From 2289379ad59b5f5d168acd06be5e8117d538b1dc Mon Sep 17 00:00:00 2001
From: Artur Gurgul1 <artur@gurgul.org>
Date: Fri, 8 Aug 2025 10:17:01 +0200
Subject: [PATCH] add unix socket for postgres

---
 lib/data/templates/postgres/pg_hba.conf.erb   |  3 +++
 .../postgres.service.erb}                     | 10 ++++-----
 .../postgresql.conf.erb                       | 17 ++++++++-------
 lib/data/templates/postgresql/pg_hba.conf.erb |  2 --
 lib/data/templates/postgresql/test.erb        |  4 ----
 lib/execute.rb                                |  4 ++--
 lib/setup/{postgresql.rb => postgres.rb}      | 21 +++++++++++--------
 .../{postgresql => postgres}/debian-setup.yml |  0
 recipes/{postgresql => postgres}/debian.yml   |  0
 9 files changed, 32 insertions(+), 29 deletions(-)
 create mode 100644 lib/data/templates/postgres/pg_hba.conf.erb
 rename lib/data/templates/{postgresql/postgresql.service.erb => postgres/postgres.service.erb} (82%)
 rename lib/data/templates/{postgresql => postgres}/postgresql.conf.erb (79%)
 delete mode 100644 lib/data/templates/postgresql/pg_hba.conf.erb
 delete mode 100644 lib/data/templates/postgresql/test.erb
 rename lib/setup/{postgresql.rb => postgres.rb} (79%)
 rename recipes/{postgresql => postgres}/debian-setup.yml (100%)
 rename recipes/{postgresql => postgres}/debian.yml (100%)

diff --git a/lib/data/templates/postgres/pg_hba.conf.erb b/lib/data/templates/postgres/pg_hba.conf.erb
new file mode 100644
index 0000000..6d1564e
--- /dev/null
+++ b/lib/data/templates/postgres/pg_hba.conf.erb
@@ -0,0 +1,3 @@
+local      all             all                                     peer
+#hostssl    all             all             0.0.0.0/0               scram-sha-256
+host       all             all             127.0.0.1/32            trust
diff --git a/lib/data/templates/postgresql/postgresql.service.erb b/lib/data/templates/postgres/postgres.service.erb
similarity index 82%
rename from lib/data/templates/postgresql/postgresql.service.erb
rename to lib/data/templates/postgres/postgres.service.erb
index bea3bc9..dd87eaf 100644
--- a/lib/data/templates/postgresql/postgresql.service.erb
+++ b/lib/data/templates/postgres/postgres.service.erb
@@ -3,10 +3,10 @@ Description=PostgreSQL <%= version %>
 After=network.target
 
 [Service]
-# Type=notify
-Type=simple
+Type=notify
+#Type=simple
 
-User=postgresql
+User=postgres
 Group=services
 
 ExecStart=<%= postgres_bin %> -D <%= database_dir %>
@@ -23,9 +23,9 @@ NotifyAccess=all
 # Security
 #ProtectSystem=full
 #ProtectHome=true
-#ReadWritePaths=<%= database_dir %>
+ReadWritePaths=<%= database_dir %>
 
-PrivateTmp=true
+# PrivateTmp=true
 NoNewPrivileges=true
 
 # Resource Limits
diff --git a/lib/data/templates/postgresql/postgresql.conf.erb b/lib/data/templates/postgres/postgresql.conf.erb
similarity index 79%
rename from lib/data/templates/postgresql/postgresql.conf.erb
rename to lib/data/templates/postgres/postgresql.conf.erb
index b31cbfd..2fb5871 100644
--- a/lib/data/templates/postgresql/postgresql.conf.erb
+++ b/lib/data/templates/postgres/postgresql.conf.erb
@@ -8,17 +8,20 @@
 listen_addresses = '*'
 port = 5432
 max_connections = 100
-unix_socket_directories = '<%= unix_socket %>'
+#unix_socket_directories = '<%= unix_socket %>'
+unix_socket_directories = '/tmp'
 password_encryption = scram-sha-256
 
-## TODO Add support for ssl
+### TODO Add support for ssl
 #ssl = on
+#
+##ssl_ca_file = ''
+#ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+##ssl_crl_file = ''
+##ssl_crl_dir = ''
+#ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
+
 
