public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/postgresql: support 0750 for data directory (#65245)

Browse Source 
* nixos/postgresql: support 0750 for data directory

This is rework of part of https://github.com/NixOS/nixpkgs/pull/46670.
My usecase was to be able to inspect PG datadir as wheel user.

PG11 now allows starting server with 0750 mask for data dir.
`groupAccess = true` now does this automatically. The only thing you have to do
is to set group ownership.

For PG10 and below, I've described a hack how this can be done. Before this PR
hack was impossible. The hack isn't ideal, because there is short
period of time when dir mode is 0700, so I didn't want to make it official.

Test/example is present too.

* postgresql: allow changing initidb arguments via module system

Closes https://github.com/NixOS/nixpkgs/issues/18829

+ some cleanups

* addressed review comments and some fixes

* whoops

* change groupAccess to tristate, to not force `chmod` on dataDir.

Making mask either 0700 or 0750 is too restrictive..

* WIP

* let's not support group mode for versions pre-11.

The only fix is to change mode to 0700 before start, because otherwise postgresql
doesn't start, and error is non-obvious.
This commit is contained in:
Danylo Hlynskyi 2020-02-14 20:51:20 +02:00 committed by GitHub
commit 5443eee47c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
nixos/modules/services/databases/postgresql.nix
View File

@ -22,6 +22,8 @@ let
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
groupAccessAvailable = versionAtLeast postgresql.version "11.0";
in in
{ {
@ -88,6 +90,16 @@ in
''; '';
}; };
initdbArgs = mkOption {
type = with types; listOf str;
default = [];
example = [ "--data-checksums" "--allow-group-access" ];
description = ''
Additional arguments passed to <literal>initdb<literal> during data dir
initialisation.
'';
};
initialScript = mkOption { initialScript = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
@ -220,7 +232,7 @@ in
###### implementation ###### implementation
config = mkIf config.services.postgresql.enable { config = mkIf cfg.enable {
services.postgresql.package = services.postgresql.package =
# Note: when changing the default, make it conditional on # Note: when changing the default, make it conditional on
@ -232,8 +244,9 @@ in
else throw "postgresql_9_4 was removed, please upgrade your postgresql version."); else throw "postgresql_9_4 was removed, please upgrade your postgresql version.");
services.postgresql.dataDir = services.postgresql.dataDir =
mkDefault (if versionAtLeast config.system.stateVersion "17.09" then "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}" mkDefault (if versionAtLeast config.system.stateVersion "17.09"
else "/var/db/postgresql"); then "/var/lib/postgresql/${cfg.package.psqlSchema}"
else "/var/db/postgresql");
services.postgresql.authentication = mkAfter services.postgresql.authentication = mkAfter
'' ''
@ -284,7 +297,7 @@ in
'' ''
# Initialise the database. # Initialise the database.
if ! test -e ${cfg.dataDir}/PG_VERSION; then if ! test -e ${cfg.dataDir}/PG_VERSION; then
initdb -U ${cfg.superUser} initdb -U ${cfg.superUser} ${concatStringsSep " " cfg.initdbArgs}
# See postStart! # See postStart!
touch "${cfg.dataDir}/.first_startup" touch "${cfg.dataDir}/.first_startup"
fi fi
@ -293,8 +306,12 @@ in
ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \ ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \
"${cfg.dataDir}/recovery.conf" "${cfg.dataDir}/recovery.conf"
''} ''}
${optionalString (!groupAccessAvailable) ''
# postgresql pre 11.0 doesn't start if state directory mode is group accessible
chmod 0700 "${cfg.dataDir}"
''}
exec postgres exec postgres
''; '';
serviceConfig = serviceConfig =
@ -303,7 +320,7 @@ in
Group = "postgres"; Group = "postgres";
PermissionsStartOnly = true; PermissionsStartOnly = true;
RuntimeDirectory = "postgresql"; RuntimeDirectory = "postgresql";
Type = if lib.versionAtLeast cfg.package.version "9.6" Type = if versionAtLeast cfg.package.version "9.6"
then "notify" then "notify"
else "simple"; else "simple";
@ -352,5 +369,5 @@ in
}; };
meta.doc = ./postgresql.xml; meta.doc = ./postgresql.xml;
meta.maintainers = with lib.maintainers; [ thoughtpolice ]; meta.maintainers = with lib.maintainers; [ thoughtpolice danbst ];
} }

3
pkgs/servers/sql/postgresql/default.nix
View File

@ -175,6 +175,9 @@ let
cp --target-directory=$out/bin ${postgresql}/bin/{postgres,pg_config,pg_ctl} cp --target-directory=$out/bin ${postgresql}/bin/{postgres,pg_config,pg_ctl}
wrapProgram $out/bin/postgres --set NIX_PGLIBDIR $out/lib wrapProgram $out/bin/postgres --set NIX_PGLIBDIR $out/lib
''; '';
passthru.version = postgresql.version;
passthru.psqlSchema = postgresql.psqlSchema;
}; };
in self: { in self: {