Merge pull request #92929 from symphorien/postgresql-check-config-file

nixos/postgresql: check config file syntax at build time
2021-04-02 16:27:03 +00:00 · 2021-04-02 16:27:03 +00:00 · fe0e0afbc0
commit fe0e0afbc0
parent 5e237d6827 1b7ca69ecc
2 changed files with 23 additions and 2 deletions
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@ -1017,6 +1017,14 @@ systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
      will have changed.
    </para>
   </listitem>
+   <listitem>
+    <para>
+      The syntax of the PostgreSQL configuration file is now checked at build
+      time. If your configuration includes a file inaccessible inside the build
+      sandbox, set <varname>services.postgresql.checkConfig</varname> to
+        <literal>false</literal>.
+    </para>
+   </listitem>
   <listitem>
    <para>
      The rkt module has been removed, it was archived by upstream.
--- a/nixos/modules/services/databases/postgresql.nix
+++ b/nixos/modules/services/databases/postgresql.nix
@ -18,7 +18,12 @@ let
    else toString value;

  # The main PostgreSQL configuration file.
-  configFile = pkgs.writeText "postgresql.conf" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings));
+  configFile = pkgs.writeTextDir "postgresql.conf" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings));
+
+  configFileCheck = pkgs.runCommand "postgresql-configfile-check" {} ''
+    ${cfg.package}/bin/postgres -D${configFile} -C config_file >/dev/null
+    touch $out
+  '';

  groupAccessAvailable = versionAtLeast postgresql.version "11.0";

@ -53,6 +58,12 @@ in
        '';
      };

+      checkConfig = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Check the syntax of the configuration file at compile time";
+      };
+
      dataDir = mkOption {
        type = types.path;
        defaultText = "/var/lib/postgresql/\${config.services.postgresql.package.psqlSchema}";
@ -314,6 +325,8 @@ in
     "/share/postgresql"
    ];

+    system.extraDependencies = lib.optional (cfg.checkConfig && pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) configFileCheck;
+
    systemd.services.postgresql =
      { description = "PostgreSQL Server";

@ -337,7 +350,7 @@ in
              touch "${cfg.dataDir}/.first_startup"
            fi

-            ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf"
+            ln -sfn "${configFile}/postgresql.conf" "${cfg.dataDir}/postgresql.conf"
            ${optionalString (cfg.recoveryConfig != null) ''
              ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \
                "${cfg.dataDir}/recovery.conf"