feat: use /var/lib/postgresql as home for postgres user

Author: samrose

ansible-nix/tasks/setup-postgres.yml

@@ -12,7 +12,7 @@
     state: present
 
 - name: create postgres user
-  shell: useradd -m -r -s /bin/bash -d /home/postgres postgres -g postgres
+  shell: adduser --system  --home /var/lib/postgresql --no-create-home --shell /bin/bash --group --gecos "PostgreSQL administrator" postgres
   args:
     executable: /bin/bash
   become: yes
@@ -31,7 +31,6 @@
     owner: postgres
     group: postgres
   with_items:
-    - '/home/postgres'
     - '/var/log/postgresql'
     - '/var/lib/postgresql'
 
@@ -63,15 +62,15 @@
 
 - name: Add LOCALE_ARCHIVE to .bashrc
   lineinfile:
-    dest: "/home/postgres/.bashrc"
+    dest: "/var/lib/postgressql/.bashrc"
     line: 'export LOCALE_ARCHIVE=/usr/lib/locale/locale-archive'
     create: yes
   become: yes
 
 
 - name: Add LANG items to .bashrc
   lineinfile:
-    dest: "/home/postgres/.bashrc"
+    dest: "/var/lib/postgresql/.bashrc"
     line: "{{ item }}"
 
   loop: 

ansible-nix/tasks/setup-wal-g.yml

@@ -103,7 +103,7 @@
 - name: Add script to be run for restore_command
   template:
     src: "files/walg_helper_scripts/wal_fetch.sh"
-    dest: /home/postgres/wal_fetch.sh
+    dest: /var/lib/postgresql/wal_fetch.sh
     mode: 0500
     owner: postgres
     group: postgres

ansible-nix/tasks/stage2/playbook.yml

@@ -19,7 +19,7 @@
     - name: stat unit test file copy
       copy:
         src: /tmp/unit-tests/unit-test-01.sql
-        dest: /home/postgres/unit-test-01.sql
+        dest: /var/lib/postgresql/unit-test-01.sql
         # state: present
         owner: postgres
         group: postgres

ansible-nix/tasks/stage2/setup-extensions.yml

@@ -3,7 +3,7 @@
 #   lineinfile:
 #     path: /etc/postgresql/postgresql.conf
 #     state: present
-#     line: pljava.libjvm_location = '/home/postgres/.nix-profile/lib/openjdk/lib/server/libjvm.so'
+#     line: pljava.libjvm_location = '/var/lib/postgresql/.nix-profile/lib/openjdk/lib/server/libjvm.so'
 # It was decided to leave pljava disabled at https://github.com/supabase/postgres/pull/690 therefore removing this task
 
 - name: pg_cron - set cron.database_name

ansible-nix/tasks/stage2/stage2-setup-postgres.yml

@@ -89,55 +89,55 @@
     group: postgres
     mode: 0700
 
-- name: Create symbolic links from /home/postgres/.nix-profile/bin to /usr/lib/postgresql/bin
+- name: Create symbolic links from /var/lib/postgresql/.nix-profile/bin to /usr/lib/postgresql/bin
   file:
     src: "{{ item }}"
     dest: "/usr/lib/postgresql/bin/{{ item | basename }}"
     state: link
   with_fileglob:
-    - "/home/postgres/.nix-profile/bin/*"
+    - "/var/lib/postgresql/.nix-profile/bin/*"
   become: yes
 
-- name: Create symbolic links from /home/postgres/.nix-profile/bin to /usr/bin
+- name: Create symbolic links from /var/lib/postgresql/.nix-profile/bin to /usr/bin
   file:
-    src: "/home/postgres/.nix-profile/bin/psql"
+    src: "/var/lib/postgresql/.nix-profile/bin/psql"
     dest: "/usr/bin/psql"
     state: link
   become: yes
 
-# - name: Create symbolic links from /home/postgres/.nix-profile/share/pljava to /usr/lib/postgresql/share/postgresql/pljava
+# - name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/pljava to /usr/lib/postgresql/share/postgresql/pljava
 #   file:
 #     src: "{{ item }}"
 #     dest: "/usr/lib/postgresql/share/postgresql/pljava/{{ item | basename }}"
 #     state: link
 #   with_fileglob:
-#     - "/home/postgres/.nix-profile/share/pljava/*"
+#     - "/var/lib/postgresql/.nix-profile/share/pljava/*"
 #   become: yes
 # It was decided to leave pljava disabled at https://github.com/supabase/postgres/pull/690 therefore removing this task
 
