nixos/hydron: Various fixes, create db_conf.json and link to it

2018-08-03 10:43:53 -05:00 · 2018-08-03 10:43:53 -05:00 · d49b5bdfb9
parent 6de26d6647
commit d49b5bdfb9
1 changed files with 62 additions and 4 deletions
--- a/nixos/modules/services/web-servers/hydron.nix
+++ b/nixos/modules/services/web-servers/hydron.nix
@ -1,6 +1,8 @@
 { config, lib, pkgs, ... }:

-let cfg = config.services.hydron;
+let
+  cfg = config.services.hydron;
+  postgres = config.services.postgresql;
 in with lib; {
  options.services.hydron = {
    enable = mkEnableOption "hydron";
@ -25,6 +27,38 @@ in with lib; {
      '';
    };

+    password = mkOption {
+      type = types.str;
+      default = "hydron";
+      example = "dumbpass";
+      description = "Password for the hydron database.";
+    };
+
+    passwordFile = mkOption {
+      type = types.path;
+      default = "/run/keys/hydron-password-file";
+      example = "/home/okina/hydron/keys/pass";
+      description = "Password file for the hydron database.";
+    };
+
+    postgresArgs = mkOption {
+      type = types.str;
+      description = "Postgresql connection arguments.";
+      example = ''
+        {
+          "driver": "postgres",
+          "connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable"
+        }
+      '';
+    };
+
+    postgresArgsFile = mkOption {
+      type = types.path;
+      default = "/run/keys/hydron-postgres-args";
+      example = "/home/okina/hydron/keys/postgres";
+      description = "Postgresql connection arguments file.";
+    };
+
    listenAddress = mkOption {
      type = types.nullOr types.str;
      default = null;
@ -47,16 +81,36 @@ in with lib; {
  };

  config = mkIf cfg.enable {
+    security.sudo.enable = cfg.enable;
+    services.postgresql.enable = cfg.enable;
+    services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password);
+    services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs);
+    services.hydron.postgresArgs = mkDefault ''
+      {
+        "driver": "postgres",
+        "connection": "user=hydron password=${cfg.password} dbname=hydron sslmode=disable"
+      }
+    '';
+
    systemd.services.hydron = {
      description = "hydron";
-      after = [ "network.target" ];
+      after = [ "network.target" "postgresql.service" ];
      wantedBy = [ "multi-user.target" ];

      preStart = ''
-        # Ensure folder exists and permissions are correct
-        mkdir -p ${escapeShellArg cfg.dataDir}/images
+        # Ensure folder exists or create it and permissions are correct
+        mkdir -p ${escapeShellArg cfg.dataDir}/{.hydron,images}
+        ln -sf ${escapeShellArg cfg.postgresArgsFile} ${escapeShellArg cfg.dataDir}/.hydron/db_conf.json
        chmod 750 ${escapeShellArg cfg.dataDir}
        chown -R hydron:hydron ${escapeShellArg cfg.dataDir}
+
+        # Ensure the database is correct or create it
+        ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \
+          -SDR hydron || true
+        ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \
+          -T template0 -E UTF8 -O hydron hydron || true
+        ${pkgs.sudo}/bin/sudo -u hydron ${postgres.package}/bin/psql \
+          -c "ALTER ROLE hydron WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true
      '';

      serviceConfig = {
@ -101,5 +155,9 @@ in with lib; {
    };
  };

+  imports = [
+    (mkRenamedOptionModule [ "services" "hydron" "baseDir" ] [ "services" "hydron" "dataDir" ])
+  ];
+
  meta.maintainers = with maintainers; [ chiiruno ];
 }