From 69f402563a14d4b668980e4228d033d80e3bb05d Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Sun, 26 Jul 2020 15:41:15 -0400 Subject: feat(whitby): Create a Postgres database for Panettone Create a running Postgres database server along with a user and database for Panettone, and pass configuration for it to the panettone module Change-Id: I333994288131be328e62069382d6d40f8034c400 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1466 Tested-by: BuildkiteCI Reviewed-by: tazjin --- ops/nixos/panettone.nix | 43 +++++++++++++++++++++++++++++++++++++++++++ ops/nixos/whitby/default.nix | 28 +++++++++++++++++++++++++++- 2 files changed, 70 insertions(+), 1 deletion(-) diff --git a/ops/nixos/panettone.nix b/ops/nixos/panettone.nix index 009677a9d35a..3d31d79caf50 100644 --- a/ops/nixos/panettone.nix +++ b/ops/nixos/panettone.nix @@ -12,9 +12,49 @@ in { type = types.int; default = 7268; }; + + dbHost = mkOption { + description = "Postgresql host to connect to for Panettone"; + type = types.string; + default = "localhost"; + }; + + dbName = mkOption { + description = "Name of the database for Panettone"; + type = types.string; + default = "panettone"; + }; + + dbUser = mkOption { + description = "Name of the database user for Panettone"; + type = types.string; + default = "panettone"; + }; }; config = lib.mkIf cfg.enable { + assertions = [{ + assertion = + cfg.dbHost != "localhost" || config.services.postgresql.enable; + message = "Panettone requires a postgresql database"; + } { + assertion = + cfg.dbHost != "localhost" || config.services.postgresql.enableTCPIP; + message = "Panettone can only connect to the postgresql database over TCP"; + } { + assertion = + cfg.dbHost != "localhost" || (lib.any + (user: user.name == cfg.dbUser) + config.services.postgresql.ensureUsers); + message = "Panettone requires a database user"; + } { + assertion = + cfg.dbHost != "localhost" || (lib.any + (db: db == cfg.dbName) + config.services.postgresql.ensureDatabases); + message = "Panettone requires a database"; + }]; + systemd.services.panettone = { wantedBy = [ "multi-user.target" ]; script = "${depot.web.panettone}/bin/panettone"; @@ -28,6 +68,9 @@ in { environment = { PANETTONE_PORT = toString cfg.port; PANETTONE_DATA_DIR = "/var/lib/panettone"; + PGHOST = "localhost"; + PGUSER = cfg.dbUser; + PGDATABASE = cfg.dbName; }; }; }; diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix index a56f43786fe7..075e9505dcee 100644 --- a/ops/nixos/whitby/default.nix +++ b/ops/nixos/whitby/default.nix @@ -217,9 +217,35 @@ in lib.fix(self: { sourcegraph.enable = true; # Run the Panettone issue tracker - panettone.enable = true; + panettone = { + enable = true; + dbUser = "panettone"; + dbName = "panettone"; + }; + }; + + services.postgresql = { + enable = true; + enableTCPIP = true; + + authentication = lib.mkOverride 10 '' + local all all trust + host all all ::1/128 trust + ''; + + ensureDatabases = [ + "panettone" + ]; + + ensureUsers = [{ + name = "panettone"; + ensurePermissions = { + "DATABASE panettone" = "ALL PRIVILEGES"; + }; + }]; }; + environment.systemPackages = with nixpkgs; [ bb curl -- cgit 1.4.1