~abcdw/rde-devel

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH] rde: postgresql: Create system user accounts for postgresql-roles

Details
Message ID
<20241019143958.16419-1-ngraves@ngraves.fr>
DKIM signature
pass
Download raw message
Patch: +20 -2
---
 src/rde/features/databases.scm | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/rde/features/databases.scm b/src/rde/features/databases.scm
index b7e19b47..11759b79 100644
--- a/src/rde/features/databases.scm
+++ b/src/rde/features/databases.scm
@@ -1,7 +1,7 @@
;;; rde --- Reproducible development environment.
;;;
;;; Copyright © 2023 Miguel Ángel Moreno <me@mianmoreno.com>
;;; Copyright © 2023 Nicolas Graves <ngraves@ngraves.fr>
;;; Copyright © 2023, 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of rde.
;;;
@@ -22,11 +22,14 @@
  #:use-module (rde features)
  #:use-module (rde features emacs)
  #:use-module (rde features predicates)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages databases)
  #:use-module (gnu packages sqlite)
  #:use-module (gnu services)
  #:use-module (gnu home services)
  #:use-module (gnu services databases)
  #:use-module (gnu system accounts)
  #:use-module (gnu system shadow)
  #:use-module (guix gexp)
  #:use-module (srfi srfi-1)
  #:export (feature-postgresql
@@ -49,6 +52,15 @@
  (ensure-pred list-of-file-likes? extension-packages)
  (ensure-pred maybe-list-of-postgresql-roles? postgresql-roles)

  (define (postgresql-role->user-account role)
    (user-account
     (name (postgresql-role-name role))
     (group "postgres")
     (system? #t)
     (comment "PostgreSQL user")
     (home-directory "/var/empty")
     (shell (file-append shadow "/sbin/nologin"))))

  (define f-name 'postgresql)

  (define (get-system-services config)
@@ -63,7 +75,13 @@
         (list
          (service postgresql-role-service-type
                   (postgresql-role-configuration
                    (roles postgresql-roles))))
                    (roles postgresql-roles)))
          ;; Default upstream pg_hba.conf is configured for peer authentication
          ;; so it is necessary to have dedicated system accounts.
          (simple-service
           'postgresql-roles-accounts
           account-service-type
           (map postgresql-role->user-account postgresql-roles)))
         '())))

  (define (get-home-services config)
-- 
2.46.0
Details
Message ID
<87jzdvb7pk.fsf@trop.in>
In-Reply-To
<20241019143958.16419-1-ngraves@ngraves.fr> (view parent)
DKIM signature
pass
Download raw message
On 2024-10-19 16:39, Nicolas Graves wrote:

> ---
>  src/rde/features/databases.scm | 22 ++++++++++++++++++++--
>  1 file changed, 20 insertions(+), 2 deletions(-)
>
> diff --git a/src/rde/features/databases.scm b/src/rde/features/databases.scm
> index b7e19b47..11759b79 100644
> --- a/src/rde/features/databases.scm
> +++ b/src/rde/features/databases.scm
> @@ -1,7 +1,7 @@
>  ;;; rde --- Reproducible development environment.
>  ;;;
>  ;;; Copyright © 2023 Miguel Ángel Moreno <me@mianmoreno.com>
> -;;; Copyright © 2023 Nicolas Graves <ngraves@ngraves.fr>
> +;;; Copyright © 2023, 2024 Nicolas Graves <ngraves@ngraves.fr>
>  ;;;
>  ;;; This file is part of rde.
>  ;;;
> @@ -22,11 +22,14 @@
>    #:use-module (rde features)
>    #:use-module (rde features emacs)
>    #:use-module (rde features predicates)
> +  #:use-module (gnu packages admin)
>    #:use-module (gnu packages databases)
>    #:use-module (gnu packages sqlite)
>    #:use-module (gnu services)
>    #:use-module (gnu home services)
>    #:use-module (gnu services databases)
> +  #:use-module (gnu system accounts)
> +  #:use-module (gnu system shadow)
>    #:use-module (guix gexp)
>    #:use-module (srfi srfi-1)
>    #:export (feature-postgresql
> @@ -49,6 +52,15 @@
>    (ensure-pred list-of-file-likes? extension-packages)
>    (ensure-pred maybe-list-of-postgresql-roles? postgresql-roles)
>  
> +  (define (postgresql-role->user-account role)
> +    (user-account
> +     (name (postgresql-role-name role))
> +     (group "postgres")
> +     (system? #t)
> +     (comment "PostgreSQL user")
> +     (home-directory "/var/empty")
> +     (shell (file-append shadow "/sbin/nologin"))))
> +
>    (define f-name 'postgresql)
>  
>    (define (get-system-services config)
> @@ -63,7 +75,13 @@
>           (list
>            (service postgresql-role-service-type
>                     (postgresql-role-configuration
> -                    (roles postgresql-roles))))
> +                    (roles postgresql-roles)))
> +          ;; Default upstream pg_hba.conf is configured for peer authentication
> +          ;; so it is necessary to have dedicated system accounts.
> +          (simple-service
> +           'postgresql-roles-accounts
> +           account-service-type
> +           (map postgresql-role->user-account postgresql-roles)))
>           '())))
>  
>    (define (get-home-services config)

Hi Nicolas, 

thank you very much for the patch, applied!

-- 
Best regards,
Andrew Tropin
Reply to thread Export thread (mbox)