diff options
Diffstat (limited to 'nixos/modules/services/databases/postgresql.nix')
-rw-r--r-- | nixos/modules/services/databases/postgresql.nix | 96 |
1 files changed, 71 insertions, 25 deletions
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index c726a08e34f..fd4a195787f 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -11,23 +11,28 @@ let then cfg.package else cfg.package.withPackages (_: cfg.extraPlugins); + toStr = value: + if true == value then "yes" + else if false == value then "no" + else if isString value then "'${lib.replaceStrings ["'"] ["''"] value}'" + else toString value; + # The main PostgreSQL configuration file. - configFile = pkgs.writeText "postgresql.conf" - '' - hba_file = '${pkgs.writeText "pg_hba.conf" cfg.authentication}' - ident_file = '${pkgs.writeText "pg_ident.conf" cfg.identMap}' - log_destination = 'stderr' - log_line_prefix = '${cfg.logLinePrefix}' - listen_addresses = '${if cfg.enableTCPIP then "*" else "localhost"}' - port = ${toString cfg.port} - ${cfg.extraConfig} - ''; + configFile = pkgs.writeTextDir "postgresql.conf" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings)); + + configFileCheck = pkgs.runCommand "postgresql-configfile-check" {} '' + ${cfg.package}/bin/postgres -D${configFile} -C config_file >/dev/null + touch $out + ''; groupAccessAvailable = versionAtLeast postgresql.version "11.0"; in { + imports = [ + (mkRemovedOptionModule [ "services" "postgresql" "extraConfig" ] "Use services.postgresql.settings instead.") + ]; ###### interface @@ -53,6 +58,12 @@ in ''; }; + checkConfig = mkOption { + type = types.bool; + default = true; + description = "Check the syntax of the configuration file at compile time"; + }; + dataDir = mkOption { type = types.path; defaultText = "/var/lib/postgresql/\${config.services.postgresql.package.psqlSchema}"; @@ -69,11 +80,16 @@ in type = types.lines; default = ""; description = '' - Defines how users authenticate themselves to the server. By - default, "trust" access to local users will always be granted - along with any other custom options. If you do not want this, - set this option using "lib.mkForce" to override this - behaviour. + Defines how users authenticate themselves to the server. See the + <link xlink:href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html"> + PostgreSQL documentation for pg_hba.conf</link> + for details on the expected format of this option. By default, + peer based authentication will be used for users connecting + via the Unix socket, and md5 password authentication will be + used for users connecting via TCP. Any added rules will be + inserted above the default rules. If you'd like to replace the + default rules entirely, you can use <function>lib.mkForce</function> in your + module. ''; }; @@ -143,11 +159,11 @@ in For more information on how to specify the target and on which privileges exist, see the <link xlink:href="https://www.postgresql.org/docs/current/sql-grant.html">GRANT syntax</link>. - The attributes are used as <code>GRANT ''${attrName} ON ''${attrValue}</code>. + The attributes are used as <code>GRANT ''${attrValue} ON ''${attrName}</code>. ''; example = literalExample '' { - "DATABASE nextcloud" = "ALL PRIVILEGES"; + "DATABASE \"nextcloud\"" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; } ''; @@ -212,10 +228,28 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; - default = ""; - description = "Additional text to be appended to <filename>postgresql.conf</filename>."; + settings = mkOption { + type = with types; attrsOf (oneOf [ bool float int str ]); + default = {}; + description = '' + PostgreSQL configuration. Refer to + <link xlink:href="https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE"/> + for an overview of <literal>postgresql.conf</literal>. + + <note><para> + String values will automatically be enclosed in single quotes. Single quotes will be + escaped with two single quotes as described by the upstream documentation linked above. + </para></note> + ''; + example = literalExample '' + { + log_connections = true; + log_statement = "all"; + logging_collector = true + log_disconnections = true + log_destination = lib.mkForce "syslog"; + } + ''; }; recoveryConfig = mkOption { @@ -245,14 +279,24 @@ in config = mkIf cfg.enable { + services.postgresql.settings = + { + hba_file = "${pkgs.writeText "pg_hba.conf" cfg.authentication}"; + ident_file = "${pkgs.writeText "pg_ident.conf" cfg.identMap}"; + log_destination = "stderr"; + log_line_prefix = cfg.logLinePrefix; + listen_addresses = if cfg.enableTCPIP then "*" else "localhost"; + port = cfg.port; + }; + services.postgresql.package = # Note: when changing the default, make it conditional on # ‘system.stateVersion’ to maintain compatibility with existing # systems! - mkDefault (if versionAtLeast config.system.stateVersion "20.03" then pkgs.postgresql_11 + mkDefault (if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13 + else if versionAtLeast config.system.stateVersion "20.03" then pkgs.postgresql_11 else if versionAtLeast config.system.stateVersion "17.09" then pkgs.postgresql_9_6 - else if versionAtLeast config.system.stateVersion "16.03" then pkgs.postgresql_9_5 - else throw "postgresql_9_4 was removed, please upgrade your postgresql version."); + else throw "postgresql_9_5 was removed, please upgrade your postgresql version."); services.postgresql.dataDir = mkDefault "/var/lib/postgresql/${cfg.package.psqlSchema}"; @@ -281,6 +325,8 @@ in "/share/postgresql" ]; + system.extraDependencies = lib.optional (cfg.checkConfig && pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) configFileCheck; + systemd.services.postgresql = { description = "PostgreSQL Server"; @@ -304,7 +350,7 @@ in touch "${cfg.dataDir}/.first_startup" fi - ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf" + ln -sfn "${configFile}/postgresql.conf" "${cfg.dataDir}/postgresql.conf" ${optionalString (cfg.recoveryConfig != null) '' ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \ "${cfg.dataDir}/recovery.conf" |