hydra-module.nix: Don't use a password

If PostgreSQL is running on the same system, then the "hydra" user can can connect without a password (via Unix domain socket authentication), so no need to set up a password. If PostgreSQL is on another machine, then creating a user/database won't work anyway.
2013-11-06 17:07:25 +01:00 · 2013-11-06 17:07:25 +01:00 · 1f6304c876
parent ed69106c34
commit 1f6304c876
1 changed files with 8 additions and 13 deletions
--- a/hydra-module.nix
+++ b/hydra-module.nix
@ -40,7 +40,8 @@ in
      dbi = mkOption {
        type = types.string;
-        default = "dbi:Pg:dbname=hydra;host=localhost;user=hydra;";
+        default = "dbi:Pg:dbname=hydra;user=hydra;";
        example = "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;";
        description = ''
          The DBI string for Hydra database connection.
        '';
@ -179,19 +180,13 @@ in
          mkdir -p ${baseDir}/data
          chown hydra ${baseDir}/data
          ln -sf ${hydraConf} ${baseDir}/data/hydra.conf
-          pass=$(HOME=/root ${pkgs.openssl}/bin/openssl rand -base64 32)
+          ${optionalString (cfg.dbi == "dbi:Pg:dbname=hydra;user=hydra;") ''
-          if [ ! -f ${baseDir}/.pgpass ]; then
+            if ! [ -e ${baseDir}/.db-created ]; then
-              ${config.services.postgresql.package}/bin/psql postgres << EOF
+              ${config.services.postgresql.package}/bin/createuser hydra
          CREATE USER hydra PASSWORD '$pass';
          EOF
              ${config.services.postgresql.package}/bin/createdb -O hydra hydra
-              cat > ${baseDir}/.pgpass-tmp << EOF
+              touch ${baseDir}/.db-created
-          localhost:*:hydra:hydra:$pass
+            fi
-          EOF
+          ''}
              chown hydra ${baseDir}/.pgpass-tmp
              chmod 600 ${baseDir}/.pgpass-tmp
              mv ${baseDir}/.pgpass-tmp ${baseDir}/.pgpass
          fi
          ${pkgs.shadow}/bin/su hydra -c ${cfg.package}/bin/hydra-init
        '';
        serviceConfig.Type = "oneshot";