diff options
author | Maciej Krüger <mkg20001@gmail.com> | 2024-01-12 21:00:40 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-12 21:00:40 +0100 |
commit | 6ba04cc30231c0c27c45ad94d739e465cc46d4cf (patch) | |
tree | 1d84fa612690ca2480a73aca0cd478c9bf54a84f /nixos | |
parent | bff44df27228a1bbb9f9c85fd8d1dae64baaa613 (diff) | |
parent | bc21d288f4f089af32f5ee306352f5e11c93da64 (diff) |
Merge pull request #270876 from gador/pgadmin-check-pw
nixos/pgadmin: add minimumPasswordLength setting and check
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/admin/pgadmin.nix | 18 | ||||
-rw-r--r-- | nixos/tests/pgadmin4.nix | 56 |
2 files changed, 56 insertions, 18 deletions
diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix index 3d820db59f4cb..ceb5655dc562f 100644 --- a/nixos/modules/services/admin/pgadmin.nix +++ b/nixos/modules/services/admin/pgadmin.nix @@ -44,12 +44,19 @@ in initialPasswordFile = mkOption { description = lib.mdDoc '' - Initial password file for the pgAdmin account. + Initial password file for the pgAdmin account. Minimum length by default is 6. + Please see `services.pgadmin.minimumPasswordLength`. NOTE: Should be string not a store path, to prevent the password from being world readable ''; type = types.path; }; + minimumPasswordLength = mkOption { + description = lib.mdDoc "Minimum length of the password"; + type = types.int; + default = 6; + }; + emailServer = { enable = mkOption { description = lib.mdDoc '' @@ -116,6 +123,7 @@ in services.pgadmin.settings = { DEFAULT_SERVER_PORT = cfg.port; + PASSWORD_LENGTH_MIN = cfg.minimumPasswordLength; SERVER_MODE = true; UPGRADE_CHECK_ENABLED = false; } // (optionalAttrs cfg.openFirewall { @@ -141,6 +149,14 @@ in preStart = '' # NOTE: this is idempotent (aka running it twice has no effect) + # Check here for password length to prevent pgadmin from starting + # and presenting a hard to find error message + # see https://github.com/NixOS/nixpkgs/issues/270624 + PW_LENGTH=$(wc -m < ${escapeShellArg cfg.initialPasswordFile}) + if [ $PW_LENGTH -lt ${toString cfg.minimumPasswordLength} ]; then + echo "Password must be at least ${toString cfg.minimumPasswordLength} characters long" + exit 1 + fi ( # Email address: echo ${escapeShellArg cfg.initialEmail} diff --git a/nixos/tests/pgadmin4.nix b/nixos/tests/pgadmin4.nix index 3ee7ed19fa1c5..407e4592ef5f7 100644 --- a/nixos/tests/pgadmin4.nix +++ b/nixos/tests/pgadmin4.nix @@ -4,31 +4,49 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: name = "pgadmin4"; meta.maintainers = with lib.maintainers; [ mkg20001 gador ]; - nodes.machine = { pkgs, ... }: { + nodes = { + machine = { pkgs, ... }: { - imports = [ ./common/user-account.nix ]; + imports = [ ./common/user-account.nix ]; - environment.systemPackages = with pkgs; [ - wget - curl - pgadmin4-desktopmode - ]; + environment.systemPackages = with pkgs; [ + wget + curl + pgadmin4-desktopmode + ]; - services.postgresql = { - enable = true; - authentication = '' - host all all localhost trust - ''; + services.postgresql = { + enable = true; + authentication = '' + host all all localhost trust + ''; + }; + + services.pgadmin = { + port = 5051; + enable = true; + initialEmail = "bruh@localhost.de"; + initialPasswordFile = pkgs.writeText "pw" "bruh2012!"; + }; }; + machine2 = { pkgs, ... }: { + + imports = [ ./common/user-account.nix ]; + + services.postgresql = { + enable = true; + }; - services.pgadmin = { - port = 5051; - enable = true; - initialEmail = "bruh@localhost.de"; - initialPasswordFile = pkgs.writeText "pw" "bruh2012!"; + services.pgadmin = { + enable = true; + initialEmail = "bruh@localhost.de"; + initialPasswordFile = pkgs.writeText "pw" "bruh2012!"; + minimumPasswordLength = 12; + }; }; }; + testScript = '' with subtest("Check pgadmin module"): machine.wait_for_unit("postgresql") @@ -49,5 +67,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: machine.wait_until_succeeds("curl -sS localhost:5050") machine.wait_until_succeeds("curl -sS localhost:5050/browser/ | grep \"<title>pgAdmin 4</title>\" > /dev/null") machine.succeed("wget -nv --level=1 --spider --recursive localhost:5050/browser") + + with subtest("Check pgadmin minimum password length"): + machine2.wait_for_unit("postgresql") + machine2.wait_for_console_text("Password must be at least 12 characters long") ''; }) |