diff options
author | Maciej Krüger <mkg20001@gmail.com> | 2024-01-12 21:00:40 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-12 21:00:40 +0100 |
commit | 6ba04cc30231c0c27c45ad94d739e465cc46d4cf (patch) | |
tree | 1d84fa612690ca2480a73aca0cd478c9bf54a84f /nixos/modules/services/admin | |
parent | bff44df27228a1bbb9f9c85fd8d1dae64baaa613 (diff) | |
parent | bc21d288f4f089af32f5ee306352f5e11c93da64 (diff) |
Merge pull request #270876 from gador/pgadmin-check-pw
nixos/pgadmin: add minimumPasswordLength setting and check
Diffstat (limited to 'nixos/modules/services/admin')
-rw-r--r-- | nixos/modules/services/admin/pgadmin.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix index 3d820db59f4c..ceb5655dc562 100644 --- a/nixos/modules/services/admin/pgadmin.nix +++ b/nixos/modules/services/admin/pgadmin.nix @@ -44,12 +44,19 @@ in initialPasswordFile = mkOption { description = lib.mdDoc '' - Initial password file for the pgAdmin account. + Initial password file for the pgAdmin account. Minimum length by default is 6. + Please see `services.pgadmin.minimumPasswordLength`. NOTE: Should be string not a store path, to prevent the password from being world readable ''; type = types.path; }; + minimumPasswordLength = mkOption { + description = lib.mdDoc "Minimum length of the password"; + type = types.int; + default = 6; + }; + emailServer = { enable = mkOption { description = lib.mdDoc '' @@ -116,6 +123,7 @@ in services.pgadmin.settings = { DEFAULT_SERVER_PORT = cfg.port; + PASSWORD_LENGTH_MIN = cfg.minimumPasswordLength; SERVER_MODE = true; UPGRADE_CHECK_ENABLED = false; } // (optionalAttrs cfg.openFirewall { @@ -141,6 +149,14 @@ in preStart = '' # NOTE: this is idempotent (aka running it twice has no effect) + # Check here for password length to prevent pgadmin from starting + # and presenting a hard to find error message + # see https://github.com/NixOS/nixpkgs/issues/270624 + PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile}) + if [ $PW_LENGTH -lt ${toString cfg.minimumPasswordLength} ]; then + echo "Password must be at least ${toString cfg.minimumPasswordLength} characters long" + exit 1 + fi ( # Email address: echo ${escapeShellArg cfg.initialEmail} |