artur/environment
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add unix socket for postgres

Browse source
This commit is contained in:
Artur Gurgul1 2025-08-08 10:17:01 +02:00
parent 2054a68af0
commit 2289379ad5
9 changed files with 32 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/data/templates/postgres/pg_hba.conf.erb Normal file
View file

@ -0,0 +1,3 @@
local all all peer
#hostssl all all 0.0.0.0/0 scram-sha-256
host all all 127.0.0.1/32 trust

10
lib/data/templates/postgresql/postgresql.service.erb → lib/data/templates/postgres/postgres.service.erb
View file

@ -3,10 +3,10 @@ Description=PostgreSQL <%= version %>
After=network.target After=network.target
[Service] [Service]
# Type=notify Type=notify
Type=simple #Type=simple
User=postgresql User=postgres
Group=services Group=services
ExecStart=<%= postgres_bin %> -D <%= database_dir %> ExecStart=<%= postgres_bin %> -D <%= database_dir %>
@ -23,9 +23,9 @@ NotifyAccess=all
# Security # Security
#ProtectSystem=full #ProtectSystem=full
#ProtectHome=true #ProtectHome=true
#ReadWritePaths=<%= database_dir %> ReadWritePaths=<%= database_dir %>
PrivateTmp=true # PrivateTmp=true
NoNewPrivileges=true NoNewPrivileges=true
# Resource Limits # Resource Limits

17
lib/data/templates/postgresql/postgresql.conf.erb → lib/data/templates/postgres/postgresql.conf.erb
View file

@ -8,17 +8,20 @@
listen_addresses = '*' listen_addresses = '*'
port = 5432 port = 5432
max_connections = 100 max_connections = 100
unix_socket_directories = '<%= unix_socket %>' #unix_socket_directories = '<%= unix_socket %>'
unix_socket_directories = '/tmp'
password_encryption = scram-sha-256 password_encryption = scram-sha-256
## TODO Add support for ssl ### TODO Add support for ssl
#ssl = on #ssl = on
#
##ssl_ca_file = ''
#ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
##ssl_crl_file = ''
##ssl_crl_dir = ''
#ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
#ssl_crl_dir = ''
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on #ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1' #ssl_ecdh_curve = 'prime256v1'

2
lib/data/templates/postgresql/pg_hba.conf.erb
View file

@ -1,2 +0,0 @@
local all all peer
hostssl all all 0.0.0.0/0 scram-sha-256

4
lib/data/templates/postgresql/test.erb
View file

@ -1,4 +0,0 @@
<%= te %>

4
lib/execute.rb
View file

@ -84,8 +84,8 @@ module Execute
) )
case name case name
when :postgresql when :postgres
require 'setup/postgresql' require 'setup/postgres'
-> { Setup::PostgreSQL.install(service_install_context) } -> { Setup::PostgreSQL.install(service_install_context) }
# ->(context) { # ->(context) {
# Setup::PostgreSQL.install(context) # Setup::PostgreSQL.install(context)

21
lib/setup/postgresql.rb → lib/setup/postgres.rb
View file

@ -32,7 +32,7 @@ module Setup
end end
system("sudo mkdir -p #{context.data_dir}") system("sudo mkdir -p #{context.data_dir}")
system("sudo chown #{context.user_name}:services #{context.data_dir}") system("sudo chown #{context.user_name}:services #{context.data_dir}")
system("sudo -u postgresql #{File.join(context.bin_dir, "/bin/initdb")} -D #{context.data_dir}") system("sudo -u postgres #{File.join(context.bin_dir, "/bin/initdb")} -D #{context.data_dir} --username=postgres")
end end
def self.setup_systemd(context) def self.setup_systemd(context)
@ -41,12 +41,15 @@ module Setup
pg_hba_path = "#{File.join(context.data_dir, "pg_hba.conf")}" pg_hba_path = "#{File.join(context.data_dir, "pg_hba.conf")}"
write_as(context.user_name, pg_hba_path, pg_hba) write_as(context.user_name, pg_hba_path, pg_hba)
# TODO: move this to user module ## TODO: move this to user module
uid = Etc.getpwnam(context.user_name.to_s).uid #uid = Etc.getpwnam(context.user_name.to_s).uid
socket_path = "/run/user/#{uid}" #socket_path = "/run/user/#{uid}"
socket_path = "/run/user/#{context.user_name}"
#socket_path = "/tmp"
system("sudo mkdir -p #{socket_path}") system("sudo mkdir -p #{socket_path}")
system("sudo chown #{context.user_name}:services #{socket_path}") system("sudo chown #{context.user_name}:services #{socket_path}")
system("sudo chmod 700 #{socket_path}") system("sudo chmod 711 #{socket_path}")
postgresql_conf = render("postgresql.conf", unix_socket: socket_path) postgresql_conf = render("postgresql.conf", unix_socket: socket_path)
@ -54,17 +57,17 @@ module Setup
write_as(context.user_name, postgresql_conf_path, postgresql_conf) write_as(context.user_name, postgresql_conf_path, postgresql_conf)
postgres_service = render( postgres_service = render(
"postgresql.service", "postgres.service",
postgres_bin: File.join(context.bin_dir, "/bin/postgres"), postgres_bin: File.join(context.bin_dir, "/bin/postgres"),
version: context.version, version: context.version,
database_dir: context.data_dir database_dir: context.data_dir
) )
postgres_service_path = "/etc/systemd/system/postgresql.service" postgres_service_path = "/etc/systemd/system/postgres.service"
write_as("root", postgres_service_path, postgres_service) write_as("root", postgres_service_path, postgres_service)
system("sudo systemctl daemon-reexec") system("sudo systemctl daemon-reexec")
system("sudo systemctl daemon-reload") system("sudo systemctl daemon-reload")
system("sudo systemctl enable postgresql") system("sudo systemctl enable postgres")
system("sudo systemctl start postgresql") system("sudo systemctl start postgres")
# debug service # debug service
# sudo systemctl daemon-reexec && sudo systemctl daemon-reload && sudo systemctl restart postgresql.service # sudo systemctl daemon-reexec && sudo systemctl daemon-reload && sudo systemctl restart postgresql.service

0
recipes/postgresql/debian-setup.yml → recipes/postgres/debian-setup.yml
View file

0
recipes/postgresql/debian.yml → recipes/postgres/debian.yml
View file