-- name: Create symbolic links from /home/postgres/.nix-profile/bin to /usr/bin
+- name: Create symbolic links from /var/lib/postgresql/.nix-profile/bin to /usr/bin
   file:
-    src: "/home/postgres/.nix-profile/bin/psql"
+    src: "/var/lib/postgresql/.nix-profile/bin/psql"
     dest: "/usr/bin/psql"
     state: link
   become: yes
 
-- name: Create symbolic links from /home/postgres/.nix-profile/share/postgresql to /usr/lib/postgresql/share/postgresql
+- name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql to /usr/lib/postgresql/share/postgresql
   file:
     src: "{{ item }}"
     dest: "/usr/lib/postgresql/share/postgresql/{{ item | basename }}"
     state: link
   with_fileglob:
-    - "/home/postgres/.nix-profile/share/postgresql/*"
+    - "/var/lib/postgresql/.nix-profile/share/postgresql/*"
   become: yes
 
-- name: Create symbolic links from /home/postgres/.nix-profile/share/postgresql/extension to /usr/lib/postgresql/share/postgresql/extension
+- name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql/extension to /usr/lib/postgresql/share/postgresql/extension
   file:
     src: "{{ item }}"
     dest: "/usr/lib/postgresql/share/postgresql/extension/{{ item | basename }}"
     state: link
   with_fileglob:
-    - "/home/postgres/.nix-profile/share/postgresql/extension/*"
+    - "/var/lib/postgresql/.nix-profile/share/postgresql/extension/*"
   become: yes
 
 - name: create destination directory
@@ -149,26 +149,26 @@
 - name: Recursively create symbolic links and set permissions for the contrib/postgis-* dir
   shell: >
     sudo mkdir -p /usr/lib/postgresql/share/postgresql/contrib && \
-    sudo find /home/postgres/.nix-profile/share/postgresql/contrib/ -mindepth 1 -type d -exec sh -c 'for dir do sudo ln -s "$dir" "/usr/lib/postgresql/share/postgresql/contrib/$(basename "$dir")"; done' sh {} + \
+    sudo find /var/lib/postgresql/.nix-profile/share/postgresql/contrib/ -mindepth 1 -type d -exec sh -c 'for dir do sudo ln -s "$dir" "/usr/lib/postgresql/share/postgresql/contrib/$(basename "$dir")"; done' sh {} + \
     && chown -R postgres:postgres "/usr/lib/postgresql/share/postgresql/contrib/"
   become: yes
 
-- name: Create symbolic links from /home/postgres/.nix-profile/share/postgresql/timezonesets to /usr/lib/postgresql/share/postgresql/timeszonesets
+- name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql/timezonesets to /usr/lib/postgresql/share/postgresql/timeszonesets
   file:
     src: "{{ item }}"
     dest: "/usr/lib/postgresql/share/postgresql/timezonesets/{{ item | basename }}"
     state: link
   with_fileglob:
-    - "/home/postgres/.nix-profile/share/postgresql/timezonesets/*"
+    - "/var/lib/postgresql/.nix-profile/share/postgresql/timezonesets/*"
   become: yes
 
-- name: Create symbolic links from /home/postgres/.nix-profile/share/postgresql/tsearch_data to /usr/lib/postgresql/share/postgresql/tsearch_data
+- name: Create symbolic links from /var/lib/postgresql/.nix-profile/share/postgresql/tsearch_data to /usr/lib/postgresql/share/postgresql/tsearch_data
   file:
     src: "{{ item }}"
     dest: "/usr/lib/postgresql/share/postgresql/tsearch_data/{{ item | basename }}"
     state: link
   with_fileglob:
-    - "/home/postgres/.nix-profile/share/postgresql/tsearch_data/*"
+    - "/var/lib/postgresql/.nix-profile/share/postgresql/tsearch_data/*"
   become: yes
 
