ping

ping @bluescreen303 @offline @wkennington @cstrahan @rvl
(Not sure who to ping, I took the list from the mongodb package / nixos test)

We have been using this PR for the last 2 months in production without any problem.

ping

sorry, this seems to have gotten very little attention. I would test it, if you rebase it on the current master.

Rebased on current master.

Wouldn't the option initalPassword would be enough? We could test against it being != null instaed of havin the enableAuth option.

I think you are right, initialRootPassword is enough from a technical point of view.

I am wondering a bit about discoverability though. It may not be clear that initialRootPassword also enables authentication. Or is there maybe another way to name/structure it?

Maybe it's enough to mention the authentication in the description of initialRootPassword. I'm not entirely sure, that this is better though.

So I prefer the current way with both enableAuth and initialRootPassword, but if you feel strongly about this I can change it to only use initialRootPassword. What do you suggest?

I'm ok with having both.

do you want to squash or should I do it?

Thank you for taking this up and merging it 👍

@phile314-fh Doesn't mongodb supports socket authentication? Having a root password option (even if just 'initial') is never desirable, especially if we could work around that problem by using socket authentication.

I know I'm a little bit late to the game here, seeing how this PR was merged 2 months ago, but it seems likely I'll have to start using mongodb in during the 19.09 release of NixOS. After reviewing the differences between the mongodb service in 19.03 and the service in master your PR seemed to make the code a fair bit more complex so I was hoping if it is possible we might simplify before 19.09. Thoughts on switching to socket authentication instead of prompting for passwords to store in a world readable location? Is it possible with mongodb?

I do agree that the current state is by far not an optimal solution, just the best I could come up with .....

What exactly do you mean by socket authentication? Do you have a link?

@phile314-fh I'm not a mongodb user so it seems some of my assumptions about socket authentication weren't correct. I had assumed unix socket authentication worked similar in mongodb as it does in mysql or postgresql: it does not.

That being said after some research I have discovered there is Localhost Exception which allows you to enable authentication but still have a user connect without a password via localhost only if there are no users in the database yet. The localhost login would only be authorized to create an admin user account and nothing else.

Would this be more or less desirable than what is currently in place? The one advantage I see is that it forces the db admin to securely set a password, whereas with initialRootPassword the db admin could set and leave an insecure password.

I'll be updating this module to remove the PermissionsStartOnly only reference (as this is deprecated) and while I'm in there I could change the module to use the localhost exception if you think that is better than using initialRootPassword. Let me know. Thanks!

ping @phile314-fh any opinion on that?

I just checked if mongodb would support hashed passwords, but it seems it requires the cleartext password for account creation. So I agree, removing the initialRootPassword is the best way forward. If somebody really wants to create a hard-coded root account, they can abuse the initialScript, but then they are clearly on their own.