changess...
This commit is contained in:
parent
52506df236
commit
f4ef07084b
1 changed files with 37 additions and 18 deletions
55
flake.nix
55
flake.nix
|
|
@ -78,7 +78,7 @@
|
|||
database = {
|
||||
name = mkOption rec {
|
||||
type = types.str;
|
||||
default = "zoeyscomputer_prod";
|
||||
default = "zoeyscomputer";
|
||||
example = default;
|
||||
description = "Database name";
|
||||
};
|
||||
|
|
@ -118,26 +118,50 @@
|
|||
locations."/".proxyPass = "http://127.0.0.1:${toString cfg.phx.port}";
|
||||
};
|
||||
|
||||
# Create a oneshot service to set up the database user with password
|
||||
systemd.services.init-zoeyscomputer-db = {
|
||||
description = "Initialize ZoeysComputer Database User";
|
||||
wantedBy = ["multi-user.target"];
|
||||
after = ["postgresql.service"];
|
||||
before = ["zoeyscomputer.service"];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
User = config.services.postgresql.superUser;
|
||||
};
|
||||
script = ''
|
||||
${optionalString (cfg.phx.database.passwordFile != null) ''
|
||||
# Read password from file
|
||||
PASSWORD=$(cat ${cfg.phx.database.passwordFile})
|
||||
|
||||
# Check if user exists
|
||||
if ! psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='${cfg.phx.database.user}'" | grep -q 1; then
|
||||
# Create user with password if it doesn't exist
|
||||
psql -c "CREATE USER ${cfg.phx.database.user} WITH PASSWORD '$PASSWORD'"
|
||||
else
|
||||
# Update password if user exists
|
||||
psql -c "ALTER USER ${cfg.phx.database.user} WITH PASSWORD '$PASSWORD'"
|
||||
fi
|
||||
|
||||
# Ensure user has access to database
|
||||
psql -c "GRANT ALL PRIVILEGES ON DATABASE ${cfg.phx.database.name} TO ${cfg.phx.database.user}"
|
||||
''}
|
||||
'';
|
||||
path = [config.services.postgresql.package];
|
||||
};
|
||||
|
||||
# Ensure database exists
|
||||
services.postgresql.ensureDatabases = [
|
||||
cfg.phx.database.name
|
||||
];
|
||||
|
||||
# Ensure database user exists
|
||||
services.postgresql.ensureUsers = [
|
||||
{
|
||||
name = cfg.phx.database.user;
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services."zoeyscomputer-phx" = let
|
||||
release_name = "zoeyscomputer";
|
||||
working_directory = "/var/lib/zoeycomputer";
|
||||
in {
|
||||
wantedBy = ["multi-user.target"];
|
||||
after = ["network.target" "postgresql.service"];
|
||||
requires = ["network-online.target" "postgresql.service"];
|
||||
after = ["network.target" "postgresql.service" "init-zoeyscomputer-db.service"];
|
||||
requires = ["network-online.target" "postgresql.service" "init-zoeyscomputer-db.service"];
|
||||
description = "zoey computer";
|
||||
environment = {
|
||||
RELEASE_TMP = working_directory;
|
||||
|
|
@ -145,14 +169,9 @@
|
|||
PHX_HOST = cfg.domain;
|
||||
PHX_SERVER = toString cfg.phx.enableServer;
|
||||
};
|
||||
preStart = optionalString (cfg.phx.database.passwordFile != null) ''
|
||||
# Set the password for the database user
|
||||
export PGPASSWORD=$(cat ${cfg.phx.database.passwordFile})
|
||||
echo "ALTER USER ${cfg.phx.database.user} WITH PASSWORD '$PGPASSWORD'" | \
|
||||
runuser -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "exec";
|
||||
User = "zoeycomputer-phx";
|
||||
DynamicUser = true;
|
||||
WorkingDirectory = working_directory;
|
||||
PrivateTmp = true;
|
||||
|
|
@ -186,7 +205,7 @@
|
|||
StartLimitBurst = 3;
|
||||
StartLimitInterval = 10;
|
||||
};
|
||||
path = with pkgs; [bash util-linux];
|
||||
path = [pkgs.bash];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue