nixos/postgresql/citus: fix syscall filter and add test

NixOS · Feb 9, 2025 · 37372eb · 37372eb
1 parent 9a9ab6b
commit 37372eb
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 4 deletions.
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix
@@ -727,10 +727,16 @@ in
           RestrictRealtime = true;
           RestrictSUIDSGID = true;
           SystemCallArchitectures = "native";
-          SystemCallFilter = [
-            "@system-service"
-            "~@privileged @resources"
-          ] ++ lib.optionals (any extensionInstalled [ "plv8" ]) [ "@pkey" ];
+          SystemCallFilter =
+            [
+              "@system-service"
+              "~@privileged @resources"
+            ]
+            ++ lib.optionals (any extensionInstalled [ "plv8" ]) [ "@pkey" ]
+            ++ lib.optionals (any extensionInstalled [ "citus" ]) [
+              "getpriority"
+              "setpriority"
+            ];
           UMask = if groupAccessAvailable then "0027" else "0077";
         }
         (mkIf (cfg.dataDir != "/var/lib/postgresql/${cfg.package.psqlSchema}") {

diff --git a/nixos/tests/postgresql/citus.nix b/nixos/tests/postgresql/citus.nix
@@ -0,0 +1,73 @@
+{
+  pkgs,
+  makeTest,
+  genTests,
+}:
+
+let
+  inherit (pkgs) lib;
+
+  test-sql = pkgs.writeText "postgresql-test" ''
+    CREATE EXTENSION citus;
+
+    CREATE TABLE examples (
+      id bigserial,
+      shard_key int,
+      PRIMARY KEY (id, shard_key)
+    );
+
+    SELECT create_distributed_table('examples', 'shard_key');
+
+    INSERT INTO examples (shard_key) SELECT shard % 10 FROM generate_series(1,1000) shard;
+  '';
+
+  makeTestFor =
+    package:
+    makeTest {
+      name = "citus-${package.name}";
+      meta = with lib.maintainers; {
+        maintainers = [ typetetris ];
+      };
+
+      nodes.machine =
+        { ... }:
+        {
+          services.postgresql = {
+            inherit package;
+            enable = true;
+            enableJIT = lib.hasInfix "-jit-" package.name;
+            extensions =
+              ps: with ps; [
+                citus
+              ];
+            settings = {
+              shared_preload_libraries = "citus";
+            };
+          };
+        };
+
+      testScript = ''
+        def check_count(statement, lines):
+            return 'test $(sudo -u postgres psql postgres -tAc "{}") -eq {}'.format(
+                statement, lines
+            )
+
+
+        machine.start()
+        machine.wait_for_unit("postgresql")
+
+        with subtest("Postgresql with extension citus is available just after unit start"):
+            machine.succeed(
+                "sudo -u postgres psql -f ${test-sql}"
+            )
+
+        machine.succeed(check_count("SELECT count(*) FROM examples;", 1000))
+
+        machine.shutdown()
+      '';
+    };
+in
+genTests {
+  inherit makeTestFor;
+  filter = _: p: !p.pkgs.citus.meta.broken;
+}
diff --git a/nixos/tests/postgresql/default.nix b/nixos/tests/postgresql/default.nix
@@ -36,6 +36,7 @@ in
 
   # extensions
   anonymizer = importWithArgs ./anonymizer.nix;
+  citus = importWithArgs ./citus.nix;
   pgjwt = importWithArgs ./pgjwt.nix;
   pgvecto-rs = importWithArgs ./pgvecto-rs.nix;
   timescaledb = importWithArgs ./timescaledb.nix;