postgresql configuration #12
Comments
|
Nice! We don't have a better config system - happy to accept PRs though :) |
|
Made some progress looking at build.xml and the resulting process started using ant server command. The database_url is passed as a parameter to the java process. I don't see any easy way to add authentication, but using trust 127.0.0.1 in postgresql config it works. Here's my PR for nixpkgs to get this service added: |
|
The PR we have works using host based ident authorization with postgresql, but that's inherently insecure and not recommended. The other option we have is passing user/pass in the database_url parameter, but then anyone on the system can run a ps and get the database credentials. Are there any secure ways to get the database_url into the application? I know you said you don't have a config system in place, but is your team just using ident postgresql authentication? Or are you doing something different? Thanks for your help! |
|
We're using nixops which supports deploy keys [1], but we're also a single-purpose machine so using ident auth would be OK as well in our case. |
|
That actually would work perfectly (we could do something similar with a
passwordFile). How do you get the deploy key into the java app? That's
where we're kinda getting stuck.
Thanks,
Sam
…On Wed, May 31, 2017 at 2:48 PM teh ***@***.***> wrote:
We're using nixops which supports deploy keys [1], but we're also a
single-purpose machine so using ident auth would be OK as well in our case.
[1]
https://nixos.org/nixops/manual/#idm140737318306400
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#12 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAnvxWMWQMRNQTiWjFzEOFI11ephnK8xks5r_bYPgaJpZM4NflGk>
.
|
I'm working on making passopolis easier to use for nixos folks by adding a package to nixpkgs. Currently, I have it building fine, but I'm not sure how to go about making postgresql configuration changes. The way I've done it manually is to alter build.xml and rebuild, but wondering if there's a better way.
Here's a link to my nixpkgs expression: https://github.com/disassembler/nixpkgs/blob/passopolis-server/pkgs/servers/passopolis/default.nix
The text was updated successfully, but these errors were encountered: