services: postgresql-role: Add support for password files.

This commit adds a password-file to the postgresql-role field. It allows users to provision Postgres roles with a set password. * gnu/services/databases.scm (postgresql-role): Add password-file field. (postgresql-role-configuration): Add requirement field. (postgresql-create-roles): Add support for setting passwords from a file without leaking passwords to the command line. (postgresql-role-shepherd-service): Add support for customizable requirements. (postgresql-role-service-type): Pass on postgresql-role-configuration fields values by default, this way user configured fields are not lost. * gnu/tests/databases.scm: Test it. * doc/guix.texi: Document the new field and fix the extension point example. Change-Id: I3aabaa10b0c5e826c5aa874e5649e25a3508a585 Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2026-04-06 13:10:33 +02:00 · 2025-04-29 17:51:10 +02:00
parent b2b7d2a327
commit 9d216d2ae9
3 changed files with 107 additions and 12 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27745,9 +27745,10 @@ example:

@lisp
 (service-extension postgresql-role-service-type
-                   (const (postgresql-role
-                           (name "alice")
-                           (create-database? #t))))
+                   (const (list
+                           (postgresql-role
+                            (name "alice")
+                            (create-database? #t)))))
@end lisp
@end defvar

@@ -27770,6 +27771,10 @@ The role permissions list.  Supported permissions are @code{bypassrls},
@item @code{create-database?} (default: @code{#f})
 whether to create a database with the same name as the role.

+@item @code{password-file} (default: @code{#f})
+A string representing the path of a file that contains the password to be set
+for the role.
+
@item @code{encoding} (default: @code{"UTF8"})
 The character set to use for storing text in the database.

@@ -27798,6 +27803,12 @@ The PostgreSQL host to connect to.
@item @code{log} (default: @code{"/var/log/postgresql_roles.log"})
 File name of the log file.

+@item @code{shepherd-requirement} (default: @code{'(user-processes postgres)})
+
+The Shepherd services dependencies to use.  Add extra dependencies to
+@code{%default-postgresql-role-shepherd-requirement} to extend its
+value.
+
@item @code{roles} (default: @code{'()})
 The initial PostgreSQL roles to create.
@end table