diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-04-25 00:02:08 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-25 00:02:08 +0000 |
| commit | 9908dfacfa06a2a54dbfcf0642d28aadd8d43225 (patch) | |
| tree | 5e7bfba24ea3133466e550120773ca8f8c69080a /nixos | |
| parent | cd8b2aa9b20f2a14d1d0563e055a3f668e5e03ec (diff) | |
| parent | de91114b6178d85db143d846228edd1d5c1e19d6 (diff) | |
Merge master into staging-next
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/mail/roundcube.nix | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index 3aaec145930db..b9cf526b0bbe2 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -70,7 +70,12 @@ in }; passwordFile = mkOption { type = types.str; - description = lib.mdDoc "Password file for the postgresql connection. Must be readable by user `nginx`. Ignored if `database.host` is set to `localhost`, as peer authentication will be used."; + description = lib.mdDoc '' + Password file for the postgresql connection. + Must be formated according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html) + but only one line, no comments and readable by user `nginx`. + Ignored if `database.host` is set to `localhost`, as peer authentication will be used. + ''; }; dbname = mkOption { type = types.str; @@ -123,7 +128,13 @@ in environment.etc."roundcube/config.inc.php".text = '' <?php - ${lib.optionalString (!localDB) "$password = file_get_contents('${cfg.database.passwordFile}');"} + ${lib.optionalString (!localDB) '' + $password = file('${cfg.database.passwordFile}')[0]; + $password = preg_split('~\\\\.(*SKIP)(*FAIL)|\:~s', $password); + $password = end($password); + $password = str_replace("\\:", ":", $password); + $password = str_replace("\\\\", "\\", $password); + ''} $config = array(); $config['db_dsnw'] = 'pgsql://${cfg.database.username}${lib.optionalString (!localDB) ":' . $password . '"}@${if localDB then "unix(/run/postgresql)" else cfg.database.host}/${cfg.database.dbname}'; @@ -223,6 +234,7 @@ in path = [ config.services.postgresql.package ]; }) { + after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; script = let psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} ${pkgs.postgresql}/bin/psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}"; |