The test breaks like this otherwise:
machine # WARNING: error during JITing: Permission denied
machine # [ 14.012280] postgres[913]: [913] WARNING: error during JITing: Permission denied
machine # ERROR: failed to look up symbol "evalexpr_0_1": Failed to materialize symbols: { (main, { evalexpr_0_1, evalexpr_0_0 }) }
previously if you set the "user" option and did not create a group
account with the same name the module would create a service that would
fail to start.
with this change:
- the module is more explicit about this behaviour
- you can configure the group directly, so that you're not forced to a
particular user/group structure
- you can read the group name used by the redis service. this is useful
for giving other services permission to use the redis socket.
The issue was that the old test-case used `/tmp` to share data. Using
`JoinsNamespaceOf=` wasn't a real workaround since the private `/tmp` is
recreated when a service gets stopped/started which is the case here, so
the wals were still lost.
To keep the test building with `PrivateTmp=yes`, create a dedicated
directory in `/var/cache` with tmpfiles and allow the hardened
`postgresql.service` to access it via `ReadWritePaths`.
Factor out part of the provisioning script into a
wait-until-service-is-ready script, and put it unconditionally in
front of ExecStartPost=, so that services that depend on influxdb2 are
not started until influxdb2 responds to requests.
Fixes https://github.com/NixOS/nixpkgs/issues/317017 ("Scrutiny tries to start before influxdb has started")
Without the change the doc build fails as:
$ nix build -f nixos config.system.build.manual.manualHTML -L
...
nixos-manual-html> RuntimeError: heading in line 366 does not have an id
This splits a dev output to make the default output not depend on any
build dependencies anymore. This also avoids removing references from
pgxs' Makefile this way, which should, at least theoretically, be good
to build extensions via pgxs, making sure they use the same tooling.
ecpg is the "embedded SQL C preprocessor", which is certainly a dev
tool.
Most important, for closure size anyway, is to move pg_config to the dev
output, since it retains paths to all the other outputs.
The only thing with references to the dev output remaining is then the
postgres binary itself. It contains all the output paths, because it
shows those in the pg_config system view. There is no other way than
to nuke those references to avoid circular dependencies between outputs
- and blowing up closure size again.
This change adds services.pgbouncer.settings option as per [RFC 0042]
and deprecates other options that were previously used to generate
configuration file.
In addition to that, we also place the configuration file under
environment.etc to allow reloading configuration without service
restart.
[RFC 0042]: https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
When mysql starts up for the first time, the binary `mysql_install_db`
will run and try to set up the correct folder structure and permissions.
The very first step is to change the owner and group of the data
directory. This can fail in some cases, for example if `cfg.dataDir` is
something like `/mnt/mysql`:
```
Jul 31 15:24:35 junction systemd[1]: Starting MySQL Server...
Jul 31 15:24:36 junction mysql-pre-start[1346]: chown: changing ownership of '/mnt/mysql': Operation not permitted
Jul 31 15:24:36 junction mysql-pre-start[1309]: Cannot change ownership of the database directories to the 'mysql'
Jul 31 15:24:36 junction mysql-pre-start[1309]: user. Check that you have the necessary permissions and try again.
Jul 31 15:24:36 junction systemd[1]: mysql.service: Control process exited, code=exited, status=1/FAILURE
Jul 31 15:24:36 junction systemd[1]: mysql.service: Failed with result 'exit-code'.
Jul 31 15:24:36 junction systemd[1]: Failed to start MySQL Server.
```
This is because `/mnt` usually is owned by root.
To work around this issue, use `systemd.tmpfiles` to set the owner,
group and permissions. This will always work, and if the permissions are
already set as expected, mysql will not try to alter them again.
Done using `grep -rP 'description\s+=\s+"[^"]+[ ]";' | cut -d ':' -f 1 |
xargs -i nvim {}` and sorting the opened files by hand, avoiding
generated packages list
Upgrade default postgresql for stateVersion >=24.11.
This also rebuilds all packages linking against `libpq.so` to use
postgresql 16.
After re-reading https://www.postgresql.org/docs/16/release-16.html
I don't see any major risks about doing that.
