1
0
Fork 0
selfhostblocks/test/modules/postgresql.nix

304 lines
7.1 KiB
Nix
Raw Normal View History

{ lib, ... }:
2023-11-04 20:30:17 -07:00
let
anyOpt = default: lib.mkOption {
type = lib.types.anything;
inherit default;
};
testConfig = m:
let
cfg = (lib.evalModules {
modules = [
{
options = {
services = anyOpt {};
systemd = anyOpt {};
};
}
../../modules/blocks/postgresql.nix
2023-11-04 20:30:17 -07:00
m
];
}).config;
in {
inherit (cfg) systemd services;
};
2023-11-24 18:19:22 -08:00
commonSettings = {
idle_in_transaction_session_timeout = "30s";
idle_session_timeout = "30s";
track_io_timing = "true";
};
2023-11-04 20:30:17 -07:00
in
{
testPostgresNoOptions = {
expected = {
services.postgresql = {
enable = false;
2023-11-05 04:48:39 -08:00
ensureUsers = [];
2023-11-04 20:30:17 -07:00
ensureDatabases = [];
2023-11-24 18:19:22 -08:00
settings = commonSettings;
2023-11-04 20:30:17 -07:00
};
systemd.services.postgresql.postStart = "";
};
expr = testConfig {};
};
testPostgresManualOptions = {
expected = {
services.postgresql = {
enable = true;
ensureUsers = [];
ensureDatabases = [];
2023-11-24 18:19:22 -08:00
settings = commonSettings;
};
systemd.services.postgresql.postStart = "";
};
expr = testConfig {
services.postgresql.enable = true;
};
};
2023-11-04 20:59:55 -07:00
testPostgresOneWithoutPassword = {
expected = {
services.postgresql = {
enable = true;
2023-11-05 04:48:39 -08:00
ensureUsers = [{
2023-11-04 20:59:55 -07:00
name = "myuser";
ensurePermissions = {
"DATABASE mydatabase" = "ALL PRIVILEGES";
};
ensureClauses = {
"login" = true;
};
}];
ensureDatabases = ["mydatabase"];
2023-11-24 18:19:22 -08:00
settings = commonSettings;
2023-11-04 20:59:55 -07:00
};
systemd.services.postgresql.postStart = "";
};
expr = testConfig {
shb.postgresql.ensures = [
2023-11-04 20:59:55 -07:00
{
username = "myuser";
database = "mydatabase";
}
];
};
};
testPostgresOneWithPassword = {
2023-11-04 20:30:17 -07:00
expected = {
services.postgresql = {
enable = true;
2023-11-05 04:48:39 -08:00
ensureUsers = [{
2023-11-04 20:30:17 -07:00
name = "myuser";
ensurePermissions = {
"DATABASE mydatabase" = "ALL PRIVILEGES";
};
ensureClauses = {
"login" = true;
};
}];
ensureDatabases = ["mydatabase"];
2023-11-24 18:19:22 -08:00
settings = commonSettings;
2023-11-04 20:30:17 -07:00
};
systemd.services.postgresql.postStart = ''
$PSQL -tA <<'EOF'
DO $$
DECLARE password TEXT;
BEGIN
password := trim(both from replace(pg_read_file('/my/file'), E'\n', '''));
EXECUTE format('ALTER ROLE myuser WITH PASSWORD '''%s''';', password);
2023-11-04 20:30:17 -07:00
END $$;
EOF
'';
};
expr = testConfig {
shb.postgresql.ensures = [
2023-11-04 20:30:17 -07:00
{
username = "myuser";
database = "mydatabase";
passwordFile = "/my/file";
}
];
};
};
testPostgresTwoNoPassword = {
expected = {
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "user1";
ensurePermissions = {
"DATABASE db1" = "ALL PRIVILEGES";
};
ensureClauses = {
"login" = true;
};
}
{
name = "user2";
ensurePermissions = {
"DATABASE db2" = "ALL PRIVILEGES";
};
ensureClauses = {
"login" = true;
};
}
];
ensureDatabases = ["db1" "db2"];
2023-11-24 18:19:22 -08:00
settings = commonSettings;
};
systemd.services.postgresql.postStart = "";
};
expr = testConfig {
shb.postgresql.ensures = [
{
username = "user1";
database = "db1";
}
{
username = "user2";
database = "db2";
}
];
};
};
testPostgresTwoWithPassword = {
expected = {
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "user1";
ensurePermissions = {
"DATABASE db1" = "ALL PRIVILEGES";
};
ensureClauses = {
"login" = true;
};
}
{
name = "user2";
ensurePermissions = {
"DATABASE db2" = "ALL PRIVILEGES";
};
ensureClauses = {
"login" = true;
};
}
];
ensureDatabases = ["db1" "db2"];
2023-11-24 18:19:22 -08:00
settings = commonSettings;
};
systemd.services.postgresql.postStart = ''
$PSQL -tA <<'EOF'
DO $$
DECLARE password TEXT;
BEGIN
password := trim(both from replace(pg_read_file('/file/user1'), E'\n', '''));
EXECUTE format('ALTER ROLE user1 WITH PASSWORD '''%s''';', password);
password := trim(both from replace(pg_read_file('/file/user2'), E'\n', '''));
EXECUTE format('ALTER ROLE user2 WITH PASSWORD '''%s''';', password);
END $$;
EOF
'';
};
expr = testConfig {
shb.postgresql.ensures = [
{
username = "user1";
database = "db1";
passwordFile = "/file/user1";
}
{
username = "user2";
database = "db2";
passwordFile = "/file/user2";
}
];
};
};
testPostgresTwoWithMixedPassword = {
expected = {
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "user1";
ensurePermissions = {
"DATABASE db1" = "ALL PRIVILEGES";
};
ensureClauses = {
"login" = true;
};
}
{
name = "user2";
ensurePermissions = {
"DATABASE db2" = "ALL PRIVILEGES";
};
ensureClauses = {
"login" = true;
};
}
];
ensureDatabases = ["db1" "db2"];
2023-11-24 18:19:22 -08:00
settings = commonSettings;
};
systemd.services.postgresql.postStart = ''
$PSQL -tA <<'EOF'
DO $$
DECLARE password TEXT;
BEGIN
password := trim(both from replace(pg_read_file('/file/user2'), E'\n', '''));
EXECUTE format('ALTER ROLE user2 WITH PASSWORD '''%s''';', password);
END $$;
EOF
'';
};
expr = testConfig {
shb.postgresql.ensures = [
{
username = "user1";
database = "db1";
}
{
username = "user2";
database = "db2";
passwordFile = "/file/user2";
}
];
};
};
2023-11-04 20:30:17 -07:00
testPostgresTCPIP = {
expected = {
services.postgresql = {
enable = false;
2023-11-05 04:48:39 -08:00
ensureUsers = [];
2023-11-04 20:30:17 -07:00
ensureDatabases = [];
2023-11-24 18:19:22 -08:00
settings = commonSettings;
2023-11-04 20:30:17 -07:00
enableTCPIP = true;
authentication = ''
#type database DBuser origin-address auth-method
local all all peer
2023-11-04 20:30:17 -07:00
# ipv4
host all all 127.0.0.1/32 password
2023-11-04 20:30:17 -07:00
# ipv6
host all all ::1/128 password
2023-11-04 20:30:17 -07:00
'';
};
systemd.services.postgresql.postStart = "";
};
expr = testConfig {
shb.postgresql.enableTCPIP = true;
2023-11-04 20:30:17 -07:00
};
};
}