mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 03:30:45 +00:00
Code Issues Wiki Activity

Merge pull request #270876 from gador/pgadmin-check-pw

Browse source 
nixos/pgadmin: add minimumPasswordLength setting and check
This commit is contained in:
Maciej Krüger 2024-01-12 21:00:40 +01:00 committed by GitHub
parent bff44df272 bc21d288f4
commit 6ba04cc302
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 56 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
nixos/modules/services/admin/pgadmin.nix
View file

@ -44,12 +44,19 @@ in
initialPasswordFile = mkOption {
description = lib.mdDoc ''
Initial password file for the pgAdmin account.
Initial password file for the pgAdmin account. Minimum length by default is 6.
Please see `services.pgadmin.minimumPasswordLength`.
NOTE: Should be string not a store path, to prevent the password from being world readable
'';
type = types.path;
};
minimumPasswordLength = mkOption {
description = lib.mdDoc "Minimum length of the password";
type = types.int;
default = 6;
};
emailServer = {
enable = mkOption {
description = lib.mdDoc ''
@ -116,6 +123,7 @@ in
services.pgadmin.settings = {
DEFAULT_SERVER_PORT = cfg.port;
PASSWORD_LENGTH_MIN = cfg.minimumPasswordLength;
SERVER_MODE = true;
UPGRADE_CHECK_ENABLED = false;
} // (optionalAttrs cfg.openFirewall {
@ -141,6 +149,14 @@ in
preStart = ''
# NOTE: this is idempotent (aka running it twice has no effect)
# Check here for password length to prevent pgadmin from starting
# and presenting a hard to find error message
# see https://github.com/NixOS/nixpkgs/issues/270624
PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile})
if [ $PW_LENGTH -lt ${toString cfg.minimumPasswordLength} ]; then
echo "Password must be at least ${toString cfg.minimumPasswordLength} characters long"
exit 1
fi
(
# Email address:
echo ${escapeShellArg cfg.initialEmail}

56
nixos/tests/pgadmin4.nix
View file

@ -4,31 +4,49 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
name = "pgadmin4";
meta.maintainers = with lib.maintainers; [ mkg20001 gador ];
nodes.machine = { pkgs, ... }: {
nodes = {
machine = { pkgs, ... }: {
imports = [ ./common/user-account.nix ];
imports = [ ./common/user-account.nix ];
environment.systemPackages = with pkgs; [
wget
curl
pgadmin4-desktopmode
];
environment.systemPackages = with pkgs; [
wget
curl
pgadmin4-desktopmode
];
services.postgresql = {
enable = true;
authentication = ''
host all all localhost trust
'';
services.postgresql = {
enable = true;
authentication = ''
host all all localhost trust
'';
};
services.pgadmin = {
port = 5051;
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
};
};
machine2 = { pkgs, ... }: {
services.pgadmin = {
port = 5051;
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
imports = [ ./common/user-account.nix ];
services.postgresql = {
enable = true;
};
services.pgadmin = {
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
minimumPasswordLength = 12;
};
};
};
testScript = ''
with subtest("Check pgadmin module"):
machine.wait_for_unit("postgresql")
@ -49,5 +67,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
machine.wait_until_succeeds("curl -sS localhost:5050")
machine.wait_until_succeeds("curl -sS localhost:5050/browser/ | grep \"<title>pgAdmin 4</title>\" > /dev/null")
machine.succeed("wget -nv --level=1 --spider --recursive localhost:5050/browser")
with subtest("Check pgadmin minimum password length"):
machine2.wait_for_unit("postgresql")
machine2.wait_for_console_text("Password must be at least 12 characters long")
'';
})