pgadmin4: add option to enable desktop mode

By default, pgadmin4 uses SERVER_MODE = True. This requires
access to system directories (e.g. /var/lib/pgadmin). There is
no easy way to change this mode during runtime. One has to change
or add config files withing pgadmin's directory structure to change it
or add a system-wide config file under `/etc/pgadmin`[1].

This isn't always easy to achive or may not be possible at all. For
those usecases this implements a switch in the pgadmin4 derivation and
adds a new top-level package `pgadmin4-desktopmode`. This builds in
DESKTOP MODE and allows the usage of pgadmin4 without the nixOS module
and without access to system-wide directories.

pgadmin4 module saves the configuration to /etc/pgadmin/config_system.py
pgadmin4-desktopmode tries to read that as well. This normally fails with
a PermissionError, as the config file is owned by the user of the pgadmin module.

With the check-system-config-dir.patch this will just throw a warning
but will continue and not read the file.

If we run pgadmin4-desktopmode as root
(something one really shouldn't do), it can read the config file and fail,
because of the wrong config for desktopmode.

[1]https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html

Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
This commit is contained in:
Florian Brandes 2023-02-07 12:23:24 +01:00
parent 2b63943be4
commit a380674d85
No known key found for this signature in database
GPG key ID: 074048E893713170
6 changed files with 98 additions and 45 deletions

View file

@ -513,7 +513,7 @@ in {
peerflix = handleTest ./peerflix.nix {};
peering-manager = handleTest ./web-apps/peering-manager.nix {};
peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {};
pgadmin4-standalone = handleTest ./pgadmin4-standalone.nix {};
pgadmin4 = handleTest ./pgadmin4.nix {};
pgjwt = handleTest ./pgjwt.nix {};
pgmanage = handleTest ./pgmanage.nix {};
phosh = handleTest ./phosh.nix {};

View file

@ -1,43 +0,0 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
# This is separate from pgadmin4 since we don't want both running at once
{
name = "pgadmin4-standalone";
meta.maintainers = with lib.maintainers; [ mkg20001 ];
nodes.machine = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
curl
];
services.postgresql = {
enable = true;
authentication = ''
host all all localhost trust
'';
ensureUsers = [
{
name = "postgres";
ensurePermissions = {
"DATABASE \"postgres\"" = "ALL PRIVILEGES";
};
}
];
};
services.pgadmin = {
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
};
};
testScript = ''
machine.wait_for_unit("postgresql")
machine.wait_for_unit("pgadmin")
machine.wait_until_succeeds("curl -s localhost:5050")
'';
})

57
nixos/tests/pgadmin4.nix Normal file
View file

@ -0,0 +1,57 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
{
name = "pgadmin4";
meta.maintainers = with lib.maintainers; [ mkg20001 gador ];
nodes.machine = { pkgs, ... }: {
imports = [ ./common/user-account.nix ];
environment.systemPackages = with pkgs; [
curl
pgadmin4-desktopmode
];
services.postgresql = {
enable = true;
authentication = ''
host all all localhost trust
'';
ensureUsers = [
{
name = "postgres";
ensurePermissions = {
"DATABASE \"postgres\"" = "ALL PRIVILEGES";
};
}
];
};
services.pgadmin = {
port = 5051;
enable = true;
initialEmail = "bruh@localhost.de";
initialPasswordFile = pkgs.writeText "pw" "bruh2012!";
};
};
testScript = ''
with subtest("Check pgadmin module"):
machine.wait_for_unit("postgresql")
machine.wait_for_unit("pgadmin")
machine.wait_until_succeeds("curl -s localhost:5051")
machine.wait_until_succeeds("curl -s localhost:5051/login | grep \"<title>pgAdmin 4</title>\" > /dev/null")
# pgadmin4 module saves the configuration to /etc/pgadmin/config_system.py
# pgadmin4-desktopmode tries to read that as well. This normally fails with a PermissionError, as the config file
# is owned by the user of the pgadmin module. With the check-system-config-dir.patch this will just throw a warning
# but will continue and not read the file.
# If we run pgadmin4-desktopmode as root (something one really shouldn't do), it can read the config file and fail,
# because of the wrong config for desktopmode.
with subtest("Check pgadmin standalone desktop mode"):
machine.execute("sudo -u alice pgadmin4 >&2 &", timeout=60)
machine.wait_until_succeeds("curl -s localhost:5050")
machine.wait_until_succeeds("curl -s localhost:5050/browser/ | grep \"<title>pgAdmin 4</title>\" > /dev/null")
'';
})

