pyrox.dev
+172
-6
nixos/modules/services/databases/postgresql.nix
+172
-6
nixos/modules/services/databases/postgresql.nix
······+[ALTER USER syntax](https://www.postgresql.org/docs/current/sql-alteruser.html) for each attrName where+The default, `null`, means that the user created will have the default permissions assigned by PostgreSQL. Subsequent server starts will not set or unset the clause, so imperative changes are preserved.+`null`: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.+Grants the user, created by the ensureUser attr, superuser permissions. From the postgres docs:+More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html)+Grants the user, created by the ensureUser attr, createrole permissions. From the postgres docs:+More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html)+Grants the user, created by the ensureUser attr, createdb permissions. From the postgres docs:+More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html)+More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html)+More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html)+Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs:+More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html)+Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs:+More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html)···$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"'-$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'+(database: permission: ''$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"' '')+clauseSqlStatements = attrValues (mapAttrs (n: v: if v then n else "no${n}") filteredClauses);+userClauses = ''$PSQL -tAc 'ALTER ROLE "${user.name}" ${concatStringsSep " " clauseSqlStatements}' '';+$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'
+91
-2
nixos/tests/postgresql.nix
+91
-2
nixos/tests/postgresql.nix
···+assert not clauses['rolsuper'], 'expected user with no clauses set to have default superuser clause'+assert clauses['rolinherit'], 'expected user with no clauses set to have default inherit clause'+assert not clauses['rolcreaterole'], 'expected user with no clauses set to have default create role clause'+assert not clauses['rolcreatedb'], 'expected user with no clauses set to have default create db clause'+assert clauses['rolcanlogin'], 'expected user with no clauses set to have default login clause'+assert not clauses['rolreplication'], 'expected user with no clauses set to have default replication clause'+assert not clauses['rolbypassrls'], 'expected user with no clauses set to have default bypassrls clause'-(mapAttrs' (name: package: { inherit name; value=make-postgresql-test name package false;}) postgresql-versions) // {postgresql_11-backup-all = make-postgresql-test "postgresql_11-backup-all" postgresql-versions.postgresql_11 true;