Improve piped module so that a external postgres database can be used
This commit is contained in:
Chaos
parent
1f85da1eba
commit
1f317b2e15
|
|
@ -23,11 +23,14 @@ with lib; let
|
||||||
DISABLE_LBRY = cfg.disableLBRYStreams;
|
DISABLE_LBRY = cfg.disableLBRYStreams;
|
||||||
RYD_PROXY_URL = cfg.rydAPIURL;
|
RYD_PROXY_URL = cfg.rydAPIURL;
|
||||||
SENTRY_DSN = cfg.sentryDSN;
|
SENTRY_DSN = cfg.sentryDSN;
|
||||||
"hibernate.connection.url" = "jdbc:postgresql://localhost:5432/piped";
|
"hibernate.connection.url" = "jdbc:postgresql://${cfg.postgresHost}:${toString cfg.postgresPort}/${cfg.postgresDB}";
|
||||||
"hibernate.connection.driver_class" = "org.postgresql.Driver";
|
"hibernate.connection.driver_class" = "org.postgresql.Driver";
|
||||||
"hibernate.dialect" = "org.hibernate.dialect.PostgreSQLDialect";
|
"hibernate.dialect" = "org.hibernate.dialect.PostgreSQLDialect";
|
||||||
"hibernate.connection.username" = "piped";
|
"hibernate.connection.username" = "${cfg.postgresUsername}";
|
||||||
"hibernate.connection.password" = "password";
|
"hibernate.connection.password" =
|
||||||
|
if cfg.postgresPasswordFile == null
|
||||||
|
then cfg.postgresPassword
|
||||||
|
else "POSTGRES_PASSWORD";
|
||||||
}
|
}
|
||||||
// (optionalAttrs cfg.enableCaptcha {
|
// (optionalAttrs cfg.enableCaptcha {
|
||||||
CAPTCHA_API_URL = cfg.captchaAPIURL;
|
CAPTCHA_API_URL = cfg.captchaAPIURL;
|
||||||
|
|
@ -69,11 +72,15 @@ in {
|
||||||
cp ${backend_config_file} ${confFile}
|
cp ${backend_config_file} ${confFile}
|
||||||
chmod 660 ${confFile}
|
chmod 660 ${confFile}
|
||||||
${optionalString (cfg.enableCaptcha && cfg.captchaAPIKeyFile != "") ''
|
${optionalString (cfg.enableCaptcha && cfg.captchaAPIKeyFile != "") ''
|
||||||
sed -i "s/CAPTCHA_API_KEY_FILE/$(cat cfg.captchaAPIKeyFile | sed "s#/#\\\/#")/" ${confFile}
|
sed -i "s/CAPTCHA_API_KEY_FILE/$(cat ${cfg.captchaAPIKeyFile} | sed "s#/#\\\/#")/" ${confFile}
|
||||||
''}
|
''}
|
||||||
${optionalString
|
${optionalString
|
||||||
(cfg.enableFederation && cfg.matrixTokenFile != "") ''
|
(cfg.enableFederation && cfg.matrixTokenFile != "") ''
|
||||||
sed -i "s/MATRIX_TOKEN_FILE/$(cat cfg.matrixTokenFile | sed "s#/#\\\/#")/" ${confFile}
|
sed -i "s/MATRIX_TOKEN_FILE/$(cat ${cfg.matrixTokenFile} | sed "s#/#\\\/#")/" ${confFile}
|
||||||
|
''}
|
||||||
|
${optionalString
|
||||||
|
(cfg.postgresPasswordFile != null) ''
|
||||||
|
sed -i "s/POSTGRES_PASSWORD/$(cat ${cfg.postgresPasswordFile} | sed "s#/#\\\/#")/" ${confFile}
|
||||||
''}
|
''}
|
||||||
''}";
|
''}";
|
||||||
ExecStart = "${pkgs.piped-backend}/bin/piped-backend";
|
ExecStart = "${pkgs.piped-backend}/bin/piped-backend";
|
||||||
|
|
@ -94,18 +101,27 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.piped-password = {
|
systemd.services.piped-password = lib.mkIf (!cfg.disablePostgres) {
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
wantedBy = ["piped-backend.service"];
|
wantedBy = ["piped-backend.service"];
|
||||||
wants = ["postgresql.service"];
|
wants = ["postgresql.service"];
|
||||||
after = ["postgresql.service"];
|
after = ["postgresql.service"];
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.postgresql}/bin/psql -c "ALTER USER piped WITH PASSWORD 'password';"
|
systemd-run \
|
||||||
|
-u piped-password-psql.service \
|
||||||
|
-p Group=postgresql \
|
||||||
|
-p User=postgresql \
|
||||||
|
-q -t -G --wait --service-type=exec \
|
||||||
|
${pkgs.postgresql}/bin/psql -c "ALTER USER piped WITH PASSWORD '${
|
||||||
|
if cfg.postgresPasswordFile != null
|
||||||
|
then "$(cat ${cfg.postgresPasswordFile} | sed \"s#'#\\\'#\")"
|
||||||
|
else cfg.postgresPassword
|
||||||
|
}';"
|
||||||
'';
|
'';
|
||||||
serviceConfig.User = "postgres";
|
serviceConfig.User = "root";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresql = {
|
services.postgresql = lib.mkIf (!cfg.disablePostgres) {
|
||||||
enable = true;
|
enable = true;
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,48 @@ in {
|
||||||
description = "Don't host proxy";
|
description = "Don't host proxy";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
disablePostgres = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Manually configure postgres instead";
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresHost = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "127.0.0.1";
|
||||||
|
description = "Host postgres is on";
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresPort = mkOption {
|
||||||
|
type = types.number;
|
||||||
|
default = 5432;
|
||||||
|
description = "Port postgres is on";
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresDB = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "piped";
|
||||||
|
description = "Database name for piped";
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresUsername = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "piped";
|
||||||
|
description = "Host postgres is on";
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresPassword = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "password";
|
||||||
|
description = "Password to use for postgres";
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresPasswordFile = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = "Password file to use for postgres, loaded at runtime";
|
||||||
|
};
|
||||||
|
|
||||||
proxyIPv4Only = mkOption {
|
proxyIPv4Only = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue