nix/lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Forget the socket

Browse Source
This commit is contained in:
niten 2025-01-28 22:15:31 -08:00
parent 437fc6402f
commit caf1a162db
1 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
lib/fudo/postgres.nix
View File

@ -208,23 +208,23 @@ in {
default = { }; default = { };
}; };
socket-directory = mkOption { # socket-directory = mkOption {
type = str; # type = str;
description = "Directory in which to place unix sockets."; # description = "Directory in which to place unix sockets.";
default = "/run/postgresql"; # default = "/run/postgresql";
}; # };
socket-group = mkOption { # socket-group = mkOption {
type = str; # type = str;
description = "Group for accessing sockets."; # description = "Group for accessing sockets.";
default = "postgres_local"; # default = "postgres_local";
}; # };
local-users = mkOption { # local-users = mkOption {
type = listOf str; # type = listOf str;
description = "Users able to access the server via local socket."; # description = "Users able to access the server via local socket.";
default = [ ]; # default = [ ];
}; # };
required-services = mkOption { required-services = mkOption {
type = listOf str; type = listOf str;
@ -258,9 +258,9 @@ in {
environment.systemPackages = with pkgs; [ cfg.package ]; environment.systemPackages = with pkgs; [ cfg.package ];
users.groups = { # users.groups = {
${cfg.socket-group} = { members = [ "postgres" ] ++ cfg.local-users; }; # ${cfg.socket-group} = { members = [ "postgres" ] ++ cfg.local-users; };
}; # };
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -288,9 +288,9 @@ in {
ssl_cert_file = mkIf ssl-enabled cfg.ssl-certificate; ssl_cert_file = mkIf ssl-enabled cfg.ssl-certificate;
ssl_key_file = mkIf ssl-enabled cfg.ssl-private-key; ssl_key_file = mkIf ssl-enabled cfg.ssl-private-key;
unix_socket_directories = cfg.socket-directory; # unix_socket_directories = cfg.socket-directory;
unix_socket_group = cfg.socket-group; # unix_socket_group = cfg.socket-group;
unix_socket_permissions = "0777"; # unix_socket_permissions = "0777";
log_min_error_statement = "DEBUG3"; log_min_error_statement = "DEBUG3";
}; };
@ -395,7 +395,7 @@ in {
# Wait a bit before starting dependent services, to let postgres finish initializing # Wait a bit before starting dependent services, to let postgres finish initializing
serviceConfig = { serviceConfig = {
ReadWritePaths = [ cfg.socket-directory ]; # ReadWritePaths = [ cfg.socket-directory ];
ExecStartPost = mkAfter [ "${pkgs.coreutils}/bin/sleep 10" ]; ExecStartPost = mkAfter [ "${pkgs.coreutils}/bin/sleep 10" ];
}; };
@ -435,7 +435,7 @@ in {
${pkgs.postgresql}/bin/psql --port ${ ${pkgs.postgresql}/bin/psql --port ${
toString config.services.postgresql.port toString config.services.postgresql.port
} -d postgres -f ${extra-settings-sql} } -d postgres -f ${extra-settings-sql}
chgrp ${cfg.socket-group} ${cfg.socket-directory}/.s.PGSQL* # chgrp ${cfg.socket-group} ${cfg.socket-directory}/.s.PGSQL*
''; '';
}; };
}; };