Hello, I had considered idmap before, but realized there might be a bit of a chicken-egg problem with it. Even though that likely doesn't actually exist because GNU Guix is smart enough about it, the circular dependency still feels weird:
What I mean is that the NFS client would depend on the existence of the 'postgres' user, to put it into the idmap file, and to resolve its UID / GID on service startup. But the PostgreSQL service also depends on the NFS share already being mounted, so the postgres process can access its data directory. The only clean solution I could think about is to create the account during system initialization via an explicit entry in (operating-system (users ...)). But then I won't need idmap because I can just hard-code the UID and GID there. About running the database on the server - unfortunately, there is no official package for Synology's DSM and I don't feel good about some third-party sites that only provide binaries. They also made some custom changes to the Linux kernel and use some kind of custom libc - it's a nightmare to install anything on that thing! And the "official" recommendation that you get on Reddit, Stack Overflow, etc. about running PostgreSQL on Synology DSM is to install a Docker image. I figured running GNU Guix in a VM to be a much better choice than messing with a bunch of Docker images. Best regards, Martin ------- Original Message ------- On Monday, July 17th, 2023 at 8:23 PM, Felix Lechner <felix.lech...@lease-up.com> wrote: > > > Hi Martin, > > On Mon, Jul 17, 2023 at 11:44 AM Martin Baulig mar...@baulig.is wrote: > > > I have decided to NFS-mount an encrypted shared folder > > > I use a similar setup and use Gocryptfs for encryption. How do you > encrypt, please? > > > there is a tiny little problem with PostgreSQL: > > the UID and GID of the 'postgres' user needs to match that of the server. > > > Perhaps I do not understand the needs of your setup completely. > Doesn't 'idmapd' in NFSv4 address your conundrum effectively? > > For performance reasons, I would discourage such a setup, though. It > would be better to run Postgres on the NAS, if it is an option, or to > replicate the database for backup purposes. > > Kind regards > Felix
