From b8585a119ce5c28754267f349107304117041083 Mon Sep 17 00:00:00 2001
From: emilylange <git@emilylange.de>
Date: Sun, 22 Oct 2023 15:25:34 +0200
Subject: [PATCH] nixos/forgejo: work around permissions error on
 `postgresql_15`

From `postgresql_15`'s release notes:
> PostgreSQL 15 also revokes the CREATE permission from all users except
a database owner from the public (or default) schema.

https://www.postgresql.org/about/news/postgresql-15-released-2526/

This directly affects `services.postgresql.ensureUsers` in NixOS,
leading to
> permission denied for schema public

`postgresql_15` is now the default for stateVersion `23.11`/`unstable`.

So until this is resolved globally, we work around this issue.
---
 nixos/modules/services/misc/forgejo.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nixos/modules/services/misc/forgejo.nix b/nixos/modules/services/misc/forgejo.nix
index f26658b7bcb4404..b2920981efbdaef 100644
--- a/nixos/modules/services/misc/forgejo.nix
+++ b/nixos/modules/services/misc/forgejo.nix
@@ -428,6 +428,17 @@ in
       ];
     };
 
+    # Work around 'pq: permission denied for schema public' with postgres v15, until a
+    # solution for `services.postgresql.ensureUsers` is found.
+    # See https://github.com/NixOS/nixpkgs/issues/216989
+    systemd.services.postgresql.postStart = lib.mkIf (
+      usePostgresql
+      && cfg.database.createDatabase
+      && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0"
+    ) (lib.mkAfter ''
+      $PSQL -tAc 'ALTER DATABASE "${cfg.database.name}" OWNER TO "${cfg.database.user}";'
+    '');
+
     services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) {
       enable = mkDefault true;
       package = mkDefault pkgs.mariadb;