diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 6f2dd011eaf0..bce2805f74d4 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -569,6 +569,8 @@ - `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.restic.backups..inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep). +- The arguments from [](#opt-services.postgresql.initdbArgs) now get shell-escaped. + - Support for *runner registration tokens* has been [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in `gitlab-runner` 15.6 and is expected to be removed in `gitlab-runner` 18.0. Configuration of existing runners should be changed to using *runner authentication tokens* by configuring diff --git a/nixos/modules/services/databases/postgresql.md b/nixos/modules/services/databases/postgresql.md index 0de1d82b4f03..5108f040e968 100644 --- a/nixos/modules/services/databases/postgresql.md +++ b/nixos/modules/services/databases/postgresql.md @@ -187,7 +187,7 @@ $ nix-instantiate --eval -A postgresql_13.psqlSchema ``` For an upgrade, a script like this can be used to simplify the process: ```nix -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { environment.systemPackages = [ (let @@ -211,7 +211,7 @@ For an upgrade, a script like this can be used to simplify the process: install -d -m 0700 -o postgres -g postgres "$NEWDATA" cd "$NEWDATA" - sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${builtins.concatStringsSep " " cfg.initdbArgs} + sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs} sudo -u postgres $NEWBIN/pg_upgrade \ --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 55b3dd282ec4..ceaccde813a0 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -7,6 +7,7 @@ let concatStringsSep const elem + escapeShellArgs filterAttrs isString literalExpression @@ -545,7 +546,7 @@ in rm -f ${cfg.dataDir}/*.conf # Initialise the database. - initdb -U ${cfg.superUser} ${concatStringsSep " " cfg.initdbArgs} + initdb -U ${cfg.superUser} ${escapeShellArgs cfg.initdbArgs} # See postStart! touch "${cfg.dataDir}/.first_startup"