From 490b42a8129fdfc83d39bb416468567774539ea9 Mon Sep 17 00:00:00 2001
From: Yifei Sun <ysun@hey.com>
Date: Thu, 6 Jun 2024 17:17:10 +0900
Subject: [PATCH] mCaptcha: update setting of db user password

Co-authored-by: Ali Jamadi <jamadi1377@gmail.com>
Co-authored-by: Adrien Faure <adrien.faure@protonmail.com>
Co-authored-by: Shahar "Dawn" Or <mightyiampresence@gmail.com>
---
 .../tests/bring-your-own-services.nix         | 27 ++++++++++++++-----
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/projects/mCaptcha/tests/bring-your-own-services.nix b/projects/mCaptcha/tests/bring-your-own-services.nix
index f22ad991..290acf0f 100644
--- a/projects/mCaptcha/tests/bring-your-own-services.nix
+++ b/projects/mCaptcha/tests/bring-your-own-services.nix
@@ -1,4 +1,13 @@
-{sources, ...}: let
+{
+  sources,
+  lib,
+  ...
+}: let
+  inherit
+    (lib)
+    mkAfter
+    ;
+
   port = 7000;
   urlRoot = "http://localhost:${builtins.toString port}";
   redisPassword = "(*&(*):ps@r}";
@@ -22,7 +31,7 @@ in {
     services.mcaptcha.captcha.saltFile = pkgs.writeText "salt" "asdl;kjfhjawehfpa;osdkjasdvjaksndfpoanjdfainsdfaijdsfajlkjdsaf;ajsdfweroire";
 
     services.mcaptcha.settings.database.name = "my_mcaptcha";
-    services.mcaptcha.settings.database.username = "role_mcaptcha";
+    services.mcaptcha.settings.database.username = "my_mcaptcha";
     services.mcaptcha.settings.database.hostname = "my_own_services";
     services.mcaptcha.settings.database.port = 5432;
     services.mcaptcha.database.passwordFile = pkgs.writeText "db-password" "mcaptcha-db-secret";
@@ -38,10 +47,16 @@ in {
     networking.firewall.enable = false;
     services.postgresql.enable = true;
     services.postgresql.enableTCPIP = true;
-    services.postgresql.initialScript = pkgs.writeText "postgresql-init-script" ''
-      CREATE ROLE role_mcaptcha WITH LOGIN PASSWORD 'mcaptcha-db-secret';
-      CREATE DATABASE my_mcaptcha;
-      GRANT ALL PRIVILEGES ON DATABASE my_mcaptcha TO role_mcaptcha;
+    services.postgresql.ensureDatabases = ["my_mcaptcha"];
+    services.postgresql.ensureUsers = [
+      {
+        name = "my_mcaptcha";
+        ensureDBOwnership = true;
+      }
+    ];
+
+    systemd.services.postgresql.postStart = mkAfter ''
+      $PSQL my_mcaptcha -c "ALTER USER my_mcaptcha WITH PASSWORD 'mcaptcha-db-secret'"
     '';
     services.postgresql.authentication = ''
       #type  database  DBuser         auth-method