pyrox.dev
+3
nixos/doc/manual/release-notes/rl-2311.section.md
+3
nixos/doc/manual/release-notes/rl-2311.section.md
···+- `services.postgresql.ensurePermissions` has been deprecated in favor of `services.postgresql.ensureUsers.*.ensureDBOwnership` which simplifies the setup of database owned by a certain system user+in local database contexts (which make use of peer authentication via UNIX sockets), migration guidelines were provided in the NixOS manual, please refer to them if you are affected by a PostgreSQL 15 changing the way `GRANT ALL PRIVILEGES` is working. `services.postgresql.ensurePermissions` will be removed in 24.05. All NixOS modules were migrated using one of the strategy, e.g. `ensureDBOwnership` or `postStart`. More about this situation can be learnt in https://github.com/NixOS/nixpkgs/pull/266270.- `network-online.target` has been fixed to no longer time out for systems with `networking.useDHCP = true` and `networking.useNetworkd = true`.
+47
-11
nixos/modules/services/databases/postgresql.nix
+47
-11
nixos/modules/services/databases/postgresql.nix
·········The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the-This option will never delete existing users or remove permissions, especially not when the value of this-option is changed. This means that users created and permissions assigned once through this option or·········$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'
·········The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the···+warnings = lib.optional (any ({ ensurePermissions, ... }: ensurePermissions != {}) cfg.ensureUsers) "······$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'
+2
-2
nixos/modules/services/development/zammad.nix
+2
-2
nixos/modules/services/development/zammad.nix
···message = "services.zammad.database.user must be set to \"zammad\" if services.zammad.database.createLocally is set to true";···
···+assertion = cfg.database.createLocally -> cfg.database.user == "zammad" && cfg.database.name == "zammad";message = "services.zammad.database.user must be set to \"zammad\" if services.zammad.database.createLocally is set to true";···
+1
-1
nixos/modules/services/finance/odoo.nix
+1
-1
nixos/modules/services/finance/odoo.nix
+1
-1
nixos/modules/services/mail/listmonk.nix
+1
-1
nixos/modules/services/mail/listmonk.nix
+11
-3
nixos/modules/services/mail/roundcube.nix
+11
-3
nixos/modules/services/mail/roundcube.nix
···
···
+4
-6
nixos/modules/services/mail/sympa.nix
+4
-6
nixos/modules/services/mail/sympa.nix
············message = "services.sympa.database.user must be set to ${user} if services.sympa.database.createLocally is set to true";···
············+{ assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.name == cfg.database.user;message = "services.sympa.database.user must be set to ${user} if services.sympa.database.createLocally is set to true";···
+2
-2
nixos/modules/services/matrix/matrix-sliding-sync.nix
+2
-2
nixos/modules/services/matrix/matrix-sliding-sync.nix
+1
-3
nixos/modules/services/matrix/mautrix-facebook.nix
+1
-3
nixos/modules/services/matrix/mautrix-facebook.nix
+1
-3
nixos/modules/services/misc/atuin.nix
+1
-3
nixos/modules/services/misc/atuin.nix
+9
-1
nixos/modules/services/misc/forgejo.nix
+9
-1
nixos/modules/services/misc/forgejo.nix
···message = "services.forgejo.database.user must match services.forgejo.user if the database is to be automatically provisioned";···
···message = "services.forgejo.database.user must match services.forgejo.user if the database is to be automatically provisioned";+{ assertion = cfg.database.createDatabase && usePostgresql -> cfg.database.user == cfg.database.name;···
+9
-1
nixos/modules/services/misc/gitea.nix
+9
-1
nixos/modules/services/misc/gitea.nix
···message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned";···
···message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned";+{ assertion = cfg.database.createDatabase && usePostgresql -> cfg.database.user == cfg.database.name;···
+2
-2
nixos/modules/services/misc/redmine.nix
+2
-2
nixos/modules/services/misc/redmine.nix
···message = "one of services.redmine.database.socket or services.redmine.database.passwordFile must be set";message = "services.redmine.database.user must be set to ${cfg.user} if services.redmine.database.createLocally is set true";···
