commit 2de264f2091a6e6d1a99336601c972df5f7d05e8 · pyrox.dev/nixpkgs

+38 -36
nixos/modules/services/mail/postfixadmin.nix
···

       8
       8
        
         cfg = config.services.postfixadmin;

     

       9
       9
        
         fpm = config.services.phpfpm.pools.postfixadmin;

     

       10
       10
        
         localDB = cfg.database.host == "localhost";

     

       11
       11
       +
         pgsql = config.services.postgresql;

     

       11
       12
        
         user = if localDB then cfg.database.username else "nginx";

     

       12
       13
        
       in

     

       13
       14
        
       {

     
···

       57
       58
        
                 If `database.host` is set to `localhost`, a unix user and group of the same name will be created as well.

     

       58
       59
        
               '';

     

       59
       60
        
             };

     

       61
       61
       +
       

     

       60
       62
        
             host = lib.mkOption {

     

       61
       63
        
               type = lib.types.str;

     

       62
       64
        
               default = "localhost";

     
···

       67
       69
        
                 permissions.

     

       68
       70
        
               '';

     

       69
       71
        
             };

     

       72
       72
       +
       

     

       70
       73
        
             passwordFile = lib.mkOption {

     

       71
       74
        
               type = lib.types.path;

     

       72
       75
        
               description = "Password file for the postgresql connection. Must be readable by user `nginx`.";

     

       73
       76
        
             };

     

       77
       77
       +
       

     

       74
       78
        
             dbname = lib.mkOption {

     

       75
       79
        
               type = lib.types.str;

     

       76
       80
        
               default = "postfixadmin";

     
···

       139
       143
        
               }

     

       140
       144
        
             ];

     

       141
       145
        
           };

     

       146
       146
       +
       

     

       142
       147
        
           # The postgresql module doesn't currently support concepts like

     

       143
       148
        
           # objects owners and extensions; for now we tack on what's needed

     

       144
       149
        
           # here.

     

       145
       145
       -
           systemd.services.postfixadmin-postgres =

     

       146
       146
       -
             let

     

       147
       147
       -
               pgsql = config.services.postgresql;

     

       148
       148
       -
             in

     

       149
       149
       -
             lib.mkIf localDB {

     

       150
       150
       -
               after = [ "postgresql.service" ];

     

       151
       151
       -
               bindsTo = [ "postgresql.service" ];

     

       152
       152
       -
               wantedBy = [ "multi-user.target" ];

     

       153
       153
       -
               path = [

     

       154
       154
       -
                 pgsql.package

     

       155
       155
       -
                 pkgs.util-linux

     

       156
       156
       -
               ];

     

       157
       157
       -
               script = ''

     

       158
       158
       -
                 set -eu

     

       150
       150
       +
           systemd.services.postfixadmin-postgres = lib.mkIf localDB {

     

       151
       151
       +
             after = [ "postgresql.service" ];

     

       152
       152
       +
             bindsTo = [ "postgresql.service" ];

     

       153
       153
       +
             wantedBy = [ "multi-user.target" ];

     

       154
       154
       +
             path = [

     

       155
       155
       +
               pgsql.package

     

       156
       156
       +
               pkgs.util-linux

     

       157
       157
       +
             ];

     

       158
       158
       +
             script = ''

     

       159
       159
       +
               set -eu

     

       159
       160
        
       

     

       160
       160
       -
                 PSQL() {

     

       161
       161
       -
                     psql --port=${toString pgsql.port} "$@"

     

       162
       162
       -
                 }

     

       161
       161
       +
               PSQL() {

     

       162
       162
       +
                   psql --port=${toString pgsql.port} "$@"

     

       163
       163
       +
               }

     

       163
       164
        
       

     

       164
       164
       -
                 PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.database.dbname}'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "${cfg.database.dbname}" OWNER "${cfg.database.username}"'

     

       165
       165
       -
                 current_owner=$(PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.database.dbname}'")

     

       166
       166
       -
                 if [[ "$current_owner" != "${cfg.database.username}" ]]; then

     

       167
       167
       -
                     PSQL -tAc 'ALTER DATABASE "${cfg.database.dbname}" OWNER TO "${cfg.database.username}"'

     

       168
       168
       -
                     if [[ -e "${config.services.postgresql.dataDir}/.reassigning_${cfg.database.dbname}" ]]; then

     

       169
       169
       -
                         echo "Reassigning ownership of database ${cfg.database.dbname} to user ${cfg.database.username} failed on last boot. Failing..."