 
@@ -188,7 +188,7 @@
 - name: Initialize the database
   become: yes
   become_user: postgres
-  shell: source /home/postgres/.bashrc && /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data initdb -o "--allow-group-access"
+  shell: source /var/lib/postgresql/.bashrc && /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data initdb -o "--allow-group-access"
   args:
     executable: /bin/bash
   environment:
@@ -216,7 +216,7 @@
   become: yes
   become_user: postgres
   shell: |
-    source /home/postgres/.bashrc
+    source /var/lib/postgresql/.bashrc
     /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data start
   environment:
     LANG: en_US.UTF-8
@@ -242,7 +242,7 @@
   become: yes
   become_user: postgres
   shell: |
-    source /home/postgres/.bashrc && \
+    source /var/lib/postgresql/.bashrc && \
     /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data restart -o "-c shared_preload_libraries='pg_tle'"
   args:
     executable: /bin/bash

ansible-nix/tasks/stage2/test-image.yml

@@ -7,7 +7,7 @@
 - name: Start Postgres Database to load all extensions.
   become: yes
   become_user: postgres
-  shell: source /home/postgres/.bashrc &&  /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data start "-o -c config_file=/etc/postgresql/postgresql.conf"
+  shell: source /var/lib/postgresql/.bashrc &&  /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data start "-o -c config_file=/etc/postgresql/postgresql.conf"
   args:
     executable: /bin/bash
   environment:
@@ -21,7 +21,7 @@
 - name: check contents of unit test file
   become: yes
   become_user: postgres
-  shell: cat /home/postgres/unit-test-01.sql && ls -l /home/postgres/unit-test-01.sql
+  shell: cat /var/lib/postgresql/unit-test-01.sql && ls -l /var/lib/postgresql/unit-test-01.sql
 
 - name: verify postgres server is running
   become: yes
@@ -37,12 +37,12 @@
     LC_ALL: en_US.UTF-8
     LC_CTYPE: en_US.UTF-8
     LOCALE_ARCHIVE: /usr/lib/locale/locale-archive
-    PATH: /home/postgres/.nix-profile/bin:$PATH
+    PATH: /var/lib/postgresql/.nix-profile/bin:$PATH
 
 - name: Run Unit tests (with filename unit-test-*) on Postgres Database
   become: yes
   become_user: postgres
-  shell: source /home/postgres/.bashrc && /home/postgres/.nix-profile/bin/pg_prove -U postgres -h localhost -d postgres -f /home/postgres/unit-test-01.sql
+  shell: source /var/lib/postgresql/.bashrc && /var/lib/postgresql/.nix-profile/bin/pg_prove -U postgres -h localhost -d postgres -f /var/lib/postgresql/unit-test-01.sql
   register: retval
   failed_when: retval.rc != 0
   args:
@@ -53,10 +53,10 @@
     LC_ALL: en_US.UTF-8
     LC_CTYPE: en_US.UTF-8
     LOCALE_ARCHIVE: /usr/lib/locale/locale-archive
-    PATH: /home/postgres/.nix-profile/bin:$PATH
+    PATH: /var/lib/postgresql/.nix-profile/bin:$PATH
 
 - name: Run migrations tests
-  shell: /home/postgres/.nix-profile/bin/pg_prove -U supabase_admin -h localhost -d postgres -v tests/test.sql
+  shell: /var/lib/postgresql/.nix-profile/bin/pg_prove -U supabase_admin -h localhost -d postgres -v tests/test.sql
   register: retval
   failed_when: retval.rc != 0
   args:
@@ -68,7 +68,7 @@
     LC_ALL: en_US.UTF-8
     LC_CTYPE: en_US.UTF-8
     LOCALE_ARCHIVE: /usr/lib/locale/locale-archive
-    PATH: /home/postgres/.nix-profile/bin:$PATH
+    PATH: /var/lib/postgresql/.nix-profile/bin:$PATH
 
 - name: Re-enable PG Sodium references in config
   become: yes
@@ -80,7 +80,7 @@
   become: yes
   become_user: postgres
   shell: |
-    source /home/postgres/.bashrc && \
+    source /var/lib/postgresql/.bashrc && \
     /usr/lib/postgresql/bin/psql --no-password --no-psqlrc -d postgres -h localhost -U supabase_admin -c 'SELECT pg_stat_statements_reset(); SELECT pg_stat_reset();'
   args:
     executable: /bin/bash

common-nix.vars.pkr.hcl

@@ -1 +1 @@
-postgres-version = "15.6.1.71-nix-staged"
+postgres-version = "15.6.1.72-nix-staged"