diff options
author | Aaron Andersen <aaron@fosslib.net> | 2020-08-12 21:06:31 -0400 |
---|---|---|
committer | Aaron Andersen <aaron@fosslib.net> | 2020-08-15 16:59:49 -0400 |
commit | ec82ae3c394600f79c2971ffca7b87a4f574cfea (patch) | |
tree | 7847afeebc8a409d39a521bb2e2f9789882bc340 /nixos/modules/services/databases | |
parent | edd758839ccc17eeb9b24b45ff52800c469e45f7 (diff) | |
download | nixpkgs-ec82ae3c394600f79c2971ffca7b87a4f574cfea.tar nixpkgs-ec82ae3c394600f79c2971ffca7b87a4f574cfea.tar.gz nixpkgs-ec82ae3c394600f79c2971ffca7b87a4f574cfea.tar.bz2 nixpkgs-ec82ae3c394600f79c2971ffca7b87a4f574cfea.tar.lz nixpkgs-ec82ae3c394600f79c2971ffca7b87a4f574cfea.tar.xz nixpkgs-ec82ae3c394600f79c2971ffca7b87a4f574cfea.tar.zst nixpkgs-ec82ae3c394600f79c2971ffca7b87a4f574cfea.zip |
nixos/postgresql: run ExecStartPost as an unprivileged user
Diffstat (limited to 'nixos/modules/services/databases')
-rw-r--r-- | nixos/modules/services/databases/postgresql.nix | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 3e16b5907dd..2bb2ba73996 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -225,14 +225,15 @@ in Contents of the <filename>recovery.conf</filename> file. ''; }; + superUser = mkOption { type = types.str; - default= if versionAtLeast config.system.stateVersion "17.09" then "postgres" else "root"; + default = "postgres"; internal = true; + readOnly = true; description = '' - NixOS traditionally used 'root' as superuser, most other distros use 'postgres'. - From 17.09 we also try to follow this standard. Internal since changing this value - would lead to breakage while setting up databases. + PostgreSQL superuser account to use for various operations. Internal since changing + this value would lead to breakage while setting up databases. ''; }; }; @@ -336,7 +337,7 @@ in setupScript = pkgs.writeScript "postgresql-setup" ('' #!${pkgs.runtimeShell} -e - PSQL="${pkgs.utillinux}/bin/runuser -u ${cfg.superUser} -- psql --port=${toString cfg.port}" + PSQL="psql --port=${toString cfg.port}" while ! $PSQL -d postgres -c "" 2> /dev/null; do if ! kill -0 "$MAINPID"; then exit 1; fi @@ -362,7 +363,7 @@ in '') cfg.ensureUsers} ''); in - "+${setupScript}"; + "${setupScript}"; } (mkIf (cfg.dataDir == "/var/lib/postgresql/${cfg.package.psqlSchema}") { StateDirectory = "postgresql postgresql/${cfg.package.psqlSchema}"; |