } - { name = "bardatabase"; schema = literalExample "./bardatabase.sql"; } + { name = "bardatabase"; } ]; }; @@ -247,6 +250,8 @@ in if ! test -e "${cfg.dataDir}/${database.name}"; then echo "Creating initial database: ${database.name}" ( echo "create database ${database.name};" + + ${optionalString (database ? "schema") '' echo "use ${database.name};" if [ -f "${database.schema}" ] @@ -256,6 +261,7 @@ in then cat ${database.schema}/mysql-databases/*.sql fi + ''} ) | ${mysql}/bin/mysql -u root -N fi '') cfg.initialDatabases} diff --git a/nixos/modules/services/databases/postage.nix b/nixos/modules/services/databases/postage.nix new file mode 100644 index 000000000000..d49c9a83a46f --- /dev/null +++ b/nixos/modules/services/databases/postage.nix @@ -0,0 +1,205 @@ +{ lib, pkgs, config, ... } : + +with lib; + +let + cfg = config.services.postage; + + confFile = pkgs.writeTextFile { + name = "postage.conf"; + text = '' + connection_file = ${postageConnectionsFile} + + allow_custom_connections = ${builtins.toJSON cfg.allowCustomConnections} + + postage_port = ${toString cfg.port} + + super_only = ${builtins.toJSON cfg.superOnly} + + ${optionalString (!isNull cfg.loginGroup) "login_group = ${cfg.loginGroup}"} + + login_timeout = ${toString cfg.loginTimeout} + + web_root = ${cfg.package}/etc/postage/web_root + + data_root = ${cfg.dataRoot} + + ${optionalString (!isNull cfg.tls) '' + tls_cert = ${cfg.tls.cert} + tls_key = ${cfg.tls.key} + ''} + + log_level = ${cfg.logLevel} + ''; + }; + + postageConnectionsFile = pkgs.writeTextFile { + name = "postage-connections.conf"; + text = concatStringsSep "\n" + (mapAttrsToList (name : conn : "${name}: ${conn}") cfg.connections); + }; + + postage = "postage"; +in { + + options.services.postage = { + enable = mkEnableOption "PostgreSQL Administration for the web"; + + package = mkOption { + type = types.package; + default = pkgs.postage; + defaultText = "pkgs.postage"; + description = '' + The postage package to use. + ''; + }; + + connections = mkOption { + type = types.attrsOf types.str; + default = {}; + example = { + "nuc-server" = "hostaddr=192.168.0.100 port=5432 dbname=postgres"; + "mini-server" = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require"; + }; + description = '' + Postage requires at least one PostgreSQL server be defined. + </para><para> + Detailed information about PostgreSQL connection strings is available at: + <link xlink:href="http://www.postgresql.org/docs/current/static/libpq-connect.html"/> + </para><para> + Note that you should not specify your user name or password. That + information will be entered on the login screen. If you specify a + username or password, it will be removed by Postage before attempting to + connect to a database. + ''; + }; + + allowCustomConnections = mkOption { + type = types.bool; + default = false; + description = '' + This tells Postage whether or not to allow anyone to use a custom + connection from the login screen. + ''; + }; + + port = mkOption { + type = types.int; + default = 8080; + description = '' + This tells Postage what port to listen on for browser requests. + ''; + }; + + localOnly = mkOption { + type = types.bool; + default = true; + description = '' + This tells Postage whether or not to set the listening socket to local + addresses only. + ''; + }; + + superOnly = mkOption { + type = types.bool; + default = true; + description = '' + This tells Postage whether or not to only allow super users to + login. The recommended value is true and will restrict users who are not + super users from logging in to any PostgreSQL instance through + Postage. Note that a connection will be made to PostgreSQL in order to + test if the user is a superuser. + ''; + }; + + loginGroup = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + This tells Postage to only allow users in a certain PostgreSQL group to + login to Postage. Note that a connection will be made to PostgreSQL in + order to test if the user is a member of the login