[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
08/12: services: posgresql: Add option to specify UID/GID for postgres u
From: |
guix-commits |
Subject: |
08/12: services: posgresql: Add option to specify UID/GID for postgres user. |
Date: |
Wed, 16 Aug 2023 17:16:41 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 9dda7479755ba709bb9bb96614ea09ded566b6d3
Author: Martin Baulig <martin@baulig.is>
AuthorDate: Mon Jul 17 18:13:42 2023 -0400
services: posgresql: Add option to specify UID/GID for postgres user.
Add 'createAccount?', 'uid' and 'gid' to <postgresql-configuation>.
Unlike other system daemons, the PostgreSQL data directory is typically
meant to persist across 'guix system reconfigure' and once created, you
don't want it's UID or GID to change anymore.
Furthermore, if you want to place the data directory on a network share
and use NFSv4 with idmap, then the 'postgres' user must exist when the
'rpc.idmapd' daemon is launched; prior to mounting the share. And it
needs to be possible to mount the share without configuring PostgreSQL.
With NFSv3, the UID and GID typically needs to match those on the
server.
The added options allow for both of these scenarios:
You can either create the user in (operating-system (users)) completely
independently of the 'postgresql-service-type' (for instance to get your
NFS setup working first prior to configuring your databases) - or "pin"
it's UID / GID values.
* gnu/services/databases.scm (<postgresql-configuration>)[create-account?]
[uid, gid]: New fields.
(%postgresql-accounts): Remove.
(create-postgresql-account): New procedure.
(postgresql-service-type)[extensions]: Use it.
* doc/guix.texi (Database Services): Update accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
doc/guix.texi | 14 ++++++++++++++
gnu/services/databases.scm | 37 +++++++++++++++++++++++++------------
2 files changed, 39 insertions(+), 12 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 22590b4f9c..e2e61f0f2d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -25179,6 +25179,20 @@ There is no need to add this field for contrib
extensions such as hstore or
dblink as they are already loadable by postgresql. This field is only
required to add extensions provided by other packages.
+@item @code{create-account?} (default: @code{#t})
+Whether or not the @code{postgres} user and group should be created.
+
+@item @code{uid} (default: @code{#f})
+Explicitly specify the UID of the @code{postgres} daemon account.
+You normally do not need to specify this, in which case a free UID will
+be automatically assigned.
+
+One situation where this option might be useful is if the @var{data-directory}
+is located on a mounted network share.
+
+@item @code{gid} (default: @code{#f})
+Explicitly specify the GID of the @code{postgres} group.
+
@end table
@end deftp
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 7148971c1d..d3fee2a8ef 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -180,17 +180,30 @@ host all all ::1/128 md5"))
(data-directory postgresql-configuration-data-directory
(default "/var/lib/postgresql/data"))
(extension-packages postgresql-configuration-extension-packages
- (default '())))
-
-(define %postgresql-accounts
- (list (user-group (name "postgres") (system? #t))
- (user-account
- (name "postgres")
- (group "postgres")
- (system? #t)
- (comment "PostgreSQL server user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
+ (default '()))
+ (create-account? postgresql-configuration-create-account?
+ (default #t))
+ (uid postgresql-configuration-uid
+ (default #f))
+ (gid postgresql-configuration-gid
+ (default #f)))
+
+(define (create-postgresql-account config)
+ (match-record config <postgresql-configuration>
+ (create-account? uid gid)
+ (if (not create-account?) '()
+ (list (user-group
+ (name "postgres")
+ (id gid)
+ (system? #t))
+ (user-account
+ (name "postgres")
+ (group "postgres")
+ (system? #t)
+ (uid uid)
+ (comment "PostgreSQL server user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))))
(define (final-postgresql postgresql extension-packages)
(if (null? extension-packages)
@@ -327,7 +340,7 @@ host all all ::1/128 md5"))
(service-extension activation-service-type
postgresql-activation)
(service-extension account-service-type
- (const %postgresql-accounts))
+ create-postgresql-account)
(service-extension
profile-service-type
(compose list postgresql-configuration-postgresql))))
- 04/12: gnu: tor: Update to 0.4.7.14., (continued)
- 04/12: gnu: tor: Update to 0.4.7.14., guix-commits, 2023/08/16
- 01/12: gnu: cuirass: Update to 7416bb9., guix-commits, 2023/08/16
- 12/12: gnu: ddclient: Remove package., guix-commits, 2023/08/16
- 03/12: guix home: Create /tmp in container if needed., guix-commits, 2023/08/16
- 02/12: gnu: perf: Add now required dependency on libtraceevent., guix-commits, 2023/08/16
- 06/12: gnu: qpwgraph: Update to 0.5.2., guix-commits, 2023/08/16
- 07/12: Update email addresses for Juliana Sims., guix-commits, 2023/08/16
- 05/12: gnu: git-lfs: Update to 3.4.0., guix-commits, 2023/08/16
- 10/12: gnu: libwebp: Replace with 1.3.1. [fixes CVE-2023-1999], guix-commits, 2023/08/16
- 11/12: Revert "services: Add ddclient service.", guix-commits, 2023/08/16
- 08/12: services: posgresql: Add option to specify UID/GID for postgres user.,
guix-commits <=
- 09/12: gnu: guile-png: Update to 0.7.0., guix-commits, 2023/08/16