nixos/roundcube: fix PostgreSQL password

Extract PostgreSQL database password for Roundcube from .pgpass file.
The password file is used in two locations:

  1. in the Roundcube config.php
  2. in the systemd setup service that initializes the roundcube
     database

These two services need the password in different formats.

Keep the password file in PostgreSQL standard format and extract the
password for the Roundcube config (see #215986).

1 files changed, 9 insertions, 1 deletions

diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix
index 3aaec145930d..70ec3707dc18 100644
--- a/nixos/modules/services/mail/roundcube.nix
+++ b/nixos/modules/services/mail/roundcube.nix
@@ -123,7 +123,15 @@ in
     environment.etc."roundcube/config.inc.php".text = ''
       <?php
 
-      ${lib.optionalString (!localDB) "$password = file_get_contents('${cfg.database.passwordFile}');"}
+      ${lib.optionalString (!localDB) ''
+        # Password file should be formated according to PostgreSQL .pgpass standard
+        # see https://www.postgresql.org/docs/current/libpq-pgpass.html
+        $password = file_get_contents('${cfg.database.passwordFile}');
+        $password = preg_split('~\\\\.(*SKIP)(*FAIL)|\:~s', $password);
+        $password = end($password);
+        $password = str_replace("\\:", ":", $password);
+        $password = str_replace("\\\\", "\\", $password);
+      ''}
 
       $config = array();
       $config['db_dsnw'] = 'pgsql://${cfg.database.username}${lib.optionalString (!localDB) ":' . $password . '"}@${if localDB then "unix(/run/postgresql)" else cfg.database.host}/${cfg.database.dbname}';