9

On nixos, I face a postgres error psql: FATAL: Peer authentication failed for user "postgres" similar error to this question, and would like to edit the authentication settings to resolve the issue as described in an answer there:

edit pg_hba.conf to use md5 password authentication instead of peer authentication for unix sockets (local connection type) so Pg accepts password authentication

I have resolved this same error previously on ubuntu by editing authorization configuration in that pg_hba.conf file. But my issue now is that nixos does not appear to have such an pg_hba.conf to edit.

How do I make the corresponding postgres authorization configuration change in nixos?

I noticed this postgres.nix file on github which appears to do something with pg_hba.conf, or at least contains the string, but I do not understand how to change my authentication settings from that. Also I have only used the one main configuration file /etc/nixos/configuration.nix and this appears to be a separate module, at nixos/modules/services/databases/postgresql.nix.

mherzl
  • 1,409
  • 2
  • 18
  • 31
  • 1
    Have you searched http://nixos.org/nixos/options.html#postgres – Emmanuel Rosa Jul 15 '17 at 21:47
  • @EmmanuelRosa I had not seen that, but did end up using services.postgresql.authentication, which appeared in those linked search results. – mherzl Jul 15 '17 at 22:01
  • This 'peer authentication failed' error seems to be resolved by setting services.postgresql.authentication as described in answer below, but the solution of this issue uncovered a 'psql: FATAL: role “postgres” does not exist' error, which is described in this question: https://stackoverflow.com/questions/45122893/nixos-error-psql-fatal-role-postgres-does-not-exist – mherzl Jul 15 '17 at 22:04

1 Answers1

10

Following this example configuration, I set the NixOS option services.postgresql.authentication.

I managed to get past the 'peer authentication failed' error when the postgres section of my /etc/nixos/configuration.nix had been set to

  # postgres
  services.postgresql.enable = true;
  services.postgresql.package = pkgs.postgresql94;
  services.postgresql.authentication = lib.mkForce ''
    # Generated file; do not edit!
    # TYPE  DATABASE        USER            ADDRESS                 METHOD
    local   all             all                                     trust
    host    all             all             127.0.0.1/32            trust
    host    all             all             ::1/128                 trust
    '';
mherzl
  • 1,409
  • 2
  • 18
  • 31