     

       170
       170
       -
                         exit 1

     

       171
       171
       -
                     fi

     

       172
       172
       -
                     touch "${config.services.postgresql.dataDir}/.reassigning_${cfg.database.dbname}"

     

       173
       173
       -
                     PSQL "${cfg.database.dbname}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.database.username}\""

     

       174
       174
       -
                     rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.database.dbname}"

     

       175
       175
       -
                 fi

     

       176
       176
       -
               '';

     

       165
       165
       +
               PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.database.dbname}'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "${cfg.database.dbname}" OWNER "${cfg.database.username}"'

     

       166
       166
       +
               current_owner=$(PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.database.dbname}'")

     

       167
       167
       +
               if [[ "$current_owner" != "${cfg.database.username}" ]]; then

     

       168
       168
       +
                   PSQL -tAc 'ALTER DATABASE "${cfg.database.dbname}" OWNER TO "${cfg.database.username}"'

     

       169
       169
       +
                   if [[ -e "${pgsql.dataDir}/.reassigning_${cfg.database.dbname}" ]]; then

     

       170
       170
       +
                       echo "Reassigning ownership of database ${cfg.database.dbname} to user ${cfg.database.username} failed on last boot. Failing..."

     

       171
       171
       +
                       exit 1

     

       172
       172
       +
                   fi

     

       173
       173
       +
                   touch "${pgsql.dataDir}/.reassigning_${cfg.database.dbname}"

     

       174
       174
       +
                   PSQL "${cfg.database.dbname}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.database.username}\""

     

       175
       175
       +
                   rm "${pgsql.dataDir}/.reassigning_${cfg.database.dbname}"

     

       176
       176
       +
               fi

     

       177
       177
       +
             '';

     

       177
       178
        
       

     

       178
       178
       -
               serviceConfig = {

     

       179
       179
       -
                 User = pgsql.superUser;

     

       180
       180
       -
                 Type = "oneshot";

     

       181
       181
       -
                 RemainAfterExit = true;

     

       182
       182
       -
               };

     

       179
       179
       +
             serviceConfig = {

     

       180
       180
       +
               User = pgsql.superUser;

     

       181
       181
       +
               Type = "oneshot";

     

       182
       182
       +
               RemainAfterExit = true;

     

       183
       183
        
             };

     

       184
       184
       +
           };

     

       184
       185
        
       

     

       185
       186
        
           users.users.${user} = lib.mkIf localDB {

     

       186
       187
        
             group = user;

     

       187
       188
        
             isSystemUser = true;

     

       188
       189
        
             createHome = false;

     

       189
       190
        
           };

     

       191
       191
       +
       

     

       190
       192
        
           users.groups.${user} = lib.mkIf localDB { };

     

       191
       193
        
       

     

       192
       194
        
           services.phpfpm.pools.postfixadmin = {

     
···

       196
       198
        
               error_log = 'stderr'

     

       197
       199
        
               log_errors = on

     

       198
       200
        
             '';

     

       199
       199
       -
             settings = lib.mapAttrs (name: lib.mkDefault) {

     

       201
       201
       +
             settings = lib.mapAttrs (_: lib.mkDefault) {

     

       200
       202
        
               "listen.owner" = "nginx";

     

       201
       203
        
               "listen.group" = "nginx";

     

       202
       204
        
               "listen.mode" = "0660";