| 17 Nov 2023 |
 raitobezarius | yep | 14:47:29 |
 bendlas | what would be the problem there, if we're the owner? | 14:47:37 |
| raitobezarius | # TODO(raitobezarius to maintainers of invidious): I strongly advise to clean up the kemal specific
# thing for 24.05 and use `ensureDBOwnership`.
# See https://github.com/NixOS/nixpkgs/issues/216989
systemd.services.postgresql.postStart = lib.mkAfter ''
$PSQL -tAc 'ALTER DATABASE "${cfg.settings.db.dbname}" OWNER TO "${cfg.settings.db.user}";'
$PSQL -tAc 'GRANT USAGE, CREATE ON SCHEMA public TO "${cfg.settings.db.user}";'
'';
services.postgresql = {
enable = true;
ensureUsers = lib.singleton { name = cfg.settings.db.user; };
ensureDatabases = lib.singleton cfg.settings.db.dbname;
# This is only needed because the unix user invidious isn't the same as
# the database user. This tells postgres to map one to the other.
identMap = ''
invidious invidious ${cfg.settings.db.user}
'';
# And this specifically enables peer authentication for only this
# database, which allows passwordless authentication over the postgres
# unix socket for the user map given above.
authentication = ''
local ${cfg.settings.db.dbname} ${cfg.settings.db.user} peer map=invidious
'';
};
| 14:47:48 |
| raitobezarius | basically this is the context | 14:47:51 |
| raitobezarius | "I" am owner, I even have USAGE, CREATE on the schema | 14:48:00 |
| raitobezarius | and this still fails… | 14:48:03 |
| raitobezarius | I wonder if this is related to the usermap | 14:48:09 |
| raitobezarius | But that'd be weird | 14:48:11 |
| raitobezarius | ah I found the problem | 14:50:28 |
| raitobezarius | the invidious test is weird | 14:50:31 |
| raitobezarius | and doing a lot of things | 14:50:32 |
| raitobezarius | ok fixed. | 14:51:31 |
| raitobezarius | now release notes, improved error messages and we ship this | 14:53:20 |
| raitobezarius | and we will deal with all the regressions later on in beta phase | 14:53:32 |
| raitobezarius | hexa: is there any plan on the Python 2.7 breakage stuff? | 16:15:13 |
| raitobezarius | most specifically, everything that depends on resholve | 16:15:19 |
 hexa | a hack by k900 to disable the hook entirely on the python2 builder | 16:15:47 |
| raitobezarius | sounds good | 16:15:58 |
| hexa | and a fix by me that was to costly to go into the running staging cycle, because darwin-stdenv loves python | 16:16:03 |
| raitobezarius | it's not in master yet I assume? | 16:16:05 |
| hexa | * and a fix by me that was too costly to go into the running staging cycle, because darwin-stdenv loves python | 16:16:09 |
| hexa | https://github.com/NixOS/nixpkgs/pull/268027
\ | 16:16:39 |
| raitobezarius | OK; no one has any opposition for this hack? | 16:17:07 |
| hexa | * https://github.com/NixOS/nixpkgs/pull/268027
https://github.com/NixOS/nixpkgs/pull/267669 | 16:17:11 |
| raitobezarius | We can send it and then work on the better hack via backport later on, right? | 16:17:17 |
| hexa | the better hack is not a hack | 16:17:25 |
| hexa | but yes | 16:17:29 |
| raitobezarius | Apologies | 16:17:38 |
| raitobezarius | (In my mind, anything pertaining to extending Python 2 lifetime is a hack :<) | 16:17:51 |
| hexa | nixpkgs supporting resholve is a hack | 16:18:04 |