···message = "one of services.redmine.database.socket or services.redmine.database.passwordFile must be set";+{ assertion = cfg.database.createLocally -> cfg.database.user == cfg.user && cfg.database.user == cfg.database.name;message = "services.redmine.database.user must be set to ${cfg.user} if services.redmine.database.createLocally is set true";···
+7
-3
nixos/modules/services/misc/sourcehut/service.nix
+7
-3
nixos/modules/services/misc/sourcehut/service.nix
······
······
+2
-2
nixos/modules/services/monitoring/zabbix-proxy.nix
+2
-2
nixos/modules/services/monitoring/zabbix-proxy.nix
···message = "services.zabbixProxy.database.user must be set to ${user} if services.zabbixProxy.database.createLocally is set true";···
···+{ assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.name == cfg.database.user;message = "services.zabbixProxy.database.user must be set to ${user} if services.zabbixProxy.database.createLocally is set true";···
+2
-2
nixos/modules/services/monitoring/zabbix-server.nix
+2
-2
nixos/modules/services/monitoring/zabbix-server.nix
···message = "services.zabbixServer.database.user must be set to ${user} if services.zabbixServer.database.createLocally is set true";···
···+{ assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.user == cfg.database.name;message = "services.zabbixServer.database.user must be set to ${user} if services.zabbixServer.database.createLocally is set true";···
+1
-1
nixos/modules/services/security/hockeypuck.nix
+1
-1
nixos/modules/services/security/hockeypuck.nix
+4
-6
nixos/modules/services/web-apps/coder.nix
+4
-6
nixos/modules/services/web-apps/coder.nix
···-message = "services.coder.database.username must be set to ${user} if services.coder.database.createLocally is set true";···
···+{ assertion = cfg.database.createLocally -> cfg.database.username == name && cfg.database.database == cfg.database.username;+message = "services.coder.database.username must be set to ${name} if services.coder.database.createLocally is set true";···
+9
-6
nixos/modules/services/web-apps/invidious.nix
+9
-6
nixos/modules/services/web-apps/invidious.nix
······psql ${cfg.settings.db.dbname} ${cfg.settings.db.user} -c "DELETE FROM nonces * WHERE expire < current_timestamp"
···+# TODO(raitobezarius to maintainers of invidious): I strongly advise to clean up the kemal specific···psql ${cfg.settings.db.dbname} ${cfg.settings.db.user} -c "DELETE FROM nonces * WHERE expire < current_timestamp"
+1
-1
nixos/modules/services/web-apps/lemmy.nix
+1
-1
nixos/modules/services/web-apps/lemmy.nix
+3
-3
nixos/modules/services/web-apps/mastodon.nix
+3
-3
nixos/modules/services/web-apps/mastodon.nix
···For local automatic database provisioning (services.mastodon.database.createLocally == true) with peerauthentication (services.mastodon.database.host == "/run/postgresql") to work services.mastodon.user···
···+assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.database.user && cfg.database.user == cfg.database.name);For local automatic database provisioning (services.mastodon.database.createLocally == true) with peerauthentication (services.mastodon.database.host == "/run/postgresql") to work services.mastodon.user···
+2
-2
nixos/modules/services/web-apps/mediawiki.nix
+2
-2
nixos/modules/services/web-apps/mediawiki.nix
···{ assertion = cfg.database.createLocally -> (cfg.database.type == "mysql" || cfg.database.type == "postgres");message = "services.mediawiki.createLocally is currently only supported for database type 'mysql' and 'postgres'";message = "services.mediawiki.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true";···
···{ assertion = cfg.database.createLocally -> (cfg.database.type == "mysql" || cfg.database.type == "postgres");message = "services.mediawiki.createLocally is currently only supported for database type 'mysql' and 'postgres'";+{ assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.name == cfg.database.user;message = "services.mediawiki.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true";···
+6
-11
nixos/modules/services/web-apps/miniflux.nix
+6
-11
nixos/modules/services/web-apps/miniflux.nix
············
············
+10
-3
nixos/modules/services/web-apps/mobilizon.nix
+10
-3
nixos/modules/services/web-apps/mobilizon.nix
······
······+# TODO(to maintainers of mobilizon): Feel free to simplify your setup by using `ensureDBOwnership`.
