dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/pgadmin: add passwordLength setting

Browse Source 
pgadmin by default checks the length of the password
and will fail with passwords < 6 characters.
The produced error message is buried in python tracebacks
and hard to find and debug.

Therefore this adds the setting, and also adds a check
in the pre-start script of pgadmin.

The nixos/pgadmin tests have been modified, also.

Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
This commit is contained in:
Florian Brandes 2023-11-29 10:21:52 +01:00
parent 77cc213d14
commit 010a6250db
No known key found for this signature in database
GPG Key ID: 074048E893713170
2 changed files with 57 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nixos/modules/services/admin/pgadmin.nix
View File

@ -43,12 +43,19 @@ in
initialPasswordFile = mkOption { initialPasswordFile = mkOption {
description = lib.mdDoc '' description = lib.mdDoc ''
Initial password file for the pgAdmin account. Initial password file for the pgAdmin account. Minimum length by default is 6.
Please see services.pgadmin.passwordLength.
NOTE: Should be string not a store path, to prevent the password from being world readable NOTE: Should be string not a store path, to prevent the password from being world readable
''; '';
type = types.path; type = types.path;
}; };
passwordLength = mkOption {
description = lib.mdDoc "Minimum length of the password";
type = types.int;
default = 6;
};
emailServer = { emailServer = {
enable = mkOption { enable = mkOption {
description = lib.mdDoc '' description = lib.mdDoc ''
@ -115,6 +122,7 @@ in
services.pgadmin.settings = { services.pgadmin.settings = {
DEFAULT_SERVER_PORT = cfg.port; DEFAULT_SERVER_PORT = cfg.port;
PASSWORD_LENGTH_MIN = cfg.passwordLength;
SERVER_MODE = true; SERVER_MODE = true;
} // (optionalAttrs cfg.openFirewall { } // (optionalAttrs cfg.openFirewall {
DEFAULT_SERVER = mkDefault "::"; DEFAULT_SERVER = mkDefault "::";
@ -139,6 +147,15 @@ in
preStart = '' preStart = ''
# NOTE: this is idempotent (aka running it twice has no effect) # NOTE: this is idempotent (aka running it twice has no effect)
# Check here for password length to prevent pgadmin from starting
# and presenting a hard to find error message
# see https://github.com/NixOS/nixpkgs/issues/270624
PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile})
if [ $PW_LENGTH -lt ${toString cfg.passwordLength} ]
then
echo "Password must be at least ${toString cfg.passwordLength} characters long"
exit 1
fi
( (
# Email address: # Email address:
echo ${escapeShellArg cfg.initialEmail} echo ${escapeShellArg cfg.initialEmail}

56
nixos/tests/pgadmin4.nix
View File

@ -4,31 +4,49 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
name = "pgadmin4"; name = "pgadmin4";
meta.maintainers = with lib.maintainers; [ mkg20001 gador ]; meta.maintainers = with lib.maintainers; [ mkg20001 gador ];
nodes.machine = { pkgs, ... }: { nodes = {
machine = { pkgs, ... }: {
imports = [ ./common/user-account.nix ]; imports = [ ./common/user-account.nix ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget
curl curl
pgadmin4-desktopmode pgadmin4-desktopmode
]; ];
services.postgresql = { services.postgresql = {
enable = true; enable = true;
authentication = '' authentication = ''
host all all localhost trust host all all localhost trust
''; '';
};
services.pgadmin = {
port = 5051;
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
};
}; };
machine2 = { pkgs, ... }: {
services.pgadmin = { imports = [ ./common/user-account.nix ];
port = 5051;
enable = true; services.postgresql = {
initialEmail = "bruh@localhost.de"; enable = true;
initialPasswordFile = pkgs.writeText "pw" "bruh2012!"; };
services.pgadmin = {
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
passwordLength = 12;
};
}; };
}; };
testScript = '' testScript = ''
with subtest("Check pgadmin module"): with subtest("Check pgadmin module"):
machine.wait_for_unit("postgresql") machine.wait_for_unit("postgresql")
@ -49,5 +67,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
machine.wait_until_succeeds("curl -sS localhost:5050") machine.wait_until_succeeds("curl -sS localhost:5050")
machine.wait_until_succeeds("curl -sS localhost:5050/browser/ | grep \"<title>pgAdmin 4</title>\" > /dev/null") machine.wait_until_succeeds("curl -sS localhost:5050/browser/ | grep \"<title>pgAdmin 4</title>\" > /dev/null")
machine.succeed("wget -nv --level=1 --spider --recursive localhost:5050/browser") machine.succeed("wget -nv --level=1 --spider --recursive localhost:5050/browser")
with subtest("Check pgadmin minimum password length"):
machine2.wait_for_unit("postgresql")
machine2.wait_for_console_text("Password must be at least 12 characters long")
''; '';
}) })