nixos/postgresql: fix inaccurate docs for authentication (#97622)

* nixos/postgresql: fix inaccurate docs for authentication We actually use peer authentication, then md5 based authentication. trust is not used. * Use a link for mkForce docs Co-authored-by: aszlig <aszlig@redmoonstudios.org> Co-authored-by: lf- <lf-@users.noreply.github.com> Co-authored-by: aszlig <aszlig@redmoonstudios.org>
2020-10-31 00:35:19 -07:00 · 2020-10-31 00:35:19 -07:00 · 2df221ec8a
commit 2df221ec8a
parent 0544a7f672
1 changed files with 10 additions and 5 deletions
--- a/nixos/modules/services/databases/postgresql.nix
+++ b/nixos/modules/services/databases/postgresql.nix
@ -69,11 +69,16 @@ in
        type = types.lines;
        default = "";
        description = ''
-          Defines how users authenticate themselves to the server. By
-          default, "trust" access to local users will always be granted
-          along with any other custom options. If you do not want this,
-          set this option using "lib.mkForce" to override this
-          behaviour.
+          Defines how users authenticate themselves to the server. See the
+          <link xlink:href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html">
+          PostgreSQL documentation for pg_hba.conf</link>
+          for details on the expected format of this option. By default,
+          peer based authentication will be used for users connecting
+          via the Unix socket, and md5 password authentication will be
+          used for users connecting via TCP. Any added rules will be
+          inserted above the default rules. If you'd like to replace the
+          default rules entirely, you can use <function>lib.mkForce</function> in your
+          module.
        '';
      };