tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-11 02:07:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/services/databases
History
Maximilian Bosch 51a6938a44
nixos/doc: document how to allow-list tablespaces 
It was brought up that the restricted file-system access breaks
tablespaces[1]. I'd argue that this is the desired behavior, the whole
point of the hardening is the lock the service down and I don't consider
tablespaces common enough to elevate privileges again. Especially since
the workaround is trivial as shown in the diff.

For completeness sake, this adds the necessary `ReadWritePaths` change
to the postgresql section of the manual.

This also adds a small correction about the state of
`ensurePermissions`.

[1] https://github.com/NixOS/nixpkgs/pull/344925#issuecomment-2521188907
2024-12-12 13:42:52 +01:00
..
aerospike.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
cassandra.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
chromadb.nix nixos/chromadb: init 2024-08-16 18:23:12 +02:00
clickhouse.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
cockroachdb.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
couchdb.nix nixos/services.couchdb: remove with lib; 2024-08-30 00:30:39 +02:00
dgraph.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
dragonflydb.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
etcd.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
ferretdb.nix nixos/services.ferretdb: remove with lib; 2024-08-30 00:30:39 +02:00
firebird.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
foundationdb.md
foundationdb.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
hbase-standalone.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
influxdb.nix nixos/services.influxdb: remove with lib; 2024-08-30 00:30:40 +02:00
influxdb2.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
lldap.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
memcached.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
monetdb.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
mongodb.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
mysql.nix nixos/mysql: fix evaluation of percona test 2024-11-29 21:55:49 +01:00
neo4j.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
openldap.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
opentsdb.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
pgbouncer.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
pgmanage.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
postgresql.md nixos/doc: document how to allow-list tablespaces 2024-12-12 13:42:52 +01:00
postgresql.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
redis.nix nixos/services.redis: complete removal of with lib; 2024-12-10 16:19:03 +11:00
rethinkdb.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
surrealdb.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
tigerbeetle.md nixos/tigerbeetle: add docs on upgrading, add more systemd hardening (#332899) 2024-09-24 23:56:38 -07:00
tigerbeetle.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00
victoriametrics.nix treewide: format all inactive Nix files 2024-12-10 20:26:33 +01:00