From d49b5bdfb9f7c9dba84ca982acae75ebe3b0ef9a Mon Sep 17 00:00:00 2001 From: Okina Matara Date: Fri, 3 Aug 2018 10:43:53 -0500 Subject: nixos/hydron: Various fixes, create db_conf.json and link to it --- nixos/modules/services/web-servers/hydron.nix | 66 +++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 4 deletions(-) (limited to 'nixos/modules/services/web-servers') diff --git a/nixos/modules/services/web-servers/hydron.nix b/nixos/modules/services/web-servers/hydron.nix index 49a18f5e7b28..c49efaede160 100644 --- a/nixos/modules/services/web-servers/hydron.nix +++ b/nixos/modules/services/web-servers/hydron.nix @@ -1,6 +1,8 @@ { config, lib, pkgs, ... }: -let cfg = config.services.hydron; +let + cfg = config.services.hydron; + postgres = config.services.postgresql; in with lib; { options.services.hydron = { enable = mkEnableOption "hydron"; @@ -25,6 +27,38 @@ in with lib; { ''; }; + password = mkOption { + type = types.str; + default = "hydron"; + example = "dumbpass"; + description = "Password for the hydron database."; + }; + + passwordFile = mkOption { + type = types.path; + default = "/run/keys/hydron-password-file"; + example = "/home/okina/hydron/keys/pass"; + description = "Password file for the hydron database."; + }; + + postgresArgs = mkOption { + type = types.str; + description = "Postgresql connection arguments."; + example = '' + { + "driver": "postgres", + "connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable" + } + ''; + }; + + postgresArgsFile = mkOption { + type = types.path; + default = "/run/keys/hydron-postgres-args"; + example = "/home/okina/hydron/keys/postgres"; + description = "Postgresql connection arguments file."; + }; + listenAddress = mkOption { type = types.nullOr types.str; default = null; @@ -47,16 +81,36 @@ in with lib; { }; config = mkIf cfg.enable { + security.sudo.enable = cfg.enable; + services.postgresql.enable = cfg.enable; + services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password); + services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs); + services.hydron.postgresArgs = mkDefault '' + { + "driver": "postgres", + "connection": "user=hydron password=${cfg.password} dbname=hydron sslmode=disable" + } + ''; + systemd.services.hydron = { description = "hydron"; - after = [ "network.target" ]; + after = [ "network.target" "postgresql.service" ]; wantedBy = [ "multi-user.target" ]; preStart = '' - # Ensure folder exists and permissions are correct - mkdir -p ${escapeShellArg cfg.dataDir}/images + # Ensure folder exists or create it and permissions are correct + mkdir -p ${escapeShellArg cfg.dataDir}/{.hydron,images} + ln -sf ${escapeShellArg cfg.postgresArgsFile} ${escapeShellArg cfg.dataDir}/.hydron/db_conf.json chmod 750 ${escapeShellArg cfg.dataDir} chown -R hydron:hydron ${escapeShellArg cfg.dataDir} + + # Ensure the database is correct or create it + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \ + -SDR hydron || true + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \ + -T template0 -E UTF8 -O hydron hydron || true + ${pkgs.sudo}/bin/sudo -u hydron ${postgres.package}/bin/psql \ + -c "ALTER ROLE hydron WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true ''; serviceConfig = { @@ -101,5 +155,9 @@ in with lib; { }; }; + imports = [ + (mkRenamedOptionModule [ "services" "hydron" "baseDir" ] [ "services" "hydron" "dataDir" ]) + ]; + meta.maintainers = with maintainers; [ chiiruno ]; } -- cgit 1.4.1