nixos/postgresql: enrich ensure users and databases support #255961
Conversation
github-actions
bot
added
6.topic: nixos
ofborg
bot
added
the
2.status: merge conflict
Scrumplex
force-pushed
the
nixos/postgresql/better-ensure
branch
7 times, most recently
from
018e44e
to
fb401ad
Compare
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/anybody-wanna-adopt-203474/25524/2 |
ofborg
bot
added
10.rebuild-darwin: 0
Scrumplex
changed the title
Scrumplex
force-pushed
the
nixos/postgresql/better-ensure
branch
from
fb401ad
to
9af7db2
Compare
| ensureDatabases = [ | ||
| { | ||
| name = "hedgedocdb"; | ||
| owner = "hedgedoc"; | ||
| } | ||
| ]; | ||
| ensureUsers = [ | ||
| { | ||
| name = "hedgedoc"; | ||
| passwordFile = pkgs.writeText "hedgedoc-password" "snakeoilpassword"; | ||
| ensureClauses.login = true; | ||
| } | ||
| ]; |
There was a problem hiding this comment.
I don't know why the dbname and owner don't match here and why not socket auth is used but I also don't have enough time to also maintain the tests of my packages. sigh. :(
Scrumplex
force-pushed
the
nixos/postgresql/better-ensure
branch
from
e098c0a
to
22e31c0
Compare
| # command line options. | ||
| psqlCmd = cmd: args: concatStringsSep " " ( | ||
| [ "$PSQL -tA" ] | ||
| ++ args |
There was a problem hiding this comment.
args doesn't seem to be used. What do you think of removing it?
There was a problem hiding this comment.
args is actually used a few lines below in ensureUsers
|
@GrahamcOfBorg test postgresql postgresql-ensure |
Specifically, this commit makes it possible to set various database parameters beside just the name.
This reorganizes the ensure code generation to make the code a bit less dense and also do general cleanups. Most importantly, the order is changed to first create users, then databases, and finally clauses and grants. This allows the database creation to refer to new users as owners. Co-authored-by: Sefa Eyeoglu <[email protected]> Signed-off-by: Sefa Eyeoglu <[email protected]>
This replaces the explicit database setup script to instead use the PostgreSQL `ensureUsers` and `ensureDatabases` options.
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Scrumplex
force-pushed
the
nixos/postgresql/better-ensure
branch
from
22e31c0
to
86f9827
Compare
|
Unfortunately, It looks like this will a bit late for helping us adapt to postgres 15 for 23.11. For now, we'll deprecate I would very much like to give a proper look at this approach for 24.05, especially also look at ways this could tie into system - wide approach towards state management and migrations. Also I'd like to look for a way to get the benefits of ensure-style options, while avoiding the pitfalls of convergent configuration management I wrote out my initial thoughts here: #267365 |
|
I'll close this as I don't really intend on working on this much further. Though feel free to continue this, as we don't have an alternative to convergent configuration management for databases in Nixpkgs atm. |
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/what-about-state-management/37082/1 |
Description of changes
Based on #203474
TODOs
ensureClausesThings done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)