nixos/invidious: do not use ensureDBOwnership

Invidious uses a strange setup where the database name is different from the system username for non-explicit reasons. Because of that, it makes it hard to migrate it to use `ensureDBOwnership`, we leave it to Invidious' maintainers to pick up the pieces.
2023-11-17 15:52:29 +01:00 · 2023-11-17 15:52:29 +01:00 · 10baca4935
commit 10baca4935
parent f653734c4d
2 changed files with 10 additions and 2 deletions
--- a/nixos/modules/services/web-apps/invidious.nix
+++ b/nixos/modules/services/web-apps/invidious.nix
@ -109,8 +109,16 @@ let
    # Default to using the local database if we create it
    services.invidious.database.host = lib.mkDefault null;

+
+    # TODO(raitobezarius to maintainers of invidious): I strongly advise to clean up the kemal specific
+    # thing for 24.05 and use `ensureDBOwnership`.
+    # See https://github.com/NixOS/nixpkgs/issues/216989
+    systemd.services.postgresql.postStart = lib.mkAfter ''
+      $PSQL -tAc 'ALTER DATABASE "${cfg.settings.db.dbname}" OWNER TO "${cfg.settings.db.user}";'
+    '';
    services.postgresql = {
      enable = true;
+      ensureUsers = lib.singleton { name = cfg.settings.db.user; ensureDBOwnership = false; };
      ensureDatabases = lib.singleton cfg.settings.db.dbname;
      # This is only needed because the unix user invidious isn't the same as
      # the database user. This tells postgres to map one to the other.
@ -130,6 +138,7 @@ let
      documentation = [ "https://docs.invidious.io/Database-Information-and-Maintenance.md" ];
      startAt = lib.mkDefault "weekly";
      path = [ config.services.postgresql.package ];
+      after = [ "postgresql.service" ];
      script = ''
        psql ${cfg.settings.db.dbname} ${cfg.settings.db.user} -c "DELETE FROM nonces * WHERE expire < current_timestamp"
        psql ${cfg.settings.db.dbname} ${cfg.settings.db.user} -c "TRUNCATE TABLE videos"
--- a/nixos/tests/invidious.nix
+++ b/nixos/tests/invidious.nix
@ -44,8 +44,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
            enable = true;
            initialScript = pkgs.writeText "init-postgres-with-password" ''
              CREATE USER kemal WITH PASSWORD 'correct horse battery staple';
-              CREATE DATABASE invidious;
-              GRANT ALL PRIVILEGES ON DATABASE invidious TO kemal;
+              CREATE DATABASE invidious OWNER kemal;
            '';
          };
      };