[jackhill/guix/guix.git] / gnu / services / databases.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services databases)
  #:use-module (gnu services)
  #:use-module (gnu system shadow)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages databases)
  #:use-module (guix records)
  #:use-module (guix store)
  #:use-module (guix gexp)
  #:export (postgresql-service))

;;; Commentary:
;;;
;;; Database services.
;;;
;;; Code:

(define %default-postgres-hba
  (plain-file "pg_hba.conf"
              "
local	all	all			trust
host	all	all	127.0.0.1/32 	trust
host	all	all	::1/128 	trust"))

(define %default-postgres-ident
  (plain-file "pg_ident.conf"
             "# MAPNAME       SYSTEM-USERNAME         PG-USERNAME"))

(define %default-postgres-config
  (mixed-text-file "postgresql.conf"
                   "hba_file = '" %default-postgres-hba "'\n"
                   "ident_file = '" %default-postgres-ident "\n"))

(define* (postgresql-service #:key (postgresql postgresql)
                             (config-file %default-postgres-config)
                             (data-directory "/var/lib/postgresql/data"))
  "Return a service that runs @var{postgresql}, the PostgreSQL database server.

The PostgreSQL daemon loads its runtime configuration from @var{config-file}
and stores the database cluster in @var{data-directory}."
  ;; Wrapper script that switches to the 'postgres' user before launching
  ;; daemon.
  (define start-script
    (program-file "start-postgres"
                  #~(let ((user (getpwnam "postgres"))
                          (postgres (string-append #$postgresql
                                                   "/bin/postgres")))
                      (setgid (passwd:gid user))
                      (setuid (passwd:uid user))
                      (system* postgres
                               (string-append "--config-file=" #$config-file)
                               "-D" #$data-directory))))

  (define activate
    #~(begin
        (use-modules (guix build utils)
                     (ice-9 match))

        (let ((user (getpwnam "postgres"))
              (initdb (string-append #$postgresql "/bin/initdb")))
          ;; Create db state directory.
          (mkdir-p #$data-directory)
          (chown #$data-directory (passwd:uid user) (passwd:gid user))

          ;; Drop privileges and init state directory in a new
          ;; process.  Wait for it to finish before proceeding.
          (match (primitive-fork)
            (0
             ;; Exit with a non-zero status code if an exception is thrown.
             (dynamic-wind
               (const #t)
               (lambda ()
                 (setgid (passwd:gid user))
                 (setuid (passwd:uid user))
                 (primitive-exit (system* initdb "-D" #$data-directory)))
               (lambda ()
                 (primitive-exit 1))))
            (pid (waitpid pid))))))

