@ -3,16 +3,16 @@
with lib ;
let
cfg = config . services . post age ;
cfg = config . services . pgman age ;
confFile = pkgs . writeTextFile {
name = " p o s t a g e . c o n f " ;
name = " p g m a n a g e . c o n f " ;
text = ''
connection_file = $ { post ageConnectionsFile }
connection_file = $ { pgman ageConnectionsFile }
allow_custom_connections = $ { builtins . toJSON cfg . allowCustomConnections }
post age_port = $ { toString cfg . port }
pgman age_port = $ { toString cfg . port }
super_only = $ { builtins . toJSON cfg . superOnly }
@ -20,7 +20,7 @@ let
login_timeout = $ { toString cfg . loginTimeout }
web_root = $ { cfg . package } /etc/post age/web_root
web_root = $ { cfg . package } /etc/pgman age/web_root
data_root = $ { cfg . dataRoot }
@ -33,24 +33,23 @@ let
'' ;
} ;
post ageConnectionsFile = pkgs . writeTextFile {
name = " p o s t a g e - c o n n e c t i o n s . c o n f " ;
pgman ageConnectionsFile = pkgs . writeTextFile {
name = " p g m a n a g e - c o n n e c t i o n s . c o n f " ;
text = concatStringsSep " \n "
( mapAttrsToList ( name : conn : " ${ name } : ${ conn } " ) cfg . connections ) ;
} ;
postage = " p o s t a g e " ;
in {
pgmanage = " p g m a n a g e " ;
options . services . postage = {
pgmanageOptions = {
enable = mkEnableOption " P o s t g r e S Q L A d m i n i s t r a t i o n f o r t h e w e b " ;
package = mkOption {
type = types . package ;
default = pkgs . post age ;
defaultText = " p k g s . p o s t a g e " ;
default = pkgs . pgman age ;
defaultText = " p k g s . p g m a n a g e " ;
description = ''
The post age package to use .
The pgman age package to use .
'' ;
} ;
@ -62,14 +61,14 @@ in {
" m i n i - s e r v e r " = " h o s t a d d r = 1 2 7 . 0 . 0 . 1 p o r t = 5 4 3 2 d b n a m e = p o s t g r e s s s l m o d e = r e q u i r e " ;
} ;
description = ''
Post age requires at least one PostgreSQL server be defined .
pgman age requires at least one PostgreSQL server be defined .
< /para > <para>
Detailed information about PostgreSQL connection strings is available at :
< link xlink:href= " h t t p : / / w w w . p o s t g r e s q l . o r g / d o c s / c u r r e n t / s t a t i c / l i b p q - c o n n e c t . h t m l " / >
< /para > <para>
Note that you should not specify your user name or password . That
information will be entered on the login screen . If you specify a
username or password , it will be removed by Post age before attempting to
username or password , it will be removed by pgman age before attempting to
connect to a database .
'' ;
} ;
@ -78,7 +77,7 @@ in {
type = types . bool ;
default = false ;
description = ''
This tells Post age whether or not to allow anyone to use a custom
This tells pgman age whether or not to allow anyone to use a custom
connection from the login screen .
'' ;
} ;
@ -87,7 +86,7 @@ in {
type = types . int ;
default = 8080 ;
description = ''
This tells Post age what port to listen on for browser requests .
This tells pgman age what port to listen on for browser requests .
'' ;
} ;
@ -95,7 +94,7 @@ in {
type = types . bool ;
default = true ;
description = ''
This tells Post age whether or not to set the listening socket to local
This tells pgman age whether or not to set the listening socket to local
addresses only .
'' ;
} ;
@ -104,10 +103,10 @@ in {
type = types . bool ;
default = true ;
description = ''
This tells Post age whether or not to only allow super users to
This tells pgman age whether or not to only allow super users to
login . The recommended value is true and will restrict users who are not
super users from logging in to any PostgreSQL instance through
Post age. Note that a connection will be made to PostgreSQL in order to
pgman age. Note that a connection will be made to PostgreSQL in order to
test if the user is a superuser .
'' ;
} ;
@ -116,8 +115,8 @@ in {
type = types . nullOr types . str ;
default = null ;
description = ''
This tells Post age to only allow users in a certain PostgreSQL group to
login to Post age. Note that a connection will be made to PostgreSQL in
This tells pgman age to only allow users in a certain PostgreSQL group to
login to pgman age. Note that a connection will be made to PostgreSQL in
order to test if the user is a member of the login group .
