···

       
245
       
245
       
 
       
      lib.optional (cfg.settings.admin-server-port != null && cfg.settings.server-host != "127.0.0.1")

     

       
246
       
246
       
 
       
        "The PostgREST admin server is potentially listening on a public host. This may expose sensitive information via the `/config` endpoint.";

     

       
247
       
247
       
 
       


     

       
248
       
248
       
+
       
    # Since we're using DynamicUser, we can't add the e.g. nginx user to

     

       
249
       
249
       
+
       
    # a postgrest group, so the unix socket must be world-readable to make it useful.

     

       
250
       
250
       
+
       
    services.postgrest.settings.service-unix-socket-mode = "666";

     

       
251
       
251
       
+
       


     

       
248
       
252
       
 
       
    systemd.services.postgrest = {

     

       
249
       
253
       
 
       
      description = "PostgREST";

     

       
250
       
254