group. + ''; + }; + + loginTimeout = mkOption { + type = types.int; + default = 3600; + description = '' + Number of seconds of inactivity before user is automatically logged + out. + ''; + }; + + dataRoot = mkOption { + type = types.str; + default = "/var/lib/postage"; + description = '' + This tells Postage where to put the SQL file history. All tabs are saved + to this location so that if you get disconnected from Postage you + don't lose your work. + ''; + }; + + tls = mkOption { + type = types.nullOr (types.submodule { + options = { + cert = mkOption { + type = types.str; + description = "TLS certificate"; + }; + key = mkOption { + type = types.str; + description = "TLS key"; + }; + }; + }); + default = null; + description = '' + These options tell Postage where the TLS Certificate and Key files + reside. If you use these options then you'll only be able to access + Postage through a secure TLS connection. These options are only + necessary if you wish to connect directly to Postage using a secure TLS + connection. As an alternative, you can set up Postage in a reverse proxy + configuration. This allows your web server to terminate the secure + connection and pass on the request to Postage. You can find help to set + up this configuration in: + <link xlink:href="https://github.com/workflowproducts/postage/blob/master/INSTALL_NGINX.md"/> + ''; + }; + + logLevel = mkOption { + type = types.enum ["error" "warn" "notice" "info"]; + default = "error"; + description = '' + Verbosity of logs + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.postage = { + description = "postage - PostgreSQL Administration for the web"; + wants = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = postage; + Group = postage; + ExecStart = "${pkgs.postage}/sbin/postage -c ${confFile}" + + optionalString cfg.localOnly " --local-only=true"; + }; + }; + users = { + users."${postage}" = { + name = postage; + group = postage; + home = cfg.dataRoot; + createHome = true; + }; + groups."${postage}" = { + name = postage; + }; + }; + }; +} diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index d06e03a52978..1bbab3296005 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -38,9 +38,6 @@ let pre84 = versionOlder (builtins.parseDrvName postgresql.name).version "8.4"; - # NixOS traditionally used `root` as superuser, most other distros use `postgres`. From 17.09 - # we also try to follow this standard - superuser = (if versionAtLeast config.system.stateVersion "17.09" then "postgres" else "root"); in @@ -151,6 +148,16 @@ in Contents of the <filename>recovery.conf</filename> file. ''; }; + superUser = mkOption { + type = types.str; + default= if versionAtLeast config.system.stateVersion "17.09" then "postgres" else "root"; + internal = true; + description = '' + NixOS traditionally used `root` as superuser, most other distros use `postgres`. + From 17.09 we also try to follow this standard. Internal since changing this value + would lead to breakage while setting up databases. + ''; + }; }; }; @@ -215,7 +222,7 @@ in '' # Initialise the database. if ! test -e ${cfg.dataDir}/PG_VERSION; then - initdb -U ${superuser} + initdb -U ${cfg.superUser} # See postStart! touch "${cfg.dataDir}/.first_startup" fi @@ -247,14 +254,14 @@ in # Wait for PostgreSQL to be ready to accept connections. postStart = '' - while ! ${pkgs.sudo}/bin/sudo -u ${superuser} psql --port=${toString cfg.port} -d postgres -c "" 2> /dev/null; do + while ! ${pkgs.sudo}/bin/sudo -u ${cfg.superUser} psql --port=${toString cfg.port} -d postgres -c "" 2> /dev/null; do if ! kill -0 "$MAINPID"; then exit 1; fi sleep 0.1 done if test -e "${cfg.dataDir}/.first_startup"; then ${optionalString (cfg.initialScript != null) '' - ${pkgs.sudo}/bin/sudo -u ${superuser} psql -f "${cfg.initialScript}" --port=${toString cfg.port} -d postgres + ${pkgs.sudo}/bin/sudo -u ${cfg.superUser} psql -f "${cfg.initialScript}" --port=${toString cfg.port} -d postgres ''} rm -f "${cfg.dataDir}/.first_startup" fi |