'' ;
} ;
@ -133,10 +132,10 @@ in {
dataRoot = mkOption {
type = types . str ;
default = " / v a r / l i b / p o s t a g e " ;
default = " / v a r / l i b / p g m a n a g e " ;
description = ''
This tells Post age where to put the SQL file history . All tabs are saved
to this location so that if you get disconnected from Post age you
This tells pgman age where to put the SQL file history . All tabs are saved
to this location so that if you get disconnected from pgman age you
don't lose your work .
'' ;
} ;
@ -156,15 +155,15 @@ in {
} ) ;
default = null ;
description = ''
These options tell Post age where the TLS Certificate and Key files
These options tell pgman age where the TLS Certificate and Key files
reside . If you use these options then you'll only be able to access
Post age through a secure TLS connection . These options are only
necessary if you wish to connect directly to Post age using a secure TLS
connection . As an alternative , you can set up Post age in a reverse proxy
pgman age through a secure TLS connection . These options are only
necessary if you wish to connect directly to pgman age using a secure TLS
connection . As an alternative , you can set up pgman age in a reverse proxy
configuration . This allows your web server to terminate the secure
connection and pass on the request to Post age. You can find help to set
connection and pass on the request to pgman age. You can find help to set
up this configuration in :
< link xlink:href= " h t t p s : / / g i t h u b . c o m / w o r k f l o w p r o d u c t s / p o s t a g e / b l o b / m a s t e r / I N S T A L L _ N G I N X . m d " / >
< link xlink:href= " h t t p s : / / g i t h u b . c o m / p g M a n a g e / p g M a n a g e / b l o b / m a s t e r / I N S T A L L _ N G I N X . m d " / >
'' ;
} ;
@ -177,29 +176,47 @@ in {
} ;
} ;
config = mkIf cfg . enable {
systemd . services . postage = {
description = " p o s t a g e - P o s t g r e S Q L A d m i n i s t r a t i o n f o r t h e w e b " ;
wants = [ " p o s t g r e s q l . s e r v i c e " ] ;
after = [ " p o s t g r e s q l . s e r v i c e " ] ;
wantedBy = [ " m u l t i - u s e r . t a r g e t " ] ;
serviceConfig = {
User = postage ;
Group = postage ;
ExecStart = " ${ pkgs . postage } / s b i n / p o s t a g e - c ${ confFile } " +
optionalString cfg . localOnly " - - l o c a l - o n l y = t r u e " ;
} ;
} ;
users = {
users . " ${ postage } " = {
name = postage ;
group = postage ;
home = cfg . dataRoot ;
createHome = true ;
in {
options . services . pgmanage = pgmanageOptions ;
# This is deprecated and should be removed for NixOS-18.03.
options . services . postage = pgmanageOptions ;
config = mkMerge [
{ assertions = [
{ assertion = ! config . services . postage . enable ;
message =
" s e r v i c e s . p o s t a g e i s d e p r e c a t e d i n f a v o u r o f p g m a n a g e . " +
" T h e y h a v e t h e s a m e o p t i o n s s o j u s t s u b s t i t u t e p o s t a g e f o r p g m a n a g e . " ;
}
] ;
}
( mkIf cfg . enable {
systemd . services . pgmanage = {
description = " p g m a n a g e - P o s t g r e S Q L A d m i n i s t r a t i o n f o r t h e w e b " ;
wants = [ " p o s t g r e s q l . s e r v i c e " ] ;
after = [ " p o s t g r e s q l . s e r v i c e " ] ;
wantedBy = [ " m u l t i - u s e r . t a r g e t " ] ;
serviceConfig = {
User = pgmanage ;
Group = pgmanage ;
ExecStart = " ${ pkgs . pgmanage } / s b i n / p g m a n a g e - c ${ confFile } " +
optionalString cfg . localOnly " - - l o c a l - o n l y = t r u e " ;
} ;
} ;
groups . " ${ postage } " = {
name = postage ;
users = {
users . " ${ pgmanage } " = {
name = pgmanage ;
group = pgmanage ;
home = cfg . dataRoot ;
createHome = true ;
} ;
groups . " ${ pgmanage } " = {
name = pgmanage ;
} ;
} ;
} ;
} ;
} )
] ;
}