~ruther/guix-local

5bbb053beae788a0fdd81d360d6b8d268de9ae2d — Tomas Volf 1 year, 3 months ago 182e76d
services: postgresql-service-type: Allow allowing to log into the user.

It is often useful to be able to use the `postgres' user for management tasks,
so this commit allows setting that.  The default behavior is not changed.

I have also added missing exports and sorted them by alphabet.

* gnu/services/databases.scm (%default-home-directory): New variable.
(<postgresql-configuration>): Add home-directory, allow-login? fields.
(create-postgresql-account): Use them.
* doc/guix.texi (Database Services): Document it.

Change-Id: I2212e5082ff4e87c49a5a8a4711bf929dd08626a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
2 files changed, 36 insertions(+), 13 deletions(-)

M doc/guix.texi
M gnu/services/databases.scm
M doc/guix.texi => doc/guix.texi +12 -5
@@ 27527,11 27527,11 @@ don't need the cluster anymore, delete @var{data-directory}), then
restart the service.

Peer authentication is used by default and the @code{postgres} user
account has no shell, which prevents the direct execution of @code{psql}
commands as this user.  To use @code{psql}, you can temporarily log in
as @code{postgres} using a shell, create a PostgreSQL superuser with the
same name as one of the system users and then create the associated
database.
account has no shell (unless @code{allow-login?} is @code{#t}), which
prevents the direct execution of @code{psql} commands as this user.  To
use @code{psql}, you can temporarily log in as @code{postgres} using a
shell, create a PostgreSQL superuser with the same name as one of the
system users and then create the associated database.

@example
sudo -u postgres -s /bin/sh


@@ 27610,6 27610,13 @@ required to add extensions provided by other packages.
@item @code{create-account?} (default: @code{#t})
Whether or not the @code{postgres} user and group should be created.

@item @code{allow-login?} (default: @code{#f})
Whether or not to allow login into the created account.

@item @code{home-directory} (default: @code{"/var/empty"})
The home directory of the user.  It is strongly advised to change this
if you set @code{allow-login?} to @code{#t}.

@item @code{uid} (default: @code{#f})
Explicitly specify the UID of the @code{postgres} daemon account.
You normally do not need to specify this, in which case a free UID will

M gnu/services/databases.scm => gnu/services/databases.scm +24 -8
@@ 29,6 29,7 @@
  #:use-module (gnu services)
  #:use-module (gnu services shepherd)
  #:use-module (gnu system shadow)
  #:autoload   (gnu system accounts) (default-shell)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages base)
  #:use-module (gnu packages databases)


@@ 51,13 52,18 @@

            postgresql-configuration
            postgresql-configuration?
            postgresql-configuration-postgresql
            postgresql-configuration-port
            postgresql-configuration-locale
            postgresql-configuration-file
            postgresql-configuration-log-directory
            postgresql-configuration-allow-login?
            postgresql-configuration-create-account?
            postgresql-configuration-data-directory
            postgresql-configuration-extension-packages
            postgresql-configuration-file
            postgresql-configuration-gid
            postgresql-configuration-home-directory
            postgresql-configuration-locale
            postgresql-configuration-log-directory
            postgresql-configuration-port
            postgresql-configuration-postgresql
            postgresql-configuration-uid

            postgresql-service
            postgresql-service-type


@@ 164,6 170,8 @@ host	all	all	::1/128 	md5"))
             port)))
      #:local-build? #t))))

(define %default-home-directory "/var/empty")

(define-record-type* <postgresql-configuration>
  postgresql-configuration make-postgresql-configuration
  postgresql-configuration?


@@ 186,6 194,10 @@ host	all	all	::1/128 	md5"))
                      (default '()))
  (create-account?    postgresql-configuration-create-account?
                      (default #t))
  (home-directory     postgresql-configuration-home-directory
                      (default %default-home-directory))
  (allow-login?       postgresql-configuration-allow-login?
                      (default #f))
  (uid                postgresql-configuration-uid
                      (default #f))
  (gid                postgresql-configuration-gid


@@ 193,7 205,7 @@ host	all	all	::1/128 	md5"))

(define (create-postgresql-account config)
  (match-record config <postgresql-configuration>
    (create-account? uid gid)
                (create-account? allow-login? home-directory uid gid)
    (if (not create-account?) '()
        (list (user-group
               (name "postgres")


@@ 205,8 217,12 @@ host	all	all	::1/128 	md5"))
               (system? #t)
               (uid uid)
               (comment "PostgreSQL server user")
               (home-directory "/var/empty")
               (shell (file-append shadow "/sbin/nologin")))))))
               (create-home-directory?
                (not (string=? home-directory %default-home-directory)))
               (home-directory home-directory)
               (shell (if allow-login?
                          (default-shell)
                          (file-append shadow "/sbin/nologin"))))))))

(define (final-postgresql postgresql extension-packages)
  (if (null? extension-packages)