Postgresql
services.postgresql.authentication
Defines how users authenticate themselves to the server. See the
PostgreSQL documentation for pg_hba.conf
for details on the expected format of this option. By default,
peer based authentication will be used for users connecting
via the Unix socket, and md5 password authentication will be
used for users connecting via TCP. Any added rules will be
inserted above the default rules. If you'd like to replace the
default rules entirely, you can use lib.mkForce in your
module.
Type: strings concatenated with "\n"
Default
""
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.checkConfig
Check the syntax of the configuration file at compile time
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.dataDir
The data directory for PostgreSQL. If left as the default value this directory will automatically be created before the PostgreSQL server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default
"/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"
Example
"/var/lib/postgresql/15"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.enable
Whether to enable PostgreSQL Server.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.enableJIT
Whether to enable JIT support.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.enableTCPIP
Whether PostgreSQL should listen on all network interfaces. If disabled, the database can only be accessed via its Unix domain socket or via TCP connections to localhost.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureDatabases
Ensures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or otherwise have to be removed manually.
Type: list of string
Default
[ ]
Example
["gitea""nextcloud"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers
Ensures that the specified users exist.
The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the
same name only, and that without the need for a password.
This option will never delete existing users or remove DB ownership of databases
once granted with ensureDBOwnership = true;. This means that this must be
cleaned up manually when changing after changing the config in here.
Type: list of (submodule)
Default
[ ]
Example
[{name = "nextcloud";}{name = "superuser";ensureDBOwnership = true;}]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.ensureClauses
An attrset of clauses to grant to the user. Under the hood this uses the
ALTER USER syntax for each attrName where
the attrValue is true in the attrSet:
ALTER USER user.name WITH attrName
Type: submodule
Default
The default, null, means that the user created will have the default permissions assigned by PostgreSQL. Subsequent server starts will not set or unset the clause, so imperative changes are preserved.
Example
{superuser = true;createrole = true;createdb = true;}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.ensureClauses.bypassrls
Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs:
A role must be explicitly given permission to bypass every row-level security (RLS) policy (except for superusers, since those bypass all permission checks). To create such a role, use CREATE ROLE name BYPASSRLS as a superuser.
More information on postgres roles can be found here
Type: null or boolean
Default
null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.ensureClauses.createdb
Grants the user, created by the ensureUser attr, createdb permissions. From the postgres docs:
A role must be explicitly given permission to create databases (except for superusers, since those bypass all permission checks). To create such a role, use CREATE ROLE name CREATEDB.
More information on postgres roles can be found here
Type: null or boolean
Default
null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.ensureClauses.createrole
Grants the user, created by the ensureUser attr, createrole permissions. From the postgres docs:
A role must be explicitly given permission to create more roles (except for superusers, since those bypass all permission checks). To create such a role, use CREATE ROLE name CREATEROLE. A role with CREATEROLE privilege can alter and drop other roles, too, as well as grant or revoke membership in them. However, to create, alter, drop, or change membership of a superuser role, superuser status is required; CREATEROLE is insufficient for that.
More information on postgres roles can be found here
Type: null or boolean
Default
null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.ensureClauses.inherit
Grants the user created inherit permissions. From the postgres docs:
A role is given permission to inherit the privileges of roles it is a member of, by default. However, to create a role without the permission, use CREATE ROLE name NOINHERIT.
More information on postgres roles can be found here
Type: null or boolean
Default
null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.ensureClauses.login
Grants the user, created by the ensureUser attr, login permissions. From the postgres docs:
Only roles that have the LOGIN attribute can be used as the initial role name for a database connection. A role with the LOGIN attribute can be considered the same as a “database user”. To create a role with login privilege, use either:
CREATE ROLE name LOGIN; CREATE USER name;
(CREATE USER is equivalent to CREATE ROLE except that CREATE USER includes LOGIN by default, while CREATE ROLE does not.)
More information on postgres roles can be found here
Type: null or boolean
Default
null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.ensureClauses.replication
Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs:
A role must explicitly be given permission to initiate streaming replication (except for superusers, since those bypass all permission checks). A role used for streaming replication must have LOGIN permission as well. To create such a role, use CREATE ROLE name REPLICATION LOGIN.
More information on postgres roles can be found here
Type: null or boolean
Default
null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.ensureClauses.superuser
Grants the user, created by the ensureUser attr, superuser permissions. From the postgres docs:
A database superuser bypasses all permission checks, except the right to log in. This is a dangerous privilege and should not be used carelessly; it is best to do most of your work as a role that is not a superuser. To create a new database superuser, use CREATE ROLE name SUPERUSER. You must do this as a role that is already a superuser.
More information on postgres roles can be found here
Type: null or boolean
Default
null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.ensureDBOwnership
Grants the user ownership to a database with the same name. This database must be defined manually in .
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.ensureUsers.*.name
Name of the user to ensure.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.extraPlugins
List of PostgreSQL plugins.
Type: (function that evaluates to a(n) list of path) or (list of path) convertible to it
Default
<function>
Example
ps: with ps; [ postgis pg_repack ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.identMap
Defines the mapping from system users to database users.
See the auth doc.
Type: strings concatenated with "\n"
Default
""
Example
'' map-name-0 system-username-0 database-username-0 map-name-1 system-username-1 database-username-1''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.initdbArgs
Additional arguments passed to initdb during data dir
initialisation.
Type: list of string
Default
[ ]
Example
["--data-checksums""--allow-group-access"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.initialScript
A file containing SQL statements to execute on first startup.
Type: null or path
Default
null
Example
pkgs.writeText "init-sql-script" '' alter user postgres with password 'myPassword';'';
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.package
The postgresql package to use.
Type: package
Default
pkgs.postgresql
Example
postgresql_15
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.recoveryConfig
Contents of the {file}recovery.conf file.
Type: null or strings concatenated with "\n"
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.settings
PostgreSQL configuration. Refer to
https://www.postgresql.org/docs/current/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE
for an overview of postgresql.conf.
::: {.note} String values will automatically be enclosed in single quotes. Single quotes will be escaped with two single quotes as described by the upstream documentation linked above. :::
Type: attribute set of (boolean or floating point number or signed integer or string)
Default
{ }
Example
{log_connections = true;log_statement = "all";logging_collector = true;log_disconnections = true;log_destination = lib.mkForce "syslog";}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.settings.log_line_prefix
A printf-style string that is output at the beginning of each log line.
Upstream default is '%m [%p] ', i.e. it includes the timestamp. We do
not include the timestamp, because journal has it anyway.
Type: string
Default
"[%p] "
Example
"%m [%p] "
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.settings.port
The port on which PostgreSQL listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
5432
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix
services.postgresql.settings.shared_preload_libraries
List of libraries to be preloaded.
Type: null or (string or (list of string) convertible to it)
Default
null
Example
[ "auto_explain" "anon" ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/postgresql.nix