-#ssl_ca_file = ''
-ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
-#ssl_crl_file = ''
-#ssl_crl_dir = ''
-ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
 #ssl_prefer_server_ciphers = on
 #ssl_ecdh_curve = 'prime256v1'
diff --git a/lib/data/templates/postgresql/pg_hba.conf.erb b/lib/data/templates/postgresql/pg_hba.conf.erb
deleted file mode 100644
index 1afb456..0000000
--- a/lib/data/templates/postgresql/pg_hba.conf.erb
+++ /dev/null
@@ -1,2 +0,0 @@
-local      all             all                                     peer
-hostssl    all             all             0.0.0.0/0               scram-sha-256
diff --git a/lib/data/templates/postgresql/test.erb b/lib/data/templates/postgresql/test.erb
deleted file mode 100644
index b0a5afa..0000000
--- a/lib/data/templates/postgresql/test.erb
+++ /dev/null
@@ -1,4 +0,0 @@
-
-
-
-<%= te %>
diff --git a/lib/execute.rb b/lib/execute.rb
index ae52ea5..2bd9ed9 100644
--- a/lib/execute.rb
+++ b/lib/execute.rb
@@ -84,8 +84,8 @@ module Execute
     )
 
     case name
-    when :postgresql
-    require 'setup/postgresql'
+    when :postgres
+    require 'setup/postgres'
     -> { Setup::PostgreSQL.install(service_install_context) }
     # ->(context) { 
     #   Setup::PostgreSQL.install(context) 
diff --git a/lib/setup/postgresql.rb b/lib/setup/postgres.rb
similarity index 79%
rename from lib/setup/postgresql.rb
rename to lib/setup/postgres.rb
index 29007ac..fc08516 100644
--- a/lib/setup/postgresql.rb
+++ b/lib/setup/postgres.rb
@@ -32,7 +32,7 @@ module Setup
       end
       system("sudo mkdir -p #{context.data_dir}")
       system("sudo chown #{context.user_name}:services #{context.data_dir}")
-      system("sudo -u postgresql #{File.join(context.bin_dir, "/bin/initdb")} -D #{context.data_dir}")
+      system("sudo -u postgres #{File.join(context.bin_dir, "/bin/initdb")} -D #{context.data_dir} --username=postgres")
     end
 
     def self.setup_systemd(context)
@@ -41,12 +41,15 @@ module Setup
       pg_hba_path = "#{File.join(context.data_dir, "pg_hba.conf")}"
       write_as(context.user_name, pg_hba_path, pg_hba)
 
-      # TODO: move this to user module
-      uid = Etc.getpwnam(context.user_name.to_s).uid
-      socket_path = "/run/user/#{uid}"
+      ## TODO: move this to user module
+      #uid = Etc.getpwnam(context.user_name.to_s).uid
+      #socket_path = "/run/user/#{uid}"
+      socket_path = "/run/user/#{context.user_name}"
+      #socket_path = "/tmp"
+
       system("sudo mkdir -p #{socket_path}")
       system("sudo chown #{context.user_name}:services #{socket_path}")
-      system("sudo chmod 700 #{socket_path}")
+      system("sudo chmod 711 #{socket_path}")
 
       postgresql_conf = render("postgresql.conf", unix_socket: socket_path)
 
@@ -54,17 +57,17 @@ module Setup
       write_as(context.user_name, postgresql_conf_path, postgresql_conf)
 
       postgres_service = render(
-        "postgresql.service", 
+        "postgres.service", 
         postgres_bin: File.join(context.bin_dir, "/bin/postgres"), 
         version: context.version, 
         database_dir: context.data_dir
       )
-      postgres_service_path = "/etc/systemd/system/postgresql.service" 
+      postgres_service_path = "/etc/systemd/system/postgres.service" 
       write_as("root", postgres_service_path, postgres_service)
       system("sudo systemctl daemon-reexec")
       system("sudo systemctl daemon-reload")
-      system("sudo systemctl enable postgresql")
-      system("sudo systemctl start postgresql")
+      system("sudo systemctl enable postgres")
+      system("sudo systemctl start postgres")
       
       # debug service
       # sudo systemctl daemon-reexec && sudo systemctl daemon-reload && sudo systemctl restart postgresql.service
diff --git a/recipes/postgresql/debian-setup.yml b/recipes/postgres/debian-setup.yml
similarity index 100%
rename from recipes/postgresql/debian-setup.yml
rename to recipes/postgres/debian-setup.yml
diff --git a/recipes/postgresql/debian.yml b/recipes/postgres/debian.yml
similarity index 100%
rename from recipes/postgresql/debian.yml
rename to recipes/postgres/debian.yml