movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 22:20:30 +03:00
Code Activity
nixpkgs/nixos/modules/services/databases
History
Maximilian Bosch cfd92cfb75 nixos/doc: document how to allow-list tablespaces 
It was brought up that the restricted file-system access breaks
tablespaces[1]. I'd argue that this is the desired behavior, the whole
point of the hardening is the lock the service down and I don't consider
tablespaces common enough to elevate privileges again. Especially since
the workaround is trivial as shown in the diff.

For completeness sake, this adds the necessary `ReadWritePaths` change
to the postgresql section of the manual.

This also adds a small correction about the state of
`ensurePermissions`.

[1] https://github.com/NixOS/nixpkgs/pull/344925#issuecomment-2521188907

(cherry picked from commit 51a6938a44)
2024-12-12 15:43:42 +00:00
..
aerospike.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
cassandra.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
chromadb.nix nixos/chromadb: init 2024-08-16 18:23:12 +02:00
clickhouse.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
cockroachdb.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
couchdb.nix nixos/services.couchdb: remove with lib; 2024-08-30 00:30:39 +02:00
dgraph.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
dragonflydb.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
etcd.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
ferretdb.nix nixos/services.ferretdb: remove with lib; 2024-08-30 00:30:39 +02:00
firebird.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
foundationdb.md treewide: Fix all Nix ASTs in all markdown files 2024-03-28 09:28:12 +01:00
foundationdb.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
hbase-standalone.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
influxdb.nix nixos/services.influxdb: remove with lib; 2024-08-30 00:30:40 +02:00
influxdb2.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
lldap.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
memcached.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
monetdb.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
mongodb.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
mysql.nix nixos/mysql: fix evaluation of percona test 2024-11-29 21:17:01 +00:00
neo4j.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
openldap.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
opentsdb.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
pgbouncer.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
pgmanage.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
postgresql.md nixos/doc: document how to allow-list tablespaces 2024-12-12 15:43:42 +00:00
postgresql.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
redis.nix nixos/redis: add option services.redis.servers.*.group 2024-10-04 21:12:38 -06:00
rethinkdb.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
surrealdb.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
tigerbeetle.md nixos/tigerbeetle: add docs on upgrading, add more systemd hardening (#332899) 2024-09-24 23:56:38 -07:00
tigerbeetle.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00
victoriametrics.nix treewide: format all inactive Nix files 2024-12-10 20:29:24 +01:00