nixos/hydron: Various fixes, create db_conf.json and link to it

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Okina Matara 7 years ago d49b5bdf 6de26d66

+62 -4

1 changed file

expand all

nixos

modules

services

web-servers

hydron.nix

+62 -4

nixos/modules/services/web-servers/hydron.nix

··· 1 1 { config, lib, pkgs, ... }: 2 2 3 - let cfg = config.services.hydron; 3 + let 4 + cfg = config.services.hydron; 5 + postgres = config.services.postgresql; 4 6 in with lib; { 5 7 options.services.hydron = { 6 8 enable = mkEnableOption "hydron"; ··· 25 27 ''; 26 28 }; 27 29 30 + password = mkOption { 31 + type = types.str; 32 + default = "hydron"; 33 + example = "dumbpass"; 34 + description = "Password for the hydron database."; 35 + }; 36 + 37 + passwordFile = mkOption { 38 + type = types.path; 39 + default = "/run/keys/hydron-password-file"; 40 + example = "/home/okina/hydron/keys/pass"; 41 + description = "Password file for the hydron database."; 42 + }; 43 + 44 + postgresArgs = mkOption { 45 + type = types.str; 46 + description = "Postgresql connection arguments."; 47 + example = '' 48 + { 49 + "driver": "postgres", 50 + "connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable" 51 + } 52 + ''; 53 + }; 54 + 55 + postgresArgsFile = mkOption { 56 + type = types.path; 57 + default = "/run/keys/hydron-postgres-args"; 58 + example = "/home/okina/hydron/keys/postgres"; 59 + description = "Postgresql connection arguments file."; 60 + }; 61 + 28 62 listenAddress = mkOption { 29 63 type = types.nullOr types.str; 30 64 default = null; ··· 47 81 }; 48 82 49 83 config = mkIf cfg.enable { 84 + security.sudo.enable = cfg.enable; 85 + services.postgresql.enable = cfg.enable; 86 + services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password); 87 + services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs); 88 + services.hydron.postgresArgs = mkDefault '' 89 + { 90 + "driver": "postgres", 91 + "connection": "user=hydron password=${cfg.password} dbname=hydron sslmode=disable" 92 + } 93 + ''; 94 + 50 95 systemd.services.hydron = { 51 96 description = "hydron"; 52 - after = [ "network.target" ]; 97 + after = [ "network.target" "postgresql.service" ]; 53 98 wantedBy = [ "multi-user.target" ]; 54 99 55 100 preStart = '' 56 - # Ensure folder exists and permissions are correct 57 - mkdir -p ${escapeShellArg cfg.dataDir}/images 101 + # Ensure folder exists or create it and permissions are correct 102 + mkdir -p ${escapeShellArg cfg.dataDir}/{.hydron,images} 103 + ln -sf ${escapeShellArg cfg.postgresArgsFile} ${escapeShellArg cfg.dataDir}/.hydron/db_conf.json 58 104 chmod 750 ${escapeShellArg cfg.dataDir} 59 105 chown -R hydron:hydron ${escapeShellArg cfg.dataDir} 106 + 107 + # Ensure the database is correct or create it 108 + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \ 109 + -SDR hydron || true 110 + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \ 111 + -T template0 -E UTF8 -O hydron hydron || true 112 + ${pkgs.sudo}/bin/sudo -u hydron ${postgres.package}/bin/psql \ 113 + -c "ALTER ROLE hydron WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true 60 114 ''; 61 115 62 116 serviceConfig = { ··· 100 154 }; 101 155 }; 102 156 }; 157 + 158 + imports = [ 159 + (mkRenamedOptionModule [ "services" "hydron" "baseDir" ] [ "services" "hydron" "dataDir" ]) 160 + ]; 103 161 104 162 meta.maintainers = with maintainers; [ chiiruno ]; 105 163 }