View file

@ -0,0 +1,17 @@
diff --git a/web/config.py b/web/config.py
index 4774043..5b73fd3 100644
--- a/web/config.py
+++ b/web/config.py
@@ -884,6 +884,12 @@ if os.path.exists(system_config_dir + '/config_system.py'):
user_config_settings.update(config_system_settings)
except ImportError:
pass
+ except PermissionError:
+ print(f"Permission denied to open {str(system_config_dir + '/config_system.py')}. \n \
+ If you are running pgadmin4-desktopmode please make sure you disable \n \
+ the pgadmin NixOS module first. If you rely on settings in \n \
+ {str(system_config_dir + '/config_system.py')}, please check the correct permissions.")
+ pass
# Update settings for 'LOG_FILE', 'SQLITE_PATH', 'SESSION_DB_PATH',
# 'AZURE_CREDENTIAL_CACHE_DIR', 'KERBEROS_CCACHE_DIR', 'STORAGE_DIR'

View file

@ -9,6 +9,7 @@
, fetchPypi
, postgresqlTestHook
, postgresql
, server-mode ? true
}:
let
@ -88,6 +89,8 @@ pythonPackages.buildPythonApplication rec {
patches = [
# Expose setup.py for later use
./expose-setup.py.patch
# check for permission of /etc/pgadmin/config_system and don't fail
./check-system-config-dir.patch
];
postPatch = ''
@ -105,6 +108,10 @@ pythonPackages.buildPythonApplication rec {
sed 's|==|>=|g' -i requirements.txt
substituteInPlace pkg/pip/setup_pip.py \
--replace "req = req.replace('psycopg2', 'psycopg2-binary')" "req = req"
${lib.optionalString (!server-mode) ''
substituteInPlace web/config.py \
--replace "SERVER_MODE = True" "SERVER_MODE = False"
''}
'';
preBuild = ''
@ -242,7 +249,20 @@ pythonPackages.buildPythonApplication rec {
'';
meta = with lib; {
description = "Administration and development platform for PostgreSQL";
description = "Administration and development platform for PostgreSQL${optionalString (!server-mode) ". Desktop Mode"}";
longDescription = ''
pgAdmin 4 is designed to meet the needs of both novice and experienced Postgres users alike,
providing a powerful graphical interface that simplifies the creation, maintenance and use of database objects.
${if server-mode then ''
This version is build with SERVER_MODE set to True (the default). It will require access to `/var/lib/pgadmin`
and `/var/log/pgadmin`. This is the default version for the NixOS module `services.pgadmin`.
This should NOT be used in combination with the `pgadmin4-desktopmode` package as they will interfere.
'' else ''
This version is build with SERVER_MODE set to False. It will require access to `~/.pgadmin/`. This version is suitable
for single-user deployment or where access to `/var/lib/pgadmin` cannot be granted or the NixOS module cannot be used.
This should NOT be used in combination with the NixOS module `pgadmin` as they will interfere.
''}
'';
homepage = "https://www.pgadmin.org/";
license = licenses.mit;
changelog = "https://www.pgadmin.org/docs/pgadmin4/latest/release_notes_${lib.versions.major version}_${lib.versions.minor version}.html";

View file

@ -37950,6 +37950,8 @@ with pkgs;
pgadmin4 = callPackage ../tools/admin/pgadmin { };
pgadmin4-desktopmode = callPackage ../tools/admin/pgadmin { server-mode = false; };
pgmodeler = qt6Packages.callPackage ../applications/misc/pgmodeler { };
physlock = callPackage ../misc/screensavers/physlock { };