btcpayserver: fix PostgreSQL 15 user permissions
Since PostgreSQL 15, DB users need to be DB owners to be able to create tables. We can't use the new `ensureDBOwnerhip` NixOS option [1] to set this up, because it requires the PostgreSQL user name and the database name to be identical, which is not the case for btcpayserver. Instead, we manually issue a PostgreSQL admin statement similar to the one used by `ensureDBOwnerhip`. This method of setting up the user is also compatible with older PostgreSQL versions that come with older NixOS `system.stateVersion`s. [1] https://github.com/NixOS/nixpkgs/pull/266270
This commit is contained in:
parent
9efcdaf8bb
commit
770a4354b4
|
@ -138,16 +138,16 @@ in {
|
|||
enable = true;
|
||||
ensureDatabases = [ "btcpaydb" "nbxplorer" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = cfg.btcpayserver.user;
|
||||
ensurePermissions."DATABASE btcpaydb" = "ALL PRIVILEGES";
|
||||
}
|
||||
{
|
||||
name = cfg.nbxplorer.user;
|
||||
ensurePermissions."DATABASE nbxplorer" = "ALL PRIVILEGES";
|
||||
}
|
||||
{ name = cfg.btcpayserver.user; }
|
||||
{ name = cfg.nbxplorer.user; }
|
||||
];
|
||||
};
|
||||
systemd.services.postgresql.postStart = lib.mkAfter ''
|
||||
$PSQL -tAc '
|
||||
ALTER DATABASE "btcpaydb" OWNER TO "${cfg.btcpayserver.user}";
|
||||
ALTER DATABASE "nbxplorer" OWNER TO "${cfg.nbxplorer.user}";
|
||||
'
|
||||
'';
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.nbxplorer.dataDir}' 0770 ${cfg.nbxplorer.user} ${cfg.nbxplorer.group} - -"
|
||||
|
|
Loading…
Reference in New Issue
Block a user