use diesel for database migrations

flake.lock

@@ -152,6 +152,7 @@
         "data-accumulator": "data-accumulator",
         "decode-server": "decode-server",
         "docs": "docs",
+        "dump-dvb-rs": "dump-dvb-rs",
         "dvb-api": "dvb-api",
         "funnel": "funnel",
         "naersk": "naersk",
@@ -166,11 +167,11 @@
         "windshield": "windshield"
       },
       "locked": {
-        "lastModified": 1662156952,
-        "narHash": "sha256-FTaW9cntSlM40WuY2mc9RNgV63VdSmJA8dvwvsiZjmM=",
+        "lastModified": 1662220283,
+        "narHash": "sha256-0yNA9KQNSnYAPTQ2Vg9oSOx4SVpLGb38swKp+xmiNwM=",
         "owner": "dump-dvb",
         "repo": "dump-dvb.nix",
-        "rev": "3617139f10a90c16ca09b7d02ca3346356ce2741",
+        "rev": "4263932413f0644eb7fe01386734c013a4587e94",
         "type": "github"
       },
       "original": {
@@ -179,6 +180,27 @@
         "type": "github"
       }
     },
+    "dump-dvb-rs": {
+      "inputs": {
+        "nixpkgs": [
+          "dump-dvb",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1662217018,
+        "narHash": "sha256-ehuiNyp0Uc+zRaTVZG+Bo9rhn3px7uTEHh/6Qh9qY8s=",
+        "owner": "dump-dvb",
+        "repo": "dump-dvb.rs",
+        "rev": "e25a510217122e924ca5b5b57b4518735d2ed580",
+        "type": "github"
+      },
+      "original": {
+        "owner": "dump-dvb",
+        "repo": "dump-dvb.rs",
+        "type": "github"
+      }
+    },
     "dump-dvb-rust": {
       "flake": false,
       "locked": {
@@ -332,11 +354,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1662025319,
-        "narHash": "sha256-ZJlBQ7jXynq4+Jg9+DgOe8FJG8sDIeFFYP3V3K98KUs=",
+        "lastModified": 1662099760,
+        "narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b82ccafb54163ab9024e893e578d840577785fea",
+        "rev": "67e45078141102f45eff1589a831aeaa3182b41e",
         "type": "github"
       },
       "original": {

flake.nix

@@ -63,7 +63,7 @@
         {
           "traffic-stop-box-${toString id}" = nixpkgs.lib.nixosSystem {
             system = arch;
-            specialArgs = { inherit inputs; };
+            specialArgs = inputs;
             modules = [
               sops-nix.nixosModules.sops
               dump-dvb.nixosModules.default
@@ -149,7 +149,7 @@
       nixosConfigurations = stop_boxes // {
         mobile-box = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
-          specialArgs = { inherit inputs; };
+          specialArgs = inputs;
           modules = [
             diskModule
             dump-dvb.nixosModules.default
@@ -168,7 +168,7 @@
         };
         data-hoarder = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
-          specialArgs = { inherit inputs; };
+          specialArgs = inputs;
           modules = [
             microvm.nixosModules.microvm
             ./hosts/data-hoarder/configuration.nix
@@ -177,7 +177,7 @@
         };
         staging-data-hoarder = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
-          specialArgs = { inherit inputs; };
+          specialArgs = inputs;
           modules = [
             ./hosts/staging/configuration.nix
             microvm.nixosModules.microvm

modules/data-hoarder/postgres.nix

@@ -1,99 +1,39 @@
-{ pkgs, config, ... }: {
+{ lib, pkgs, config, dump-dvb, ... }: {
 
