diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-05-24 18:25:09 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-05-24 18:25:09 +0000 |
commit | cb026a2bd22d2656d88a7883e44caa31402d7646 (patch) | |
tree | 804c389adfe6dc6deb38dfd90167b03b4f828bce /nixpkgs/nixos/modules/services/databases | |
parent | 5781972383d0382dc9353ac720a5d751ca17cd05 (diff) | |
parent | 650a295621b27c4ebe0fa64a63fd25323e64deb3 (diff) | |
download | nixlib-cb026a2bd22d2656d88a7883e44caa31402d7646.tar nixlib-cb026a2bd22d2656d88a7883e44caa31402d7646.tar.gz nixlib-cb026a2bd22d2656d88a7883e44caa31402d7646.tar.bz2 nixlib-cb026a2bd22d2656d88a7883e44caa31402d7646.tar.lz nixlib-cb026a2bd22d2656d88a7883e44caa31402d7646.tar.xz nixlib-cb026a2bd22d2656d88a7883e44caa31402d7646.tar.zst nixlib-cb026a2bd22d2656d88a7883e44caa31402d7646.zip |
Merge commit '650a295621b27c4ebe0fa64a63fd25323e64deb3'
Diffstat (limited to 'nixpkgs/nixos/modules/services/databases')
5 files changed, 113 insertions, 20 deletions
diff --git a/nixpkgs/nixos/modules/services/databases/cassandra.nix b/nixpkgs/nixos/modules/services/databases/cassandra.nix index d741ee48c48f..688938868020 100644 --- a/nixpkgs/nixos/modules/services/databases/cassandra.nix +++ b/nixpkgs/nixos/modules/services/databases/cassandra.nix @@ -22,11 +22,11 @@ let else {}) ); cassandraConfigWithAddresses = cassandraConfig // - ( if isNull cfg.listenAddress + ( if cfg.listenAddress == null then { listen_interface = cfg.listenInterface; } else { listen_address = cfg.listenAddress; } ) // ( - if isNull cfg.rpcAddress + if cfg.rpcAddress == null then { rpc_interface = cfg.rpcInterface; } else { rpc_address = cfg.rpcAddress; } ); @@ -219,19 +219,13 @@ in { config = mkIf cfg.enable { assertions = [ { assertion = - ((isNull cfg.listenAddress) - || (isNull cfg.listenInterface) - ) && !((isNull cfg.listenAddress) - && (isNull cfg.listenInterface) - ); + (cfg.listenAddress == null || cfg.listenInterface == null) + && !(cfg.listenAddress == null && cfg.listenInterface == null); message = "You have to set either listenAddress or listenInterface"; } { assertion = - ((isNull cfg.rpcAddress) - || (isNull cfg.rpcInterface) - ) && !((isNull cfg.rpcAddress) - && (isNull cfg.rpcInterface) - ); + (cfg.rpcAddress == null || cfg.rpcInterface == null) + && !(cfg.rpcAddress == null && cfg.rpcInterface == null); message = "You have to set either rpcAddress or rpcInterface"; } ]; @@ -276,7 +270,7 @@ in { }; }; systemd.timers.cassandra-full-repair = - mkIf (!isNull cfg.fullRepairInterval) { + mkIf (cfg.fullRepairInterval != null) { description = "Schedule full repairs on Cassandra"; wantedBy = [ "timers.target" ]; timerConfig = @@ -300,7 +294,7 @@ in { }; }; systemd.timers.cassandra-incremental-repair = - mkIf (!isNull cfg.incrementalRepairInterval) { + mkIf (cfg.incrementalRepairInterval != null) { description = "Schedule incremental repairs on Cassandra"; wantedBy = [ "timers.target" ]; timerConfig = diff --git a/nixpkgs/nixos/modules/services/databases/cockroachdb.nix b/nixpkgs/nixos/modules/services/databases/cockroachdb.nix index e977751b21ef..268fdcc819fd 100644 --- a/nixpkgs/nixos/modules/services/databases/cockroachdb.nix +++ b/nixpkgs/nixos/modules/services/databases/cockroachdb.nix @@ -7,7 +7,7 @@ let crdb = cfg.package; escape = builtins.replaceStrings ["%"] ["%%"]; - ifNotNull = v: s: optionalString (!isNull v) s; + ifNotNull = v: s: optionalString (v != null) s; startupCommand = lib.concatStringsSep " " [ # Basic startup @@ -164,7 +164,7 @@ in config = mkIf config.services.cockroachdb.enable { assertions = [ - { assertion = !cfg.insecure -> !(isNull cfg.certsDir); + { assertion = !cfg.insecure -> cfg.certsDir != null; message = "CockroachDB must have a set of SSL certificates (.certsDir), or run in Insecure Mode (.insecure = true)"; } ]; diff --git a/nixpkgs/nixos/modules/services/databases/foundationdb.nix b/nixpkgs/nixos/modules/services/databases/foundationdb.nix index 169ed37b348e..490c5e9d005a 100644 --- a/nixpkgs/nixos/modules/services/databases/foundationdb.nix +++ b/nixpkgs/nixos/modules/services/databases/foundationdb.nix @@ -35,7 +35,10 @@ let ${optionalString (cfg.class != null) "class = ${cfg.class}"} memory = ${cfg.memory} storage_memory = ${cfg.storageMemory} + + ${optionalString (lib.versionAtLeast cfg.package.version "6.1") '' trace_format = ${cfg.traceFormat} + ''} ${optionalString (cfg.tls != null) '' tls_plugin = ${pkg}/libexec/plugins/FDBLibTLS.so @@ -327,6 +330,15 @@ in }; config = mkIf cfg.enable { + assertions = [ + { assertion = lib.versionOlder cfg.package.version "6.1" -> cfg.traceFormat == "xml"; + message = '' + Versions of FoundationDB before 6.1 do not support configurable trace formats (only XML is supported). + This option