TakeV
/
guix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

services: posgresql: Add option to specify UID/GID for postgres user. 

Add 'createAccount?', 'uid' and 'gid' to <postgresql-configuation>.

Unlike other system daemons, the PostgreSQL data directory is typically
meant to persist across 'guix system reconfigure' and once created, you
don't want it's UID or GID to change anymore.

Furthermore, if you want to place the data directory on a network share
and use NFSv4 with idmap, then the 'postgres' user must exist when the
'rpc.idmapd' daemon is launched; prior to mounting the share.  And it
needs to be possible to mount the share without configuring PostgreSQL.

With NFSv3, the UID and GID typically needs to match those on the
server.

The added options allow for both of these scenarios:

You can either create the user in (operating-system (users)) completely
independently of the 'postgresql-service-type' (for instance to get your
NFS setup working first prior to configuring your databases) - or "pin"
it's UID / GID values.

* gnu/services/databases.scm (<postgresql-configuration>)[create-account?]
[uid, gid]: New fields.
(%postgresql-accounts): Remove.
(create-postgresql-account): New procedure.
(postgresql-service-type)[extensions]: Use it.
* doc/guix.texi (Database Services): Update accordingly.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Martin Baulig 2023-07-17 18:13:42 -04:00 committed by Ludovic Courtès
parent fce924708c
commit 9dda747975
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 38 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doc/guix.texi
View File

@ -25179,6 +25179,20 @@ There is no need to add this field for contrib extensions such as hstore or
dblink as they are already loadable by postgresql. This field is only
required to add extensions provided by other packages.
@item @code{create-account?} (default: @code{#t})
Whether or not the @code{postgres} user and group should be created.
@item @code{uid} (default: @code{#f})
Explicitly specify the UID of the @code{postgres} daemon account.
You normally do not need to specify this, in which case a free UID will
be automatically assigned.
One situation where this option might be useful is if the @var{data-directory}
is located on a mounted network share.
@item @code{gid} (default: @code{#f})
Explicitly specify the GID of the @code{postgres} group.
@end table
@end deftp

35
gnu/services/databases.scm
View File

@ -180,17 +180,30 @@ host all all ::1/128 md5"))
(data-directory postgresql-configuration-data-directory
(default "/var/lib/postgresql/data"))
(extension-packages postgresql-configuration-extension-packages
(default '())))
(default '()))
(create-account? postgresql-configuration-create-account?
(default #t))
(uid postgresql-configuration-uid
(default #f))
(gid postgresql-configuration-gid
(default #f)))
(define %postgresql-accounts
(list (user-group (name "postgres") (system? #t))
(user-account
(name "postgres")
(group "postgres")
(system? #t)
(comment "PostgreSQL server user")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define (create-postgresql-account config)
(match-record config <postgresql-configuration>
(create-account? uid gid)
(if (not create-account?) '()
(list (user-group
(name "postgres")
(id gid)
(system? #t))
(user-account
(name "postgres")
(group "postgres")
(system? #t)
(uid uid)
(comment "PostgreSQL server user")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))))
(define (final-postgresql postgresql extension-packages)
(if (null? extension-packages)
@ -327,7 +340,7 @@ host all all ::1/128 md5"))
(service-extension activation-service-type
postgresql-activation)
(service-extension account-service-type
(const %postgresql-accounts))
create-postgresql-account)
(service-extension
profile-service-type
(compose list postgresql-configuration-postgresql))))