Commit | Line | Data |
---|---|---|
105369a4 DT |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2015 David Thompson <davet@gnu.org> | |
be1c2c54 | 3 | ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> |
105369a4 DT |
4 | ;;; |
5 | ;;; This file is part of GNU Guix. | |
6 | ;;; | |
7 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
8 | ;;; under the terms of the GNU General Public License as published by | |
9 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
10 | ;;; your option) any later version. | |
11 | ;;; | |
12 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
13 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | ;;; GNU General Public License for more details. | |
16 | ;;; | |
17 | ;;; You should have received a copy of the GNU General Public License | |
18 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
19 | ||
20 | (define-module (gnu services databases) | |
21 | #:use-module (gnu services) | |
22 | #:use-module (gnu system shadow) | |
23 | #:use-module (gnu packages admin) | |
24 | #:use-module (gnu packages databases) | |
25 | #:use-module (guix records) | |
105369a4 DT |
26 | #:use-module (guix store) |
27 | #:use-module (guix gexp) | |
28 | #:export (postgresql-service)) | |
29 | ||
30 | ;;; Commentary: | |
31 | ;;; | |
32 | ;;; Database services. | |
33 | ;;; | |
34 | ;;; Code: | |
35 | ||
36 | (define %default-postgres-hba | |
be1c2c54 LC |
37 | (plain-file "pg_hba.conf" |
38 | " | |
105369a4 DT |
39 | local all all trust |
40 | host all all 127.0.0.1/32 trust | |
41 | host all all ::1/128 trust")) | |
42 | ||
43 | (define %default-postgres-ident | |
be1c2c54 | 44 | (plain-file "pg_ident.conf" |
105369a4 DT |
45 | "# MAPNAME SYSTEM-USERNAME PG-USERNAME")) |
46 | ||
47 | (define %default-postgres-config | |
be1c2c54 LC |
48 | (mixed-text-file "postgresql.conf" |
49 | "hba_file = '" %default-postgres-hba "'\n" | |
50 | "ident_file = '" %default-postgres-ident "\n")) | |
105369a4 DT |
51 | |
52 | (define* (postgresql-service #:key (postgresql postgresql) | |
53 | (config-file %default-postgres-config) | |
54 | (data-directory "/var/lib/postgresql/data")) | |
55 | "Return a service that runs @var{postgresql}, the PostgreSQL database server. | |
56 | ||
57 | The PostgreSQL daemon loads its runtime configuration from @var{config-file} | |
58 | and stores the database cluster in @var{data-directory}." | |
59 | ;; Wrapper script that switches to the 'postgres' user before launching | |
60 | ;; daemon. | |
61 | (define start-script | |
be1c2c54 LC |
62 | (program-file "start-postgres" |
63 | #~(let ((user (getpwnam "postgres")) | |
64 | (postgres (string-append #$postgresql | |
65 | "/bin/postgres"))) | |
66 | (setgid (passwd:gid user)) | |
67 | (setuid (passwd:uid user)) | |
68 | (system* postgres | |
69 | (string-append "--config-file=" #$config-file) | |
70 | "-D" #$data-directory)))) | |
105369a4 DT |
71 | |
72 | (define activate | |
73 | #~(begin | |
74 | (use-modules (guix build utils) | |
75 | (ice-9 match)) | |
76 | ||
77 | (let ((user (getpwnam "postgres")) | |
78 | (initdb (string-append #$postgresql "/bin/initdb"))) | |
79 | ;; Create db state directory. | |
80 | (mkdir-p #$data-directory) | |
81 | (chown #$data-directory (passwd:uid user) (passwd:gid user)) | |
82 | ||
83 | ;; Drop privileges and init state directory in a new | |
84 | ;; process. Wait for it to finish before proceeding. | |
85 | (match (primitive-fork) | |
86 | (0 | |
87 | ;; Exit with a non-zero status code if an exception is thrown. | |
88 | (dynamic-wind | |
89 | (const #t) | |
90 | (lambda () | |
91 | (setgid (passwd:gid user)) | |
92 | (setuid (passwd:uid user)) | |
93 | (primitive-exit (system* initdb "-D" #$data-directory))) | |
94 | (lambda () | |
95 | (primitive-exit 1)))) | |
96 | (pid (waitpid pid)))))) | |
97 | ||
be1c2c54 LC |
98 | (service |
99 | (provision '(postgres)) | |
100 | (documentation "Run the PostgreSQL daemon.") | |
101 | (requirement '(user-processes loopback)) | |
102 | (start #~(make-forkexec-constructor #$start-script)) | |
103 | (stop #~(make-kill-destructor)) | |
104 | (activate activate) | |
105 | (user-groups (list (user-group | |
106 | (name "postgres") | |
107 | (system? #t)))) | |
108 | (user-accounts (list (user-account | |
109 | (name "postgres") | |
110 | (group "postgres") | |
111 | (system? #t) | |
112 | (comment "PostgreSQL server user") | |
113 | (home-directory "/var/empty") | |
114 | (shell | |
115 | #~(string-append #$shadow "/sbin/nologin"))))))) |