Create simple postgresql service making it possible to generate a config with basic authentication settings, rename sshd to openssh

example-deployment/processes.nix

@@ -104,10 +104,10 @@ rec {
     requiresUniqueIdsFor = [ "influxdbPorts" "uids" "gids" ];
   };
 
-  sshd = rec {
-    port = ids.sshPorts.sshd or 0;
+  openssh = rec {
+    port = ids.sshPorts.openssh or 0;
 
-    pkg = constructors.sshd {
+    pkg = constructors.openssh {
       inherit port;
     };
 

services-agnostic/constructors.nix

@@ -95,6 +95,11 @@ in
     inherit (pkgs) stdenv postgresql su;
   };
 
+  simplePostgresql = import ./postgresql/simplepostgresql.nix {
+    inherit createManagedProcess stateDir runtimeDir forceDisableUserChange;
+    inherit (pkgs) stdenv writeTextFile postgresql su;
+  };
+
   s6-svscan = import ./s6-svscan {
     inherit createManagedProcess runtimeDir;
     inherit (pkgs) s6;

services-agnostic/postgresql/default.nix

@@ -1,5 +1,5 @@
 {createManagedProcess, stdenv, postgresql, su, stateDir, runtimeDir, forceDisableUserChange}:
-{port ? 5432, instanceSuffix ? "", instanceName ? "postgresql${instanceSuffix}", postInstall ? ""}:
+{port ? 5432, instanceSuffix ? "", instanceName ? "postgresql${instanceSuffix}", configFile ? null, postInstall ? ""}:
 
 let
   postgresqlStateDir = "${stateDir}/db/${instanceName}";
@@ -14,7 +14,7 @@ createManagedProcess rec {
   inherit instanceName user postInstall;
   path = [ postgresql su ];
   initialize = ''
-    mkdir -m0700 -p ${socketDir}
+    mkdir -m0755 -p ${socketDir}
     mkdir -m0700 -p ${dataDir}
 
     ${stdenv.lib.optionalString (!forceDisableUserChange) ''
@@ -26,10 +26,17 @@ createManagedProcess rec {
     then
         ${stdenv.lib.optionalString (!forceDisableUserChange) "su ${user} -c '"}${postgresql}/bin/initdb -D ${dataDir} --no-locale${stdenv.lib.optionalString (!forceDisableUserChange) "'"}
     fi
+
+    ${stdenv.lib.optionalString (configFile != null) ''
+      ln -sfn ${configFile} ${dataDir}/postgresql.conf
+    ''}
   '';
 
   foregroundProcess = "${postgresql}/bin/postgres";
   args = [ "-D" dataDir "-p" port "-k" socketDir ];
+  environment = {
+    PGDATA = dataDir;
+  };
 
   credentials = {
     groups = {

services-agnostic/postgresql/simplepostgresql.nix

@@ -0,0 +1,61 @@
+{createManagedProcess, stdenv, writeTextFile, postgresql, su, stateDir, runtimeDir, forceDisableUserChange}:
+
+{ port ? 5432
+, instanceSuffix ? ""
+, instanceName ? "postgresql${instanceSuffix}"
+, configFile ? null
+, postInstall ? ""
+, authentication ? null
+, identMap ? null
+, enableTCPIP ? false
+, settings ? {}
+}:
+
+let
+  hbaFile = writeTextFile {
+    name = "hba.conf";
+    text = authentication + ''
+
+      # TYPE  DATABASE   USER   ADDRESS       METHOD
+      local   all        all                  peer
+      host    all        all    127.0.0.1/32  md5
+      host    all        all    ::1/128       md5
+    '';
+  };
+
+  identFile = writeTextFile {
+    name = "ident.conf";
+    text = identMap;
+  };
+
+  toConfigValue = value:
+    if true == value then "yes"
+    else if false == value then "no"
+    else if builtins.isString value then "'${stdenv.lib.replaceStrings ["'"] ["''"] value}'"
+    else toString value;
+in
+import ./default.nix {
+  inherit createManagedProcess stdenv postgresql su stateDir runtimeDir forceDisableUserChange;
+} {
+  inherit port instanceSuffix instanceName postInstall;
+  configFile = writeTextFile {
+    name = "";
+    text =
+      stdenv.lib.optionalString (authentication != null) ''
+        hba_file = '${hbaFile}'
+      ''
+      + stdenv.lib.optionalString (identMap != null) ''
+        ident_file = '${identFile}'
+      ''
+      + ''
+        listen_addresses = '${if enableTCPIP then "*" else "localhost"}'
+      ''
+      + stdenv.lib.concatMapStrings (name:
+        let
+          value = builtins.getAttr name settings;
+        in
+        ''
+          ${name} = ${toConfigValue value}
+        '') (builtins.attrNames settings);
+  };
+}