From 2df221ec8a95566ba771f102fd421c12b41d875c Mon Sep 17 00:00:00 2001 From: Jade Date: Sat, 31 Oct 2020 00:35:19 -0700 Subject: [PATCH] nixos/postgresql: fix inaccurate docs for authentication (#97622) * nixos/postgresql: fix inaccurate docs for authentication We actually use peer authentication, then md5 based authentication. trust is not used. * Use a link for mkForce docs Co-authored-by: aszlig Co-authored-by: lf- Co-authored-by: aszlig --- nixos/modules/services/databases/postgresql.nix | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 5056d50153f6..f582b0592774 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -69,11 +69,16 @@ in type = types.lines; default = ""; description = '' - Defines how users authenticate themselves to the server. By - default, "trust" access to local users will always be granted - along with any other custom options. If you do not want this, - set this option using "lib.mkForce" to override this - behaviour. + Defines how users authenticate themselves to the server. See the + + PostgreSQL documentation for pg_hba.conf + for details on the expected format of this option. By default, + peer based authentication will be used for users connecting + via the Unix socket, and md5 password authentication will be + used for users connecting via TCP. Any added rules will be + inserted above the default rules. If you'd like to replace the + default rules entirely, you can use lib.mkForce in your + module. ''; };