···
1
+
{ lib, pkgs, config, ... } :
6
+
cfg = config.services.postage;
8
+
confFile = pkgs.writeTextFile {
9
+
name = "postage.conf";
11
+
connection_file = ${postageConnectionsFile}
13
+
allow_custom_connections = ${builtins.toJSON cfg.allowCustomConnections}
15
+
postage_port = ${toString cfg.port}
17
+
super_only = ${builtins.toJSON cfg.superOnly}
19
+
${optionalString (!isNull cfg.loginGroup) "login_group = ${cfg.loginGroup}"}
21
+
login_timeout = ${toString cfg.loginTimeout}
23
+
web_root = ${cfg.package}/etc/postage/web_root
25
+
data_root = ${cfg.dataRoot}
27
+
${optionalString (!isNull cfg.tls) ''
28
+
tls_cert = ${cfg.tls.cert}
29
+
tls_key = ${cfg.tls.key}
32
+
log_level = ${cfg.logLevel}
36
+
postageConnectionsFile = pkgs.writeTextFile {
37
+
name = "postage-connections.conf";
38
+
text = concatStringsSep "\n"
39
+
(mapAttrsToList (name : conn : "${name}: ${conn}") cfg.connections);
42
+
postage = "postage";
45
+
options.services.postage = {
46
+
enable = mkEnableOption "PostgreSQL Administration for the web";
48
+
package = mkOption {
49
+
type = types.package;
50
+
default = pkgs.postage;
51
+
defaultText = "pkgs.postage";
53
+
The postage package to use.
57
+
connections = mkOption {
58
+
type = types.attrsOf types.str;
61
+
"nuc-server" = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
62
+
"mini-server" = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
65
+
Postage requires at least one PostgreSQL server be defined.
67
+
Detailed information about PostgreSQL connection strings is available at:
68
+
<link xlink:href="http://www.postgresql.org/docs/current/static/libpq-connect.html"/>
70
+
Note that you should not specify your user name or password. That
71
+
information will be entered on the login screen. If you specify a
72
+
username or password, it will be removed by Postage before attempting to
73
+
connect to a database.
77
+
allowCustomConnections = mkOption {
81
+
This tells Postage whether or not to allow anyone to use a custom
82
+
connection from the login screen.
90
+
This tells Postage what port to listen on for browser requests.
94
+
localOnly = mkOption {
98
+
This tells Postage whether or not to set the listening socket to local
103
+
superOnly = mkOption {
107
+
This tells Postage whether or not to only allow super users to
108
+
login. The recommended value is true and will restrict users who are not
109
+
super users from logging in to any PostgreSQL instance through
110
+
Postage. Note that a connection will be made to PostgreSQL in order to
111
+
test if the user is a superuser.
115
+
loginGroup = mkOption {
116
+
type = types.nullOr types.str;
119
+
This tells Postage to only allow users in a certain PostgreSQL group to
120
+
login to Postage. Note that a connection will be made to PostgreSQL in
121
+
order to test if the user is a member of the login group.
125
+
loginTimeout = mkOption {
129
+
Number of seconds of inactivity before user is automatically logged
134
+
dataRoot = mkOption {
136
+
default = "/var/lib/postage";
138
+
This tells Postage where to put the SQL file history. All tabs are saved
139
+
to this location so that if you get disconnected from Postage you
140
+
don't lose your work.
145
+
type = types.nullOr (types.submodule {
149
+
description = "TLS certificate";
153
+
description = "TLS key";
159
+
These options tell Postage where the TLS Certificate and Key files
160
+
reside. If you use these options then you'll only be able to access
161
+
Postage through a secure TLS connection. These options are only
162
+
necessary if you wish to connect directly to Postage using a secure TLS
163
+
connection. As an alternative, you can set up Postage in a reverse proxy
164
+
configuration. This allows your web server to terminate the secure
165
+
connection and pass on the request to Postage. You can find help to set
166
+
up this configuration in:
167
+
<link xlink:href="https://github.com/workflowproducts/postage/blob/master/INSTALL_NGINX.md"/>
171
+
logLevel = mkOption {
172
+
type = types.enum ["error" "warn" "notice" "info"];
180
+
config = mkIf cfg.enable {
181
+
systemd.services.postage = {
182
+
description = "postage - PostgreSQL Administration for the web";
183
+
wants = [ "postgresql.service" ];
184
+
after = [ "postgresql.service" ];
185
+
wantedBy = [ "multi-user.target" ];
189
+
ExecStart = "${pkgs.postage}/sbin/postage -c ${confFile}" +
190
+
optionalString cfg.localOnly " --local-only=true";
194
+
users."${postage}" = {
197
+
home = cfg.dataRoot;
200
+
groups."${postage}" = {
pyrox.dev