diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-02-10 12:01:06 +0100 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-02-10 12:01:06 +0100 |
| commit | 652ff6902c733eddde84f0b6798c31a8beaa95d6 (patch) | |
| tree | eb84c465407051322cb7b07e7807981c4dc415f8 /nixos | |
| parent | e8923794723781e775433d444b77cac464b1ffa2 (diff) | |
| parent | 90ef11ddcdb8ba0c1bddcd50f1a88df3c42f5cf4 (diff) | |
| download | nixpkgs-652ff6902c733eddde84f0b6798c31a8beaa95d6.tar nixpkgs-652ff6902c733eddde84f0b6798c31a8beaa95d6.tar.gz nixpkgs-652ff6902c733eddde84f0b6798c31a8beaa95d6.tar.bz2 nixpkgs-652ff6902c733eddde84f0b6798c31a8beaa95d6.tar.lz nixpkgs-652ff6902c733eddde84f0b6798c31a8beaa95d6.tar.xz nixpkgs-652ff6902c733eddde84f0b6798c31a8beaa95d6.tar.zst nixpkgs-652ff6902c733eddde84f0b6798c31a8beaa95d6.zip | |
Merge pull request #12910 from abbradar/postgresql-no-su
postgresql service: don't use su
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/databases/postgresql.nix | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index c2045a5859c..957fb4723a5 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -177,7 +177,7 @@ in users.extraGroups.postgres.gid = config.ids.gids.postgres; - environment.systemPackages = [postgresql]; + environment.systemPackages = [ postgresql ]; systemd.services.postgresql = { description = "PostgreSQL Server"; @@ -187,35 +187,37 @@ in environment.PGDATA = cfg.dataDir; - path = [ pkgs.su postgresql ]; + path = [ postgresql ]; preStart = '' - # Initialise the database. + # Create data directory. if ! test -e ${cfg.dataDir}/PG_VERSION; then - mkdir -m 0700 -p ${cfg.dataDir} - rm -f ${cfg.dataDir}/*.conf - if [ "$(id -u)" = 0 ]; then - chown -R postgres ${cfg.dataDir} - su -s ${pkgs.stdenv.shell} postgres -c 'initdb -U root' - else - # For non-root operation. - initdb - fi - # See postStart! - touch "${cfg.dataDir}/.first_startup" + mkdir -m 0700 -p ${cfg.dataDir} + rm -f ${cfg.dataDir}/*.conf + chown -R postgres:postgres ${cfg.dataDir} fi + ''; # */ + script = + '' + # Initialise the database. + if ! test -e ${cfg.dataDir}/PG_VERSION; then + initdb -U root + # See postStart! + touch "${cfg.dataDir}/.first_startup" + fi ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf" ${optionalString (cfg.recoveryConfig != null) '' ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \ "${cfg.dataDir}/recovery.conf" ''} - ''; # */ + + exec postgres ${toString flags} + ''; serviceConfig = - { ExecStart = "@${postgresql}/bin/postgres postgres ${toString flags}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + { ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; User = "postgres"; Group = "postgres"; PermissionsStartOnly = true; |