   services.postgresql = {
     enable = true;
     port = 5432;
     package = pkgs.postgresql_14;
-    initialScript = pkgs.writeText "dvbdump-initScript" ''
-      CREATE DATABASE dvbdump;
-      CREATE USER dvbdump;
-      GRANT ALL PRIVILEGES ON DATABASE dvbdump TO dvbdump;
-      ALTER ROLE dvbdump WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password.path})';
-
-      CREATE USER grafana;
-      GRANT CONNECT ON DATABASE telegrams TO grafana;
-      GRANT SELECT ON ALL TABLES IN SCHEMA public TO grafana;
-      ALTER ROLE grafana WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password_grafana.path})';
-
-      \c telegrams
-      create table r09_telegrams (
-          id serial8 primary key not null,
-          time timestamp not null,
-          station UUID not null,
-          region integer not null,
-          telegram_type int8 not null,
-          delay int,
-          reporting_point int not null,
-          junction int not null,
-          direction int2 not null,
-          request_status int2 not null,
-          priority int2,
-          direction_request int2,
-          line int,
-          run_number int,
-          destination_number int,
-          train_length int2,
-          vehicle_number int,
-          operator int2
-        );
-      ALTER TABLE r09_telegrams OWNER TO telegrams;
-
-      create table raw_telegrams (
-          id serial8 primary key not null,
-          time timestamp not null,
-          station UUID not null,
-          region integer not null,
-          telegram_type int8 not null,
-          data bytea not null
-      );
-      ALTER TABLE raw_telegrams OWNER TO telegrams;
-      
-      \c dvbdump
-
-      CREATE TABLE users (
-          id UUID PRIMARY KEY,
-          name TEXT NOT NULL,
-          email TEXT NOT NULL,
-          password VARCHAR(100) NOT NULL,
-          role INT NOT NULL,
-          email_setting INT NOT NULL,
-          deactivated BOOL NOT NULL
-      );
-      ALTER TABLE users OWNER TO dvbdump;
-
-      CREATE TABLE regions (
-          id SERIAL PRIMARY KEY,
-          name TEXT NOT NULL,
-          transport_company TEXT NOT NULL,
-          regional_company TEXT,
-          frequency BIGINT,
-          r09_type INT,
-          encoding INT
-      );
-      ALTER TABLE regions OWNER TO dvbdump;
-
-      CREATE TABLE stations (
-          id UUID PRIMARY KEY,
-          token VARCHAR(36),
-          name TEXT NOT NULL,
-          lat DOUBLE PRECISION NOT NULL,
-          lon DOUBLE PRECISION NOT NULL,
-          region SERIAL REFERENCES regions(id) NOT NULL,
-          owner UUID REFERENCES users(id) NOT NULL,
-          approved BOOL NOT NULL,
-          deactivated BOOL NOT NULL,
-          public BOOL NOT NULL,
-          radio INT,
-          architecture INT,
-          device INT,
-          elevation DOUBLE PRECISION,
-          telegram_decoder_version INT[],
-          antenna Int
-      );
-      ALTER TABLE stations OWNER TO dvbdump;
-    '';
+    ensureDatabases = [ "dvbdump" ];
+    ensureUsers = [
+      {
+        name = "grafana";
+        ensurePermissions = {
+          # TODO: make shure grafana can't read tokens...
+          "DATABASE dvbdump" = "CONNECT";
+          "ALL TABLES IN SCHEMA public" = "SELECT";
+        };
+      }
+      {
+        name = "dvbdump";
+        ensurePermissions = {
+          "DATABASE dvbdump" = "ALL PRIVILEGES";
+        };
+      }
+    ];
   };
 
+  environment.systemPackages = [ dump-dvb.packages.x86_64-linux.run-database-migration ];
+
+  systemd.services.postgresql.postStart = lib.mkAfter ''
+    $PSQL -c "ALTER ROLE dvbdump WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password.path})';" 
+    $PSQL -c "ALTER ROLE grafana WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password_grafana.path})';" 
+
+    export DATABASE_URL=postgres://dvbdump:$(cat ${config.sops.secrets.postgres_password.path})@localhost/dvbdump
+    ${dump-dvb.packages.x86_64-linux.run-database-migration}/bin/run-migration
+    unset DATABASE_URL
+  '';
+
   systemd.services.dump-csv = {
     path = [ config.services.postgresql.package ];
     serviceConfig = {

modules/data-hoarder/secrets.nix

@@ -9,11 +9,11 @@ in
   users.groups = {
     postgres-dvbdump = {
       name = "postgres-dvbdump";
-      members = [ clicky-bunty-user data-accumulator-user ];
+      members = [ clicky-bunty-user data-accumulator-user "postgres" ];
     };
     postgres-telegrams = {
       name = "postgres-telegrams";
-      members = [ clicky-bunty-user data-accumulator-user ];
+      members = [ clicky-bunty-user data-accumulator-user "postgres" ];
     };
 
   };