-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/postgresql: enrich ensure users and databases support #255961
Conversation
018e44e
to
fb401ad
Compare
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/anybody-wanna-adopt-203474/25524/2 |
fb401ad
to
9af7db2
Compare
ensureDatabases = [ | ||
{ | ||
name = "hedgedocdb"; | ||
owner = "hedgedoc"; | ||
} | ||
]; | ||
ensureUsers = [ | ||
{ | ||
name = "hedgedoc"; | ||
passwordFile = pkgs.writeText "hedgedoc-password" "snakeoilpassword"; | ||
ensureClauses.login = true; | ||
} | ||
]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know why the dbname and owner don't match here and why not socket auth is used but I also don't have enough time to also maintain the tests of my packages. sigh. :(
e098c0a
to
22e31c0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great. Thanks a lot!
# command line options. | ||
psqlCmd = cmd: args: concatStringsSep " " ( | ||
[ "$PSQL -tA" ] | ||
++ args |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
args
doesn't seem to be used. What do you think of removing it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
args
is actually used a few lines below in ensureUsers
@GrahamcOfBorg test postgresql postgresql-ensure |
Specifically, this commit makes it possible to set various database parameters beside just the name.
This reorganizes the ensure code generation to make the code a bit less dense and also do general cleanups. Most importantly, the order is changed to first create users, then databases, and finally clauses and grants. This allows the database creation to refer to new users as owners. Co-authored-by: Sefa Eyeoglu <[email protected]> Signed-off-by: Sefa Eyeoglu <[email protected]>
This replaces the explicit database setup script to instead use the PostgreSQL `ensureUsers` and `ensureDatabases` options.
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
Signed-off-by: Sefa Eyeoglu <[email protected]>
22e31c0
to
86f9827
Compare
Unfortunately, It looks like this will a bit late for helping us adapt to postgres 15 for 23.11. For now, we'll deprecate I would very much like to give a proper look at this approach for 24.05, especially also look at ways this could tie into system - wide approach towards state management and migrations. Also I'd like to look for a way to get the benefits of ensure-style options, while avoiding the pitfalls of convergent configuration management I wrote out my initial thoughts here: #267365 |
I'll close this as I don't really intend on working on this much further. Though feel free to continue this, as we don't have an alternative to convergent configuration management for databases in Nixpkgs atm. |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/what-about-state-management/37082/1 |
Description of changes
Based on #203474
TODOs
ensureClauses
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)