colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/pgadmin: add passwordLength setting

Browse Source 
pgadmin by default checks the length of the password
and will fail with passwords < 6 characters.
The produced error message is buried in python tracebacks
and hard to find and debug.

Therefore this adds the setting, and also adds a check
in the pre-start script of pgadmin.

The nixos/pgadmin tests have been modified, also.

Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
This commit is contained in:
Florian Brandes 2023-11-29 10:21:52 +01:00
parent 77cc213d14
commit 010a6250db
No known key found for this signature in database
GPG Key ID: 074048E893713170
2 changed files with 57 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nixos/modules/services/admin/pgadmin.nix
View File

@ -43,12 +43,19 @@ in
initialPasswordFile = mkOption {
description = lib.mdDoc ''
Initial password file for the pgAdmin account.
Initial password file for the pgAdmin account. Minimum length by default is 6.
Please see services.pgadmin.passwordLength.
NOTE: Should be string not a store path, to prevent the password from being world readable
'';
type = types.path;
};
passwordLength = mkOption {
description = lib.mdDoc "Minimum length of the password";
type = types.int;
default = 6;
};
emailServer = {
enable = mkOption {
description = lib.mdDoc ''
@ -115,6 +122,7 @@ in
services.pgadmin.settings = {
DEFAULT_SERVER_PORT = cfg.port;
PASSWORD_LENGTH_MIN = cfg.passwordLength;
SERVER_MODE = true;
} // (optionalAttrs cfg.openFirewall {
DEFAULT_SERVER = mkDefault "::";
@ -139,6 +147,15 @@ in
preStart = ''
# NOTE: this is idempotent (aka running it twice has no effect)
# Check here for password length to prevent pgadmin from starting
# and presenting a hard to find error message
# see https://github.com/NixOS/nixpkgs/issues/270624
PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile})
if [ $PW_LENGTH -lt ${toString cfg.passwordLength} ]
then
echo "Password must be at least ${toString cfg.passwordLength} characters long"
exit 1
fi
(
# Email address:
echo ${escapeShellArg cfg.initialEmail}

56
nixos/tests/pgadmin4.nix
View File

@ -4,31 +4,49 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
name = "pgadmin4";
meta.maintainers = with lib.maintainers; [ mkg20001 gador ];
nodes.machine = { pkgs, ... }: {
nodes = {
machine = { pkgs, ... }: {
imports = [ ./common/user-account.nix ];
imports = [ ./common/user-account.nix ];
environment.systemPackages = with pkgs; [
wget
curl
pgadmin4-desktopmode
];
environment.systemPackages = with pkgs; [
wget
curl
pgadmin4-desktopmode
];
services.postgresql = {
enable = true;
authentication = ''
host all all localhost trust
'';
services.postgresql = {
enable = true;
authentication = ''
host all all localhost trust
'';
};
services.pgadmin = {
port = 5051;
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
};
};
machine2 = { pkgs, ... }: {
services.pgadmin = {
port = 5051;
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
imports = [ ./common/user-account.nix ];
services.postgresql = {
enable = true;
};
services.pgadmin = {
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
passwordLength = 12;
};
};
};
testScript = ''
with subtest("Check pgadmin module"):
machine.wait_for_unit("postgresql")
@ -49,5 +67,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
machine.wait_until_succeeds("curl -sS localhost:5050")
machine.wait_until_succeeds("curl -sS localhost:5050/browser/ | grep \"<title>pgAdmin 4</title>\" > /dev/null")
machine.succeed("wget -nv --level=1 --spider --recursive localhost:5050/browser")
with subtest("Check pgadmin minimum password length"):
machine2.wait_for_unit("postgresql")
machine2.wait_for_console_text("Password must be at least 12 characters long")
'';
})