btcpayserver: fix PostgreSQL 15 user permissions
Since PostgreSQL 15, DB users need to be DB owners to be able to create tables. We can't use the new `ensureDBOwnerhip` NixOS option [1] to set this up, because it requires the PostgreSQL user name and the database name to be identical, which is not the case for btcpayserver. Instead, we manually issue a PostgreSQL admin statement similar to the one used by `ensureDBOwnerhip`. This method of setting up the user is also compatible with older PostgreSQL versions that come with older NixOS `system.stateVersion`s. [1] https://github.com/NixOS/nixpkgs/pull/266270
This commit is contained in:
parent
9efcdaf8bb
commit
770a4354b4
|
@ -138,16 +138,16 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
ensureDatabases = [ "btcpaydb" "nbxplorer" ];
|
ensureDatabases = [ "btcpaydb" "nbxplorer" ];
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{ name = cfg.btcpayserver.user; }
|
||||||
name = cfg.btcpayserver.user;
|
{ name = cfg.nbxplorer.user; }
|
||||||
ensurePermissions."DATABASE btcpaydb" = "ALL PRIVILEGES";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = cfg.nbxplorer.user;
|
|
||||||
ensurePermissions."DATABASE nbxplorer" = "ALL PRIVILEGES";
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
systemd.services.postgresql.postStart = lib.mkAfter ''
|
||||||
|
$PSQL -tAc '
|
||||||
|
ALTER DATABASE "btcpaydb" OWNER TO "${cfg.btcpayserver.user}";
|
||||||
|
ALTER DATABASE "nbxplorer" OWNER TO "${cfg.nbxplorer.user}";
|
||||||
|
'
|
||||||
|
'';
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d '${cfg.nbxplorer.dataDir}' 0770 ${cfg.nbxplorer.user} ${cfg.nbxplorer.group} - -"
|
"d '${cfg.nbxplorer.dataDir}' 0770 ${cfg.nbxplorer.user} ${cfg.nbxplorer.group} - -"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user