  (service
   (provision '(postgres))
   (documentation "Run the PostgreSQL daemon.")
   (requirement '(user-processes loopback))
   (start #~(make-forkexec-constructor #$start-script))
   (stop #~(make-kill-destructor))
   (activate activate)
   (user-groups (list (user-group
                       (name "postgres")
                       (system? #t))))
   (user-accounts (list (user-account
                         (name "postgres")
                         (group "postgres")
                         (system? #t)
                         (comment "PostgreSQL server user")
                         (home-directory "/var/empty")
                         (shell
                          #~(string-append #$shadow "/sbin/nologin")))))))
Commit	Line	Data
105369a4 DT	1	;;; GNU Guix --- Functional package management for GNU
105369a4 DT	2	;;; Copyright © 2015 David Thompson <davet@gnu.org>
be1c2c54	3	;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
105369a4 DT	4	;;;
	5	;;; This file is part of GNU Guix.
	6	;;;
	7	;;; GNU Guix is free software; you can redistribute it and/or modify it
	8	;;; under the terms of the GNU General Public License as published by
	9	;;; the Free Software Foundation; either version 3 of the License, or (at
	10	;;; your option) any later version.
	11	;;;
	12	;;; GNU Guix is distributed in the hope that it will be useful, but
	13	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	14	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	;;; GNU General Public License for more details.
	16	;;;
	17	;;; You should have received a copy of the GNU General Public License
	18	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	19
	20	(define-module (gnu services databases)
	21	#:use-module (gnu services)
	22	#:use-module (gnu system shadow)
	23	#:use-module (gnu packages admin)
	24	#:use-module (gnu packages databases)
	25	#:use-module (guix records)
105369a4 DT	26	#:use-module (guix store)
	27	#:use-module (guix gexp)
	28	#:export (postgresql-service))
	29
	30	;;; Commentary:
	31	;;;
	32	;;; Database services.
	33	;;;
	34	;;; Code:
	35
	36	(define %default-postgres-hba
be1c2c54 LC	37	(plain-file "pg_hba.conf"
be1c2c54 LC	38	"
105369a4 DT	39	local all all trust
	40	host all all 127.0.0.1/32 trust
	41	host all all ::1/128 trust"))
	42
	43	(define %default-postgres-ident
be1c2c54	44	(plain-file "pg_ident.conf"
105369a4 DT	45	"# MAPNAME SYSTEM-USERNAME PG-USERNAME"))
	46
	47	(define %default-postgres-config
be1c2c54 LC	48	(mixed-text-file "postgresql.conf"
	49	"hba_file = '" %default-postgres-hba "'\n"
	50	"ident_file = '" %default-postgres-ident "\n"))
105369a4 DT	51
	52	(define* (postgresql-service #:key (postgresql postgresql)
	53	(config-file %default-postgres-config)
	54	(data-directory "/var/lib/postgresql/data"))
	55	"Return a service that runs @var{postgresql}, the PostgreSQL database server.
	56
	57	The PostgreSQL daemon loads its runtime configuration from @var{config-file}
	58	and stores the database cluster in @var{data-directory}."
	59	;; Wrapper script that switches to the 'postgres' user before launching
	60	;; daemon.
	61	(define start-script
be1c2c54 LC	62	(program-file "start-postgres"
	63	#~(let ((user (getpwnam "postgres"))
	64	(postgres (string-append #$postgresql
	65	"/bin/postgres")))
	66	(setgid (passwd:gid user))
	67	(setuid (passwd:uid user))
	68	(system* postgres
	69	(string-append "--config-file=" #$config-file)
	70	"-D" #$data-directory))))
105369a4 DT	71
	72	(define activate
	73	#~(begin
	74	(use-modules (guix build utils)
	75	(ice-9 match))
	76
	77	(let ((user (getpwnam "postgres"))
	78	(initdb (string-append #$postgresql "/bin/initdb")))
	79	;; Create db state directory.
	80	(mkdir-p #$data-directory)
	81	(chown #$data-directory (passwd:uid user) (passwd:gid user))
	82
	83	;; Drop privileges and init state directory in a new
	84	;; process. Wait for it to finish before proceeding.
	85	(match (primitive-fork)
	86	(0
	87	;; Exit with a non-zero status code if an exception is thrown.
	88	(dynamic-wind
	89	(const #t)
	90	(lambda ()
	91	(setgid (passwd:gid user))
	92	(setuid (passwd:uid user))
	93	(primitive-exit (system* initdb "-D" #$data-directory)))
	94	(lambda ()
	95	(primitive-exit 1))))
	96	(pid (waitpid pid))))))
	97
be1c2c54 LC	98	(service
	99	(provision '(postgres))
	100	(documentation "Run the PostgreSQL daemon.")
	101	(requirement '(user-processes loopback))
	102	(start #~(make-forkexec-constructor #$start-script))
	103	(stop #~(make-kill-destructor))
	104	(activate activate)
	105	(user-groups (list (user-group
	106	(name "postgres")
	107	(system? #t))))
	108	(user-accounts (list (user-account
	109	(name "postgres")
	110	(group "postgres")
	111	(system? #t)
	112	(comment "PostgreSQL server user")
	113	(home-directory "/var/empty")
	114	(shell
	115	#~(string-append #$shadow "/sbin/nologin")))))))