Closed quentinmit closed 5 months ago
WilliButz
commented
7 months ago Good points.
In hindsight I think that setting services.postgresql.package in this module was probably not the best idea, given that upstream NixOS already provides a somewhat sensible default based on system.stateVersion. This made its way into the module merely because I tend to set the package option explicitly for my deployments, rather than relying on the default :/
WilliButz
commented
7 months ago Ah and it's postgresql_14 because that was the default for the 23.05 release, during which I wrote the module.
quentinmit
commented
7 months ago Should I just remove services.postgresql.package entirely?
Also, I just noticed that you're setting Authentik's environment with systemd.services.authentik.serviceConfig.Environment instead of systemd.services.authentik.environment. Is there a reason for that? It makes it harder to override any of the default values (because you have to lib.mkForce the entire list). (slash, why aren't those settings just set with services.authentik.settings?)
WilliButz
commented
5 months ago Found some time to work on this. I rebased your changes onto main and added two commits that should address the remaining points. Please see the module and last commit message for explanations. Let me know what you think :)
quentinmit
commented
5 months ago LGTM, thanks!
WilliButz
commented
5 months ago There was an oversight on my end. I did not expect the upstream module to give the services.postgresql.package option a default priority of mkDefault instead of mkOptionDefault. This means that we cannot use mkDefault as it results in an evaluation error when the upstream default differs from ours. I didn't notice this earlier because this would only be the case for stateVersions other than 22.05/22.11/23.05 (or >= 24.05 which wouldn't set the default anymore).
Fixed in 47e376250e506de980b30d3fcb61560bfbc81fe2.
This eliminates two things that can cause conflicts with other NixOS configuration:
services.postgresql.packageis set to PostgreSQL 14 withlib.mkDefault, so the user can override it. (I'm not sure why this was there at all - Authentik seems to run just fine with PostgreSQL 15.)time.timeZoneis no longer set. Instead, Authentik services are launched with theTZenvironment variable set.AFAICT Authentik is working fine for me with both of these changes.