+2
-2
nixos/modules/services/web-apps/moodle.nix
+2
-2
nixos/modules/services/web-apps/moodle.nix
···message = "services.moodle.database.user must be set to ${user} if services.moodle.database.createLocally is set true";···
···+{ assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.user == cfg.database.name;message = "services.moodle.database.user must be set to ${user} if services.moodle.database.createLocally is set true";···
+1
-3
nixos/modules/services/web-apps/netbox.nix
+1
-3
nixos/modules/services/web-apps/netbox.nix
+1
-1
nixos/modules/services/web-apps/nextcloud.nix
+1
-1
nixos/modules/services/web-apps/nextcloud.nix
+1
-1
nixos/modules/services/web-apps/onlyoffice.nix
+1
-1
nixos/modules/services/web-apps/onlyoffice.nix
+1
-1
nixos/modules/services/web-apps/outline.nix
+1
-1
nixos/modules/services/web-apps/outline.nix
+1
-3
nixos/modules/services/web-apps/peering-manager.nix
+1
-3
nixos/modules/services/web-apps/peering-manager.nix
-1
nixos/modules/services/web-apps/pixelfed.nix
-1
nixos/modules/services/web-apps/pixelfed.nix
+11
-2
nixos/modules/services/web-apps/tt-rss.nix
+11
-2
nixos/modules/services/web-apps/tt-rss.nix
······
···+assertion = cfg.database.createLocally -> cfg.database.name == cfg.user && cfg.database.user == cfg.user;···
+1
-1
nixos/modules/services/web-servers/hydron.nix
+1
-1
nixos/modules/services/web-servers/hydron.nix
+1
-1
nixos/tests/dex-oidc.nix
+1
-1
nixos/tests/dex-oidc.nix
+1
-1
nixos/tests/ferretdb.nix
+1
-1
nixos/tests/ferretdb.nix
+1
-3
nixos/tests/freshrss-pgsql.nix
+1
-3
nixos/tests/freshrss-pgsql.nix
+1
-1
nixos/tests/grafana/basic.nix
+1
-1
nixos/tests/grafana/basic.nix
+1
-1
nixos/tests/hockeypuck.nix
+1
-1
nixos/tests/hockeypuck.nix
+5
-7
nixos/tests/home-assistant.nix
+5
-7
nixos/tests/home-assistant.nix
···
+1
-2
nixos/tests/invidious.nix
+1
-2
nixos/tests/invidious.nix
+1
-1
nixos/tests/paperless.nix
+1
-1
nixos/tests/paperless.nix
-8
nixos/tests/pgadmin4.nix
-8
nixos/tests/pgadmin4.nix
+4
-6
nixos/tests/pgbouncer.nix
+4
-6
nixos/tests/pgbouncer.nix
···-${pkgs.postgresql}/bin/psql -U postgres -c "ALTER ROLE testuser WITH LOGIN PASSWORD 'testpass'";·········
···+${pkgs.postgresql}/bin/psql -U postgres -c "ALTER ROLE testuser WITH LOGIN PASSWORD 'testpass'";·········
+1
-3
nixos/tests/powerdns-admin.nix
+1
-3
nixos/tests/powerdns-admin.nix
+1
-1
nixos/tests/sftpgo.nix
+1
-1
nixos/tests/sftpgo.nix
+23
nixos/tests/tandoor-recipes.nix
+23
nixos/tests/tandoor-recipes.nix
···
+1
-1
nixos/tests/vikunja.nix
+1
-1
nixos/tests/vikunja.nix
+3
-2
nixos/tests/wiki-js.nix
+3
-2
nixos/tests/wiki-js.nix
···
···