From 010a6250db54a2efb74d7db846379eae0878de09 Mon Sep 17 00:00:00 2001 From: Florian Brandes Date: Wed, 29 Nov 2023 10:21:52 +0100 Subject: nixos/pgadmin: add passwordLength setting pgadmin by default checks the length of the password and will fail with passwords < 6 characters. The produced error message is buried in python tracebacks and hard to find and debug. Therefore this adds the setting, and also adds a check in the pre-start script of pgadmin. The nixos/pgadmin tests have been modified, also. Signed-off-by: Florian Brandes --- nixos/modules/services/admin/pgadmin.nix | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'nixos/modules/services/admin') diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix index 390c80d1a2d4..fb7b65171aad 100644 --- a/nixos/modules/services/admin/pgadmin.nix +++ b/nixos/modules/services/admin/pgadmin.nix @@ -43,12 +43,19 @@ in initialPasswordFile = mkOption { description = lib.mdDoc '' - Initial password file for the pgAdmin account. + Initial password file for the pgAdmin account. Minimum length by default is 6. + Please see services.pgadmin.passwordLength. NOTE: Should be string not a store path, to prevent the password from being world readable ''; type = types.path; }; + passwordLength = mkOption { + description = lib.mdDoc "Minimum length of the password"; + type = types.int; + default = 6; + }; + emailServer = { enable = mkOption { description = lib.mdDoc '' @@ -115,6 +122,7 @@ in services.pgadmin.settings = { DEFAULT_SERVER_PORT = cfg.port; + PASSWORD_LENGTH_MIN = cfg.passwordLength; SERVER_MODE = true; } // (optionalAttrs cfg.openFirewall { DEFAULT_SERVER = mkDefault "::"; @@ -139,6 +147,15 @@ in preStart = '' # NOTE: this is idempotent (aka running it twice has no effect) + # Check here for password length to prevent pgadmin from starting + # and presenting a hard to find error message + # see https://github.com/NixOS/nixpkgs/issues/270624 + PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile}) + if [ $PW_LENGTH -lt ${toString cfg.passwordLength} ] + then + echo "Password must be at least ${toString cfg.passwordLength} characters long" + exit 1 + fi ( # Email address: echo ${escapeShellArg cfg.initialEmail} -- cgit v1.2.3 From bc21d288f4f089af32f5ee306352f5e11c93da64 Mon Sep 17 00:00:00 2001 From: Florian Brandes Date: Thu, 11 Jan 2024 10:34:37 +0100 Subject: nixos/pgadmin: apply review suggestions Signed-off-by: Florian Brandes --- nixos/modules/services/admin/pgadmin.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'nixos/modules/services/admin') diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix index fb7b65171aad..09a9b2714e34 100644 --- a/nixos/modules/services/admin/pgadmin.nix +++ b/nixos/modules/services/admin/pgadmin.nix @@ -44,13 +44,13 @@ in initialPasswordFile = mkOption { description = lib.mdDoc '' Initial password file for the pgAdmin account. Minimum length by default is 6. - Please see services.pgadmin.passwordLength. + Please see `services.pgadmin.minimumPasswordLength`. NOTE: Should be string not a store path, to prevent the password from being world readable ''; type = types.path; }; - passwordLength = mkOption { + minimumPasswordLength = mkOption { description = lib.mdDoc "Minimum length of the password"; type = types.int; default = 6; @@ -122,7 +122,7 @@ in services.pgadmin.settings = { DEFAULT_SERVER_PORT = cfg.port; - PASSWORD_LENGTH_MIN = cfg.passwordLength; + PASSWORD_LENGTH_MIN = cfg.minimumPasswordLength; SERVER_MODE = true; } // (optionalAttrs cfg.openFirewall { DEFAULT_SERVER = mkDefault "::"; @@ -151,9 +151,8 @@ in # and presenting a hard to find error message # see https://github.com/NixOS/nixpkgs/issues/270624 PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile}) - if [ $PW_LENGTH -lt ${toString cfg.passwordLength} ] - then - echo "Password must be at least ${toString cfg.passwordLength} characters long" + if [ $PW_LENGTH -lt ${toString cfg.minimumPasswordLength} ]; then + echo "Password must be at least ${toString cfg.minimumPasswordLength} characters long" exit 1 fi ( -- cgit v1.2.3