diff options
| author | TNE <38938720+JustTNE@users.noreply.github.com> | 2024-05-19 00:16:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-19 00:16:00 +0200 |
| commit | 4582b524ba35b8186a9b3a366eaba8cbe31d140f (patch) | |
| tree | 267f163048db51497f8725867b9ba840a0763c70 /nixos | |
| parent | aa5d9c30f8903d98f4b25cebdcfdbae19ca55859 (diff) | |
pgadmin: Use systemd's LoadCredential for password files (#312569)
* pgadmin: Use systemd's LoadCredential for password files
* Update nixos/modules/services/admin/pgadmin.nix
---------
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/admin/pgadmin.nix | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix index ead0c3c6c9a3..b3dd3c78874c 100644 --- a/nixos/modules/services/admin/pgadmin.nix +++ b/nixos/modules/services/admin/pgadmin.nix @@ -152,7 +152,8 @@ in # Check here for password length to prevent pgadmin from starting # and presenting a hard to find error message # see https://github.com/NixOS/nixpkgs/issues/270624 - PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile}) + PW_FILE="$CREDENTIALS_DIRECTORY/initial_password" + PW_LENGTH=$(wc -m < "$PW_FILE") if [ $PW_LENGTH -lt ${toString cfg.minimumPasswordLength} ]; then echo "Password must be at least ${toString cfg.minimumPasswordLength} characters long" exit 1 @@ -162,7 +163,7 @@ in echo ${escapeShellArg cfg.initialEmail} # file might not contain newline. echo hack fixes that. - PW=$(cat ${escapeShellArg cfg.initialPasswordFile}) + PW=$(cat "$PW_FILE") # Password: echo "$PW" @@ -181,6 +182,8 @@ in LogsDirectory = "pgadmin"; StateDirectory = "pgadmin"; ExecStart = "${cfg.package}/bin/pgadmin4"; + LoadCredential = [ "initial_password:${cfg.initialPasswordFile}" ] + ++ optional cfg.emailServer.enable "email_password:${cfg.emailServer.passwordFile}"; }; }; @@ -193,7 +196,8 @@ in environment.etc."pgadmin/config_system.py" = { text = lib.optionalString cfg.emailServer.enable '' - with open("${cfg.emailServer.passwordFile}") as f: + import os + with open(os.path.join(os.environ['CREDENTIALS_DIRECTORY'], 'email_password')) as f: pw = f.read() MAIL_PASSWORD = pw '' + formatPy cfg.settings; |