nixos/sourcehut: do not use ensureDBOwnership

Given that SourceHut uses unfortunate defaults for database name, it will not be realistic to fix this in time for 23.11. We will leave the workaround and leave it to SourceHut maintainers to pick up the work to clean this up after 23.11.
2023-11-17 15:03:19 +01:00 · 2023-11-17 15:03:19 +01:00 · 7cd63bff21
commit 7cd63bff21
parent 73198870cd
1 changed files with 7 additions and 12 deletions
--- a/nixos/modules/services/misc/sourcehut/service.nix
+++ b/nixos/modules/services/misc/sourcehut/service.nix
@ -242,15 +242,6 @@ in
      } cfg.nginx.virtualHost ];
    };

-    assertions = [
-      {
-        assertion = srvCfg.user == srvCfg.postgresql.database;
-        message = ''
-          When creating a database via NixOS, the db user and db name must be equal!
-        '';
-      }
-    ];
-
    services.postgresql = mkIf cfg.postgresql.enable {
      authentication = ''
        local ${srvCfg.postgresql.database} ${srvCfg.user} trust
@ -258,10 +249,13 @@ in
      ensureDatabases = [ srvCfg.postgresql.database ];
      ensureUsers = map (name: {
          inherit name;
-          ensureDBOwnership = true;
+          # We don't use it because we have a special default database name with dots.
+          # TODO(for maintainers of sourcehut): migrate away from custom preStart script.
+          ensureDBOwnership = false;
        }) [srvCfg.user];
    };

+
    services.sourcehut.settings = mkMerge [
      {
        "${srv}.sr.ht".origin = mkDefault "https://${srv}.${cfg.settings."sr.ht".global-domain}";
@ -387,10 +381,11 @@ in
        extraService
      ])) extraServices)

-      # Work around 'pq: permission denied for schema public' with postgres v15, until a
-      # solution for `services.postgresql.ensureUsers` is found.
+      # Work around 'pq: permission denied for schema public' with postgres v15.
      # See https://github.com/NixOS/nixpkgs/issues/216989
      # Workaround taken from nixos/forgejo: https://github.com/NixOS/nixpkgs/pull/262741
+      # TODO(to maintainers of sourcehut): please migrate away from this workaround
+      # by migrating away from database name defaults with dots.
      (lib.mkIf (
          cfg.postgresql.enable
          && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0"