diff options
| author | Okina Matara <okinan@chiru.no> | 2018-08-03 10:43:53 -0500 |
|---|---|---|
| committer | Okina Matara <okinan@chiru.no> | 2018-08-03 10:43:53 -0500 |
| commit | d49b5bdfb9f7c9dba84ca982acae75ebe3b0ef9a (patch) | |
| tree | 495cf7be5ddd2370aee68ef9e9b165534022a3eb /nixos/modules/services/web-servers | |
| parent | 6de26d6647c54306a54b9ed09f94e6d1c7e2d30a (diff) | |
| download | nixlib-d49b5bdfb9f7c9dba84ca982acae75ebe3b0ef9a.tar nixlib-d49b5bdfb9f7c9dba84ca982acae75ebe3b0ef9a.tar.gz nixlib-d49b5bdfb9f7c9dba84ca982acae75ebe3b0ef9a.tar.bz2 nixlib-d49b5bdfb9f7c9dba84ca982acae75ebe3b0ef9a.tar.lz nixlib-d49b5bdfb9f7c9dba84ca982acae75ebe3b0ef9a.tar.xz nixlib-d49b5bdfb9f7c9dba84ca982acae75ebe3b0ef9a.tar.zst nixlib-d49b5bdfb9f7c9dba84ca982acae75ebe3b0ef9a.zip | |
nixos/hydron: Various fixes, create db_conf.json and link to it
Diffstat (limited to 'nixos/modules/services/web-servers')
| -rw-r--r-- | nixos/modules/services/web-servers/hydron.nix | 66 |
1 files changed, 62 insertions, 4 deletions
diff --git a/nixos/modules/services/web-servers/hydron.nix b/nixos/modules/services/web-servers/hydron.nix index 49a18f5e7b28..c49efaede160 100644 --- a/nixos/modules/services/web-servers/hydron.nix +++ b/nixos/modules/services/web-servers/hydron.nix @@ -1,6 +1,8 @@ { config, lib, pkgs, ... }: -let cfg = config.services.hydron; +let + cfg = config.services.hydron; + postgres = config.services.postgresql; in with lib; { options.services.hydron = { enable = mkEnableOption "hydron"; @@ -25,6 +27,38 @@ in with lib; { ''; }; + password = mkOption { + type = types.str; + default = "hydron"; + example = "dumbpass"; + description = "Password for the hydron database."; + }; + + passwordFile = mkOption { + type = types.path; + default = "/run/keys/hydron-password-file"; + example = "/home/okina/hydron/keys/pass"; + description = "Password file for the hydron database."; + }; + + postgresArgs = mkOption { + type = types.str; + description = "Postgresql connection arguments."; + example = '' + { + "driver": "postgres", + "connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable" + } + ''; + }; + + postgresArgsFile = mkOption { + type = types.path; + default = "/run/keys/hydron-postgres-args"; + example = "/home/okina/hydron/keys/postgres"; + description = "Postgresql connection arguments file."; + }; + listenAddress = mkOption { type = types.nullOr types.str; default = null; @@ -47,16 +81,36 @@ in with lib; { }; config = mkIf cfg.enable { + security.sudo.enable = cfg.enable; + services.postgresql.enable = cfg.enable; + services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password); + services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs); + services.hydron.postgresArgs = mkDefault '' + { + "driver": "postgres", + "connection": "user=hydron password=${cfg.password} dbname=hydron sslmode=disable" + } + ''; + systemd.services.hydron = { description = "hydron"; - after = [ "network.target" ]; + after = [ "network.target" "postgresql.service" ]; wantedBy = [ "multi-user.target" ]; preStart = '' - # Ensure folder exists and permissions are correct - mkdir -p ${escapeShellArg cfg.dataDir}/images + # Ensure folder exists or create it and permissions are correct + mkdir -p ${escapeShellArg cfg.dataDir}/{.hydron,images} + ln -sf ${escapeShellArg cfg.postgresArgsFile} ${escapeShellArg cfg.dataDir}/.hydron/db_conf.json chmod 750 ${escapeShellArg cfg.dataDir} chown -R hydron:hydron ${escapeShellArg cfg.dataDir} + + # Ensure the database is correct or create it + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \ + -SDR hydron || true + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \ + -T template0 -E UTF8 -O hydron hydron || true + ${pkgs.sudo}/bin/sudo -u hydron ${postgres.package}/bin/psql \ + -c "ALTER ROLE hydron WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true ''; serviceConfig = { @@ -101,5 +155,9 @@ in with lib; { }; }; + imports = [ + (mkRenamedOptionModule [ "services" "hydron" "baseDir" ] [ "services" "hydron" "dataDir" ]) + ]; + meta.maintainers = with maintainers; [ chiiruno ]; } |