feat: add initialScript option to postgres module

Add an initialScript option to the postgres module that allows users to specify a SQL script to be executed on the first startup of the PostgreSQL service. This is useful for setting up initial users, roles, or databases.

Author: jfroche

nix/systemConfigs.nix

@@ -2,14 +2,20 @@
 let
  mkModules = system: [
  self.systemModules.postgres
- ({
- services.nginx.enable = true;
- nixpkgs.hostPlatform = system;
- supabase.services.postgres = {
- enable = true;
- package = self.packages.${system}."psql_17/bin";
- };
- })
+ (
+ { pkgs, ... }:
+ {
+ services.nginx.enable = true;
+ nixpkgs.hostPlatform = system;
+ supabase.services.postgres = {
+ enable = true;
+ package = self.packages.${system}."psql_17/bin";
+ initialScript = pkgs.writeText "init-script.sql" ''
+ CREATE USER supabase_auth_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION PASSWORD 'secret';
+ '';
+ };
+ }
+ )
  ];
 
  systems = [

nix/systemModules/postgres/default.nix

@@ -183,6 +183,19 @@ in
  initialisation.
  '';
  };
+
+ initialScript = lib.mkOption {
+ type = lib.types.nullOr lib.types.path;
+ default = null;
+ example = lib.literalExpression ''
+ pkgs.writeText "init-sql-script" '''
+ alter user postgres with password 'myPassword';
+ ''';'';
+
+ description = ''
+ A file containing SQL statements to execute on first startup.
+ '';
+ };
  };
  };
 
@@ -376,6 +389,45 @@ in
  ];
  };
  };
+ postgresql-setup = {
+ description = "PostgreSQL Setup Scripts";
+
+ requires = [ "postgresql.service" ];
+ after = [ "postgresql.service" ];
+
+ serviceConfig = {
+ User = "postgres";
+ Group = "postgres";
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+
+ path = [ cfg.package ];
+ environment.PGPORT = builtins.toString cfg.settings.port;
+
+ # Wait for PostgreSQL to be ready to accept connections.
+ script = ''
+ check-connection() {
+ psql -U ${cfg.superUser} -h localhost -d postgres -v ON_ERROR_STOP=1 <<-' EOF'
+ SELECT pg_is_in_recovery() \gset
+ \if :pg_is_in_recovery
+ \i still-recovering
+ \endif
+ EOF
+ }
+ while ! check-connection 2> /dev/null; do
+ if ! systemctl is-active --quiet postgresql.service; then exit 1; fi
+ sleep 0.1
+ done
+
+ if test -e "${cfg.dataDir}/.first_startup"; then
+ ${lib.optionalString (cfg.initialScript != null) ''
+ psql -U ${cfg.superUser} -h localhost -f "${cfg.initialScript}" -d postgres
+ ''}
+ rm -f "${cfg.dataDir}/.first_startup"
+ fi
+ '';
+ };
  "setup-locales" = {
  description = "Setup locales on the system";
 

nix/systemModules/tests/test_postgres.py

@@ -197,3 +197,14 @@ def test_postgres_service_running(host):
  logs = host.run("journalctl -u postgresql.service --no-pager").stdout
  for log in required_logs:
  assert log in logs, f"Log '{log}' should be present in PostgreSQL logs"
+
+
+def test_postgres_setup_service_running(host):
+ assert host.service("postgresql-setup.service").is_valid
+ assert host.service("postgresql-setup.service").is_running, (
+ "postgresql-setup service should be running but failed: {}".format(
+ host.run(
+ "systemctl status postgresql-setup.service; journalctl -n 100 -u postgresql-setup.service"
+ ).stdout
+ )
+ )