pyrox.dev / nixpkgs
lol
fork atom

pgadmin: Use systemd's LoadCredential for password files (#312569)

* pgadmin: Use systemd's LoadCredential for password files

* Update nixos/modules/services/admin/pgadmin.nix

---------

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>

TNE 4582b524 aa5d9c30

options
unified split
Changed files
+7 -3
nixos
modules
services
admin
pgadmin.nix
+7 -3
nixos/modules/services/admin/pgadmin.nix 
···

       
152

       
 

       
        # Check here for password length to prevent pgadmin from starting


     

       
153

       
 

       
        # and presenting a hard to find error message


     

       
154

       
 

       
        # see https://github.com/NixOS/nixpkgs/issues/270624


     

       
155

       
-

       
        PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile})


     

       

       

       
     

       
156

       
 

       
        if [ $PW_LENGTH -lt ${toString cfg.minimumPasswordLength} ]; then


     

       
157

       
 

       
            echo "Password must be at least ${toString cfg.minimumPasswordLength} characters long"


     

       
158

       
 

       
            exit 1


     
···

       
162

       
 

       
          echo ${escapeShellArg cfg.initialEmail}


     

       
163

       
 

       



     

       
164

       
 

       
          # file might not contain newline. echo hack fixes that.


     

       
165

       
-

       
          PW=$(cat ${escapeShellArg cfg.initialPasswordFile})


     

       
166

       
 

       



     

       
167

       
 

       
          # Password:


     

       
168

       
 

       
          echo "$PW"


     
···

       
181

       
 

       
        LogsDirectory = "pgadmin";


     

       
182

       
 

       
        StateDirectory = "pgadmin";


     

       
183

       
 

       
        ExecStart = "${cfg.package}/bin/pgadmin4";


     

       

       

       
     

       

       

       
     

       
184

       
 

       
      };


     

       
185

       
 

       
    };


     

       
186

       
 

       



     
···

       
193

       
 

       



     

       
194

       
 

       
    environment.etc."pgadmin/config_system.py" = {


     

       
195

       
 

       
      text = lib.optionalString cfg.emailServer.enable ''


     

       
196

       
-

       
        with open("${cfg.emailServer.passwordFile}") as f:


     

       

       

       
     

       
197

       
 

       
          pw = f.read()


     

       
198

       
 

       
        MAIL_PASSWORD = pw


     

       
199

       
 

       
      '' + formatPy cfg.settings;


     
···

       
152

       
 

       
        # Check here for password length to prevent pgadmin from starting


     

       
153

       
 

       
        # and presenting a hard to find error message


     

       
154

       
 

       
        # see https://github.com/NixOS/nixpkgs/issues/270624


     

       
155

       
+

       
        PW_FILE="$CREDENTIALS_DIRECTORY/initial_password"


     

       
156

       
+

       
        PW_LENGTH=$(wc -m < "$PW_FILE")


     

       
157

       
 

       
        if [ $PW_LENGTH -lt ${toString cfg.minimumPasswordLength} ]; then


     

       
158

       
 

       
            echo "Password must be at least ${toString cfg.minimumPasswordLength} characters long"


     

       
159

       
 

       
            exit 1


     
···

       
163

       
 

       
          echo ${escapeShellArg cfg.initialEmail}


     

       
164

       
 

       



     

       
165

       
 

       
          # file might not contain newline. echo hack fixes that.


     

       
166

       
+

       
          PW=$(cat "$PW_FILE")


     

       
167

       
 

       



     

       
168

       
 

       
          # Password:


     

       
169

       
 

       
          echo "$PW"


     
···

       
182

       
 

       
        LogsDirectory = "pgadmin";


     

       
183

       
 

       
        StateDirectory = "pgadmin";


     

       
184

       
 

       
        ExecStart = "${cfg.package}/bin/pgadmin4";


     

       
185

       
+

       
        LoadCredential = [ "initial_password:${cfg.initialPasswordFile}" ]


     

       
186

       
+

       
          ++ optional cfg.emailServer.enable "email_password:${cfg.emailServer.passwordFile}";


     

       
187

       
 

       
      };


     

       
188

       
 

       
    };


     

       
189

       
 

       



     
···

       
196

       
 

       



     

       
197

       
 

       
    environment.etc."pgadmin/config_system.py" = {


     

       
198

       
 

       
      text = lib.optionalString cfg.emailServer.enable ''


     

       
199

       
+

       
        import os


     

       
200

       
+

       
        with open(os.path.join(os.environ['CREDENTIALS_DIRECTORY'], 'email_password')) as f:


     

       
201

       
 

       
          pw = f.read()


     

       
202

       
 

       
        MAIL_PASSWORD = pw


     

       
203

       
 

       
      '' + formatPy cfg.settings;