From 1f6304c876513107196c890a20b6902e31eb9e18 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 6 Nov 2013 17:07:25 +0100 Subject: [PATCH] hydra-module.nix: Don't use a password If PostgreSQL is running on the same system, then the "hydra" user can can connect without a password (via Unix domain socket authentication), so no need to set up a password. If PostgreSQL is on another machine, then creating a user/database won't work anyway. --- hydra-module.nix | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/hydra-module.nix b/hydra-module.nix index 455526ee..31b07b44 100644 --- a/hydra-module.nix +++ b/hydra-module.nix @@ -40,7 +40,8 @@ in dbi = mkOption { type = types.string; - default = "dbi:Pg:dbname=hydra;host=localhost;user=hydra;"; + default = "dbi:Pg:dbname=hydra;user=hydra;"; + example = "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;"; description = '' The DBI string for Hydra database connection. ''; @@ -179,19 +180,13 @@ in mkdir -p ${baseDir}/data chown hydra ${baseDir}/data ln -sf ${hydraConf} ${baseDir}/data/hydra.conf - pass=$(HOME=/root ${pkgs.openssl}/bin/openssl rand -base64 32) - if [ ! -f ${baseDir}/.pgpass ]; then - ${config.services.postgresql.package}/bin/psql postgres << EOF - CREATE USER hydra PASSWORD '$pass'; - EOF + ${optionalString (cfg.dbi == "dbi:Pg:dbname=hydra;user=hydra;") '' + if ! [ -e ${baseDir}/.db-created ]; then + ${config.services.postgresql.package}/bin/createuser hydra ${config.services.postgresql.package}/bin/createdb -O hydra hydra - cat > ${baseDir}/.pgpass-tmp << EOF - localhost:*:hydra:hydra:$pass - EOF - chown hydra ${baseDir}/.pgpass-tmp - chmod 600 ${baseDir}/.pgpass-tmp - mv ${baseDir}/.pgpass-tmp ${baseDir}/.pgpass - fi + touch ${baseDir}/.db-created + fi + ''} ${pkgs.shadow}/bin/su hydra -c ${cfg.package}/bin/hydra-init ''; serviceConfig.Type = "oneshot";