postgresql service: don't use su

This commit is contained in:
Nikolay Amiantov 2016-02-09 03:07:23 +03:00
parent 0024c10a5c
commit 90ef11ddcd

View File

@ -177,7 +177,7 @@ in
users.extraGroups.postgres.gid = config.ids.gids.postgres; users.extraGroups.postgres.gid = config.ids.gids.postgres;
environment.systemPackages = [postgresql]; environment.systemPackages = [ postgresql ];
systemd.services.postgresql = systemd.services.postgresql =
{ description = "PostgreSQL Server"; { description = "PostgreSQL Server";
@ -187,35 +187,37 @@ in
environment.PGDATA = cfg.dataDir; environment.PGDATA = cfg.dataDir;
path = [ pkgs.su postgresql ]; path = [ postgresql ];
preStart = preStart =
''
# Create data directory.
if ! test -e ${cfg.dataDir}/PG_VERSION; then
mkdir -m 0700 -p ${cfg.dataDir}
rm -f ${cfg.dataDir}/*.conf
chown -R postgres:postgres ${cfg.dataDir}
fi
''; # */
script =
'' ''
# Initialise the database. # Initialise the database.
if ! test -e ${cfg.dataDir}/PG_VERSION; then if ! test -e ${cfg.dataDir}/PG_VERSION; then
mkdir -m 0700 -p ${cfg.dataDir} initdb -U root
rm -f ${cfg.dataDir}/*.conf # See postStart!
if [ "$(id -u)" = 0 ]; then touch "${cfg.dataDir}/.first_startup"
chown -R postgres ${cfg.dataDir}
su -s ${pkgs.stdenv.shell} postgres -c 'initdb -U root'
else
# For non-root operation.
initdb
fi
# See postStart!
touch "${cfg.dataDir}/.first_startup"
fi fi
ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf" ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf"
${optionalString (cfg.recoveryConfig != null) '' ${optionalString (cfg.recoveryConfig != null) ''
ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \ ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \
"${cfg.dataDir}/recovery.conf" "${cfg.dataDir}/recovery.conf"
''} ''}
''; # */
exec postgres ${toString flags}
'';
serviceConfig = serviceConfig =
{ ExecStart = "@${postgresql}/bin/postgres postgres ${toString flags}"; { ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "postgres"; User = "postgres";
Group = "postgres"; Group = "postgres";
PermissionsStartOnly = true; PermissionsStartOnly = true;