#!/bin/bash PSQL_ROOT_PWD_FILE=/etc/yunohost/psql # Open a connection as a user # # example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;" # example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql # # usage: ynh_psql_connect_as --user=user --password=password [--database=database] # | arg: -u, --user - the user name to connect as # | arg: -p, --password - the user password # | arg: -d, --database - the database to connect to ynh_psql_connect_as() { # Declare an array to define the options of this helper. local legacy_args=upd declare -Ar args_array=( [u]=user= [p]=password= [d]=database= ) local user local password local database # Manage arguments with getopts ynh_handle_getopts_args "$@" database="${database:-}" sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$password" psql "$database" } # Execute a command as root user # # usage: ynh_psql_execute_as_root --sql=sql [--database=database] # | arg: -s, --sql - the SQL command to execute # | arg: -d, --database - the database to connect to ynh_psql_execute_as_root () { # Declare an array to define the options of this helper. local legacy_args=sd declare -Ar args_array=( [s]=sql= [d]=database= ) local sql local database # Manage arguments with getopts ynh_handle_getopts_args "$@" database="${database:-}" ynh_psql_connect_as --user="postgres" --password="$(sudo cat $PSQL_ROOT_PWD_FILE)" \ --database="$database" <<< "$sql" } # Execute a command from a file as root user # # usage: ynh_psql_execute_file_as_root --file=file [--database=database] # | arg: -f, --file - the file containing SQL commands # | arg: -d, --database - the database to connect to ynh_psql_execute_file_as_root() { # Declare an array to define the options of this helper. local legacy_args=fd declare -Ar args_array=( [f]=file= [d]=database= ) local file local database # Manage arguments with getopts ynh_handle_getopts_args "$@" database="${database:-}" ynh_psql_connect_as --user="postgres" --password="$(sudo cat $PSQL_ROOT_PWD_FILE)" \ --database="$database" < "$file" } # Create a database and grant optionnaly privilegies to a user # # [internal] # # usage: ynh_psql_create_db db [user [pwd]] # | arg: db - the database name to create # | arg: user - the user to grant privilegies # | arg: pwd - the password to identify user by ynh_psql_create_db() { local db=$1 ynh_psql_create_user "$user" "$pwd" sudo --login --user=postgres createdb --owner="$user" "$db" } # Drop a database # # [internal] # # If you intend to drop the database *and* the associated user, # consider using ynh_psql_remove_db instead. # # usage: ynh_psql_drop_db db # | arg: db - the database name to drop ynh_psql_drop_db() { local db=$1 sudo --login --user=postgres dropdb $db } # Dump a database # # example: ynh_psql_dump_db 'roundcube' > ./dump.sql # # usage: ynh_psql_dump_db --database=database # | arg: -d, --database - the database name to dump # | ret: the psqldump output ynh_psql_dump_db() { # Declare an array to define the options of this helper. local legacy_args=d declare -Ar args_array=( [d]=database= ) local database # Manage arguments with getopts ynh_handle_getopts_args "$@" sudo --login --user=postgres pg_dump "$database" } # Create a user # # [internal] # # usage: ynh_psql_create_user user pwd [host] # | arg: user - the user name to create # | arg: pwd - the password to identify user by ynh_psql_create_user() { local user=$1 local psql=$2 ynh_psql_execute_as_root --sql="CREATE USER $user WITH PASSWORD '$pwd'" } # Check if a psql user exists # # usage: ynh_psql_user_exists --user=user # | arg: -u, --user - the user for which to check existence ynh_psql_user_exists() { # Declare an array to define the options of this helper. local legacy_args=u declare -Ar args_array=( [u]=user= ) local user # Manage arguments with getopts ynh_handle_getopts_args "$@" if [[ -n $(sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(sudo cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT rolname FROM pg_roles WHERE rolname='$user';") ]] then return 1 else return 0 fi } # Create a database, an user and its password. Then store the password in the app's config # # After executing this helper, the password of the created database will be available in $db_pwd # It will also be stored as "psqlpwd" into the app settings. # # usage: ynh_psql_setup_db user name [pwd] # | arg: user - Owner of the database # | arg: name - Name of the database # | arg: pwd - Password of the database. If not given, a password will be generated ynh_psql_setup_db () { local db_user="$1" local db_name="$2" local new_db_pwd=$(ynh_string_random) # Generate a random password # If $3 is not given, use new_db_pwd instead for db_pwd. local db_pwd="${3:-$new_db_pwd}" ynh_psql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config } # Create a database and grant privilegies to a user # # usage: ynh_psql_create_db db [user [pwd]] # | arg: db - the database name to create # | arg: user - the user to grant privilegies # | arg: pwd - the user password ynh_psql_create_db() { local db="$1" local user="$2" local pwd="$3" ynh_psql_create_user "$user" "$pwd" sudo --login --user=postgres createdb --owner="$user" "$db" } # Drop a database # # usage: ynh_psql_drop_db db # | arg: db - the database name to drop # | arg: user - the user to drop ynh_psql_remove_db() { local db="$1" local user="$2" sudo --login --user=postgres dropdb "$db" ynh_psql_drop_user "$user" } # Dump a database # # example: ynh_psql_dump_db 'roundcube' > ./dump.sql # # usage: ynh_psql_dump_db db # | arg: db - the database name to dump # | ret: the psqldump output ynh_psql_dump_db() { local db="$1" sudo --login --user=postgres pg_dump "$db" } # Create a user # # usage: ynh_psql_create_user user pwd [host] # | arg: user - the user name to create ynh_psql_create_user() { local user="$1" local pwd="$2" sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd'" postgres } # Drop a user # # usage: ynh_psql_drop_user user # | arg: user - the user name to drop ynh_psql_drop_user() { local user="$1" sudo --login --user=postgres dropuser "$user" } # Create a master password and set up global settings # Please always call this script in install and restore scripts # # usage: ynh_psql_test_if_first_run ynh_psql_test_if_first_run() { if [ -f /etc/yunohost/psql ]; then echo "PostgreSQL is already installed, no need to create master password" else local pgsql="$(ynh_string_random)" echo "$pgsql" > /etc/yunohost/psql if [ -e /etc/postgresql/9.4/ ] then local pg_hba=/etc/postgresql/9.4/main/pg_hba.conf elif [ -e /etc/postgresql/9.6/ ] then local pg_hba=/etc/postgresql/9.6/main/pg_hba.conf else ynh_die "postgresql shoud be 9.4 or 9.6" fi systemctl start postgresql sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres # force all user to connect to local database using passwords # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF # Note: we can't use peer since YunoHost create users with nologin # See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user sed -i '/local\s*all\s*all\s*peer/i \ local all all password' "$pg_hba" systemctl enable postgresql systemctl reload postgresql fi }