-{ lib, pkgs, config, myconfig, mylibs, ... }:
+{ lib, pkgs, config, myconfig, ... }:
let
cfg = config.services.myDatabases;
in {
config = lib.mkIf cfg.enable {
nixpkgs.overlays = [ (self: super: rec {
- postgresql = postgresql_11;
- postgresql_11 = super.postgresql_11.overrideAttrs(old: rec {
- passthru = old.passthru // { psqlSchema = "11.0"; };
- configureFlags = old.configureFlags ++ [ "--with-pam" ];
- buildInputs = (old.buildInputs or []) ++ [ self.pam ];
- patches = old.patches ++ [
- ./postgresql_run_socket_path.patch
- ];
- });
+ postgresql = self.postgresql_11_custom;
}) ];
networking.firewall.allowedTCPPorts = [ 5432 ];
'';
};
- system.activationScripts.postgresql = ''
- install -m 0755 -o postgres -g postgres -d ${myconfig.env.databases.postgresql.socket}
- '';
-
systemd.services.postgresql.serviceConfig.SupplementaryGroups = "keys";
+ systemd.services.postgresql.serviceConfig.RuntimeDirectory = "postgresql";
services.postgresql = rec {
enable = cfg.postgresql.enable;
package = pkgs.postgresql;
'';
};
- mySecrets.keys = [
+ secrets.keys = [
{
dest = "postgresql/pam";
permissions = "0400";