depot/third_party/nixpkgs/nixos/modules/services/admin/pgadmin.nix
Default email b450903751 Project import generated by Copybara.
GitOrigin-RevId: 74a1793c659d09d7cf738005308b1f86c90cb59b
2022-09-09 16:08:57 +02:00

127 lines
3.7 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
pkg = pkgs.pgadmin4;
cfg = config.services.pgadmin;
_base = with types; [ int bool str ];
base = with types; oneOf ([ (listOf (oneOf _base)) (attrsOf (oneOf _base)) ] ++ _base);
formatAttrset = attr:
"{${concatStringsSep "\n" (mapAttrsToList (key: value: "${builtins.toJSON key}: ${formatPyValue value},") attr)}}";
formatPyValue = value:
if builtins.isString value then builtins.toJSON value
else if value ? _expr then value._expr
else if builtins.isInt value then toString value
else if builtins.isBool value then (if value then "True" else "False")
else if builtins.isAttrs value then (formatAttrset value)
else if builtins.isList value then "[${concatStringsSep "\n" (map (v: "${formatPyValue v},") value)}]"
else throw "Unrecognized type";
formatPy = attrs:
concatStringsSep "\n" (mapAttrsToList (key: value: "${key} = ${formatPyValue value}") attrs);
pyType = with types; attrsOf (oneOf [ (attrsOf base) (listOf base) base ]);
in
{
options.services.pgadmin = {
enable = mkEnableOption (lib.mdDoc "PostgreSQL Admin 4");
port = mkOption {
description = lib.mdDoc "Port for pgadmin4 to run on";
type = types.port;
default = 5050;
};
initialEmail = mkOption {
description = lib.mdDoc "Initial email for the pgAdmin account.";
type = types.str;
};
initialPasswordFile = mkOption {
description = lib.mdDoc ''
Initial password file for the pgAdmin account.
NOTE: Should be string not a store path, to prevent the password from being world readable.
'';
type = types.path;
};
openFirewall = mkEnableOption (lib.mdDoc "firewall passthrough for pgadmin4");
settings = mkOption {
description = lib.mdDoc ''
Settings for pgadmin4.
[Documentation](https://www.pgadmin.org/docs/pgadmin4/development/config_py.html).
'';
type = pyType;
default= {};
};
};
config = mkIf (cfg.enable) {
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ];
services.pgadmin.settings = {
DEFAULT_SERVER_PORT = cfg.port;
SERVER_MODE = true;
} // (optionalAttrs cfg.openFirewall {
DEFAULT_SERVER = mkDefault "::";
});
systemd.services.pgadmin = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "network.target" ];
# we're adding this optionally so just in case there's any race it'll be caught
# in case postgres doesn't start, pgadmin will just start normally
wants = [ "postgresql.service" ];
path = [ config.services.postgresql.package pkgs.coreutils pkgs.bash ];
preStart = ''
# NOTE: this is idempotent (aka running it twice has no effect)
(
# Email address:
echo ${escapeShellArg cfg.initialEmail}
# file might not contain newline. echo hack fixes that.
PW=$(cat ${escapeShellArg cfg.initialPasswordFile})
# Password:
echo "$PW"
# Retype password:
echo "$PW"
) | ${pkg}/bin/pgadmin4-setup
'';
restartTriggers = [
"/etc/pgadmin/config_system.py"
];
serviceConfig = {
User = "pgadmin";
DynamicUser = true;
LogsDirectory = "pgadmin";
StateDirectory = "pgadmin";
ExecStart = "${pkg}/bin/pgadmin4";
};
};
users.users.pgadmin = {
isSystemUser = true;
group = "pgadmin";
};
users.groups.pgadmin = {};
environment.etc."pgadmin/config_system.py" = {
text = formatPy cfg.settings;
mode = "0600";
user = "pgadmin";
group = "pgadmin";
};
};
}