diff options
| author | Florian Brandes <florian.brandes@posteo.de> | 2023-11-29 10:21:52 +0100 |
|---|---|---|
| committer | Florian Brandes <florian.brandes@posteo.de> | 2023-11-29 10:21:52 +0100 |
| commit | 010a6250db54a2efb74d7db846379eae0878de09 (patch) | |
| tree | 8a03e28ba7f7e7fbb6d755d83eb2e8e572d9bab0 /nixos/modules/services/admin | |
| parent | 77cc213d1410c13f1f4a9fa466ac71351eefc2c7 (diff) | |
nixos/pgadmin: add passwordLength setting
pgadmin by default checks the length of the password
and will fail with passwords < 6 characters.
The produced error message is buried in python tracebacks
and hard to find and debug.
Therefore this adds the setting, and also adds a check
in the pre-start script of pgadmin.
The nixos/pgadmin tests have been modified, also.
Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
Diffstat (limited to 'nixos/modules/services/admin')
| -rw-r--r-- | nixos/modules/services/admin/pgadmin.nix | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix index 390c80d1a2d4..fb7b65171aad 100644 --- a/nixos/modules/services/admin/pgadmin.nix +++ b/nixos/modules/services/admin/pgadmin.nix @@ -43,12 +43,19 @@ in initialPasswordFile = mkOption { description = lib.mdDoc '' - Initial password file for the pgAdmin account. + Initial password file for the pgAdmin account. Minimum length by default is 6. + Please see services.pgadmin.passwordLength. NOTE: Should be string not a store path, to prevent the password from being world readable ''; type = types.path; }; + passwordLength = mkOption { + description = lib.mdDoc "Minimum length of the password"; + type = types.int; + default = 6; + }; + emailServer = { enable = mkOption { description = lib.mdDoc '' @@ -115,6 +122,7 @@ in services.pgadmin.settings = { DEFAULT_SERVER_PORT = cfg.port; + PASSWORD_LENGTH_MIN = cfg.passwordLength; SERVER_MODE = true; } // (optionalAttrs cfg.openFirewall { DEFAULT_SERVER = mkDefault "::"; @@ -139,6 +147,15 @@ in preStart = '' # NOTE: this is idempotent (aka running it twice has no effect) + # Check here for password length to prevent pgadmin from starting + # and presenting a hard to find error message + # see https://github.com/NixOS/nixpkgs/issues/270624 + PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile}) + if [ $PW_LENGTH -lt ${toString cfg.passwordLength} ] + then + echo "Password must be at least ${toString cfg.passwordLength} characters long" + exit 1 + fi ( # Email address: echo ${escapeShellArg cfg.initialEmail} |