has no effect for version '' + cfg.package.version + '', and enabling it is an error. + ''; + } + ]; + environment.systemPackages = [ pkg ]; users.users = optionalAttrs (cfg.user == "foundationdb") (singleton diff --git a/nixpkgs/nixos/modules/services/databases/pgmanage.nix b/nixpkgs/nixos/modules/services/databases/pgmanage.nix index 1a34c7f5ecee..1050c2dd481a 100644 --- a/nixpkgs/nixos/modules/services/databases/pgmanage.nix +++ b/nixpkgs/nixos/modules/services/databases/pgmanage.nix @@ -16,7 +16,7 @@ let super_only = ${builtins.toJSON cfg.superOnly} - ${optionalString (!isNull cfg.loginGroup) "login_group = ${cfg.loginGroup}"} + ${optionalString (cfg.loginGroup != null) "login_group = ${cfg.loginGroup}"} login_timeout = ${toString cfg.loginTimeout} @@ -24,7 +24,7 @@ let sql_root = ${cfg.sqlRoot} - ${optionalString (!isNull cfg.tls) '' + ${optionalString (cfg.tls != null) '' tls_cert = ${cfg.tls.cert} tls_key = ${cfg.tls.key} ''} diff --git a/nixpkgs/nixos/modules/services/databases/postgresql.nix b/nixpkgs/nixos/modules/services/databases/postgresql.nix index 87b236dd5fd1..5661edbee2db 100644 --- a/nixpkgs/nixos/modules/services/databases/postgresql.nix +++ b/nixpkgs/nixos/modules/services/databases/postgresql.nix @@ -105,6 +105,80 @@ in ''; }; + ensureDatabases = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Ensures that the specified databases exist. + This option will never delete existing databases, especially not when the value of this + option is changed. This means that databases created once through this option or + otherwise have to be removed manually. + ''; + example = [ + "gitea" + "nextcloud" + ]; + }; + + ensureUsers = mkOption { + type = types.listOf (types.submodule { + options = { + name = mkOption { + type = types.str; + description = '' + Name of the user to ensure. + ''; + }; + ensurePermissions = mkOption { + type = types.attrsOf types.str; + default = {}; + description = '' + Permissions to ensure for the user, specified as an attribute set. + The attribute names specify the database and tables to grant the permissions for. + The attribute values specify the permissions to grant. You may specify one or + multiple comma-separated SQL privileges here. + + For more information on how to specify the target + and on which privileges exist, see the + <link xlink:href="https://www.postgresql.org/docs/current/sql-grant.html">GRANT syntax</link>. + The attributes are used as <code>GRANT ''${attrName} ON ''${attrValue}</code>. + ''; + example = literalExample '' + { + "DATABASE nextcloud" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + } + ''; + }; + }; + }); + default = []; + description = '' + Ensures that the specified users exist and have at least the ensured permissions. + The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the + same name only, and that without the need for a password. + This option will never delete existing users or remove permissions, especially not when the value of this + option is changed. This means that users created and permissions assigned once through this option or + otherwise have to be removed manually. + ''; + example = literalExample '' + [ + { + name = "nextcloud"; + ensurePermissions = { + "DATABASE nextcloud" = "ALL PRIVILEGES"; + }; + } + { + name = "superuser"; + ensurePermissions = { + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + } + ] + ''; + }; + enableTCPIP = mkOption { type = types.bool; default = false; @@ -256,17 +330,30 @@ in # Wait for PostgreSQL to be ready to accept connections. postStart = '' - while ! ${pkgs.sudo}/bin/sudo -u ${cfg.superUser} psql --port=${toString cfg.port} -d postgres -c "" 2> /dev/null; do + PSQL="${pkgs.sudo}/bin/sudo -u ${cfg.superUser} psql --port=${toString cfg.port}" + + while ! $PSQL -d postgres -c "" 2> /dev/null; do if ! kill -0 "$MAINPID"; then exit 1; fi sleep 0.1 done if test -e "${cfg.dataDir}/.first_startup"; then ${optionalString (cfg.initialScript != null) '' - ${pkgs.sudo}/bin/sudo -u ${cfg.superUser} psql -f "${cfg.initialScript}" --port=${toString cfg.port} -d postgres + $PSQL -f "${cfg.initialScript}" -d postgres ''} rm -f "${cfg.dataDir}/.first_startup" fi + '' + optionalString (cfg.ensureDatabases != []) '' + ${concatMapStrings (database: '' + $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc "CREATE DATABASE ${database}" + '') cfg.ensureDatabases} + '' + '' + ${concatMapStrings (user: '' + $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc "CREATE USER ${user.name}" + ${concatStringsSep "\n" (mapAttrsToList (database: permission: '' + $PSQL -tAc "GRANT ${permission} ON ${database} TO ${user.name}" + '') user.ensurePermissions)} + '') cfg.ensureUsers} ''; unitConfig.RequiresMountsFor = "${cfg.dataDir}"; |