From 1b7ca69ecc47c807df21c1291c98fec0d4e294db Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Sat, 11 Jul 2020 12:00:00 +0000 Subject: [PATCH] nixos/postgresql: check config file syntax at build time --- nixos/doc/manual/release-notes/rl-2009.xml | 8 ++++++++ nixos/modules/services/databases/postgresql.nix | 17 +++++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 7020bb70c57d..ef9120bf924e 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -543,6 +543,14 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; will have changed. + + + The syntax of the PostgreSQL configuration file is now checked at build + time. If your configuration includes a file inaccessible inside the build + sandbox, set services.postgresql.checkConfig to + false. + + The rkt module has been removed, it was archived by upstream. diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 5056d50153f6..1a1ec77a2a71 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -18,7 +18,12 @@ let else toString value; # The main PostgreSQL configuration file. - configFile = pkgs.writeText "postgresql.conf" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings)); + configFile = pkgs.writeTextDir "postgresql.conf" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings)); + + configFileCheck = pkgs.runCommand "postgresql-configfile-check" {} '' + ${cfg.package}/bin/postgres -D${configFile} -C config_file >/dev/null + touch $out + ''; groupAccessAvailable = versionAtLeast postgresql.version "11.0"; @@ -53,6 +58,12 @@ in ''; }; + checkConfig = mkOption { + type = types.bool; + default = true; + description = "Check the syntax of the configuration file at compile time"; + }; + dataDir = mkOption { type = types.path; defaultText = "/var/lib/postgresql/\${config.services.postgresql.package.psqlSchema}"; @@ -309,6 +320,8 @@ in "/share/postgresql" ]; + system.extraDependencies = lib.optional (cfg.checkConfig && pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) configFileCheck; + systemd.services.postgresql = { description = "PostgreSQL Server"; @@ -332,7 +345,7 @@ in touch "${cfg.dataDir}/.first_startup" fi - ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf" + ln -sfn "${configFile}/postgresql.conf" "${cfg.dataDir}/postgresql.conf" ${optionalString (cfg.recoveryConfig != null) '' ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \ "${cfg.dataDir}/recovery.conf"