Merge pull request #60 from ptitfred/postgresql/password-set-if-missing

postgresql: Only set password if missing
ptitfred · Aug 10, 2023 · a310617 · a310617
2 parents 77b93c3 + 07ce623
commit a310617
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/nixos/personal-infrastructure/postgresql.nix b/nixos/personal-infrastructure/postgresql.nix
@@ -96,7 +96,16 @@ let cfg = config.personal-infrastructure.postgresql;
 
     mkAlterRoleStatement = name: def:
       lib.strings.optionalString (builtins.isString def.initialPassword) ''
-        ALTER ROLE "${name}" WITH PASSWORD '${def.initialPassword}';
+        DO $do$
+        BEGIN
+          IF EXISTS (SELECT * FROM pg_shadow WHERE usename = '${name}' AND passwd IS null)
+          THEN
+            RAISE NOTICE 'Setting password for user ${name}';
+            ALTER ROLE "${name}" WITH PASSWORD '${def.initialPassword}';
+          ELSE
+            RAISE NOTICE 'Nothing to do for user ${name}';
+          END IF;
+        END $do$;
       '';
 in
 {