From: Martin Baulig <martin@baulig.is>
To: Felix Lechner <felix.lechner@lease-up.com>
Cc: "guix-devel@gnu.org" <guix-devel@gnu.org>
Subject: Re: Postgres user UID and GID
Date: Mon, 17 Jul 2023 21:28:29 +0000 [thread overview]
Message-ID: <LPtRrer4a8VYHpNxG-CTvZaAs4L__MhKFdNSsbqBYrB9fVV-kb9r0QluOJqd7FIs_Cxg2PUcy9nExGyy6XA2ltTMZUNAXwvZqMMeU6nZYEw=@baulig.is> (raw)
In-Reply-To: <CAFHYt55Zhui0Pbis_adbdcx8px-HXPmHTtvOiWRjZQuvxtyo_Q@mail.gmail.com>
Hello,
I had considered idmap before, but realized there might be a bit of a chicken-egg problem with it. Even though that likely doesn't actually exist because GNU Guix is smart enough about it, the circular dependency still feels weird:
What I mean is that the NFS client would depend on the existence of the 'postgres' user, to put it into the idmap file, and to resolve its UID / GID on service startup.
But the PostgreSQL service also depends on the NFS share already being mounted, so the postgres process can access its data directory.
The only clean solution I could think about is to create the account during system initialization via an explicit entry in (operating-system (users ...)). But then I won't need idmap because I can just hard-code the UID and GID there.
About running the database on the server - unfortunately, there is no official package for Synology's DSM and I don't feel good about some third-party sites that only provide binaries. They also made some custom changes to the Linux kernel and use some kind of custom libc - it's a nightmare to install anything on that thing!
And the "official" recommendation that you get on Reddit, Stack Overflow, etc. about running PostgreSQL on Synology DSM is to install a Docker image.
I figured running GNU Guix in a VM to be a much better choice than messing with a bunch of Docker images.
Best regards,
Martin
------- Original Message -------
On Monday, July 17th, 2023 at 8:23 PM, Felix Lechner <felix.lechner@lease-up.com> wrote:
>
>
> Hi Martin,
>
> On Mon, Jul 17, 2023 at 11:44 AM Martin Baulig martin@baulig.is wrote:
>
> > I have decided to NFS-mount an encrypted shared folder
>
>
> I use a similar setup and use Gocryptfs for encryption. How do you
> encrypt, please?
>
> > there is a tiny little problem with PostgreSQL:
> > the UID and GID of the 'postgres' user needs to match that of the server.
>
>
> Perhaps I do not understand the needs of your setup completely.
> Doesn't 'idmapd' in NFSv4 address your conundrum effectively?
>
> For performance reasons, I would discourage such a setup, though. It
> would be better to run Postgres on the NAS, if it is an option, or to
> replicate the database for backup purposes.
>
> Kind regards
> Felix
prev parent reply other threads:[~2023-07-17 21:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-17 18:06 Postgres user UID and GID Martin Baulig
2023-07-17 19:49 ` Denis 'GNUtoo' Carikli
2023-07-17 21:35 ` Martin Baulig
2023-07-18 22:10 ` Denis 'GNUtoo' Carikli
2023-07-19 14:35 ` Martin Baulig
2023-07-17 20:23 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
2023-07-17 21:28 ` Martin Baulig [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='LPtRrer4a8VYHpNxG-CTvZaAs4L__MhKFdNSsbqBYrB9fVV-kb9r0QluOJqd7FIs_Cxg2PUcy9nExGyy6XA2ltTMZUNAXwvZqMMeU6nZYEw=@baulig.is' \
--to=martin@baulig.is \
--cc=felix.lechner@lease-up.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.