changess...

2024-10-21 20:37:53 -04:00 · 2024-10-21 20:37:53 -04:00 · f4ef07084b
commit f4ef07084b
parent 52506df236
1 changed files with 37 additions and 18 deletions
--- a/flake.nix
+++ b/flake.nix
@ -78,7 +78,7 @@
                database = {
                  name = mkOption rec {
                    type = types.str;
-                    default = "zoeyscomputer_prod";
+                    default = "zoeyscomputer";
                    example = default;
                    description = "Database name";
                  };
@ -118,26 +118,50 @@
                locations."/".proxyPass = "http://127.0.0.1:${toString cfg.phx.port}";
              };
              # Create a oneshot service to set up the database user with password
              systemd.services.init-zoeyscomputer-db = {
                description = "Initialize ZoeysComputer Database User";
                wantedBy = ["multi-user.target"];
                after = ["postgresql.service"];
                before = ["zoeyscomputer.service"];
                serviceConfig = {
                  Type = "oneshot";
                  RemainAfterExit = true;
                  User = config.services.postgresql.superUser;
                };
                script = ''
                  ${optionalString (cfg.phx.database.passwordFile != null) ''
                    # Read password from file
                    PASSWORD=$(cat ${cfg.phx.database.passwordFile})
                    # Check if user exists
                    if ! psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='${cfg.phx.database.user}'" | grep -q 1; then
                      # Create user with password if it doesn't exist
                      psql -c "CREATE USER ${cfg.phx.database.user} WITH PASSWORD '$PASSWORD'"
                    else
                      # Update password if user exists
                      psql -c "ALTER USER ${cfg.phx.database.user} WITH PASSWORD '$PASSWORD'"
                    fi
                    # Ensure user has access to database
                    psql -c "GRANT ALL PRIVILEGES ON DATABASE ${cfg.phx.database.name} TO ${cfg.phx.database.user}"
                  ''}
                '';
                path = [config.services.postgresql.package];
              };
              # Ensure database exists
              services.postgresql.ensureDatabases = [
                cfg.phx.database.name
              ];
              # Ensure database user exists
              services.postgresql.ensureUsers = [
                {
                  name = cfg.phx.database.user;
                  ensureDBOwnership = true;
                }
              ];
              systemd.services."zoeyscomputer-phx" = let
                release_name = "zoeyscomputer";
                working_directory = "/var/lib/zoeycomputer";
              in {
                wantedBy = ["multi-user.target"];
-                after = ["network.target" "postgresql.service"];
+                after = ["network.target" "postgresql.service" "init-zoeyscomputer-db.service"];
-                requires = ["network-online.target" "postgresql.service"];
+                requires = ["network-online.target" "postgresql.service" "init-zoeyscomputer-db.service"];
                description = "zoey computer";
                environment = {
                  RELEASE_TMP = working_directory;
@ -145,14 +169,9 @@
                  PHX_HOST = cfg.domain;
                  PHX_SERVER = toString cfg.phx.enableServer;
                };
                preStart = optionalString (cfg.phx.database.passwordFile != null) ''
                  # Set the password for the database user
                  export PGPASSWORD=$(cat ${cfg.phx.database.passwordFile})
                  echo "ALTER USER ${cfg.phx.database.user} WITH PASSWORD '$PGPASSWORD'" | \
                    runuser -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql
                '';
                serviceConfig = {
                  Type = "exec";
                  User = "zoeycomputer-phx";
                  DynamicUser = true;
                  WorkingDirectory = working_directory;
                  PrivateTmp = true;
@ -186,7 +205,7 @@
                  StartLimitBurst = 3;
                  StartLimitInterval = 10;
                };
-                path = with pkgs; [bash util-linux];
+                path = [pkgs.bash];
              };
            };
          };