nixos/forgejo: work around permissions error on `postgresql_15`

From `postgresql_15`'s release notes:
> PostgreSQL 15 also revokes the CREATE permission from all users except
a database owner from the public (or default) schema.

https://www.postgresql.org/about/news/postgresql-15-released-2526/

This directly affects `services.postgresql.ensureUsers` in NixOS,
leading to
> permission denied for schema public

`postgresql_15` is now the default for stateVersion `23.11`/`unstable`.

So until this is resolved globally, we work around this issue.

1 files changed, 11 insertions, 0 deletions

diff --git a/nixos/modules/services/misc/forgejo.nix b/nixos/modules/services/misc/forgejo.nix
index f26658b7bcb44..b2920981efbda 100644
--- a/nixos/modules/services/misc/forgejo.nix
+++ b/nixos/modules/services/misc/forgejo.nix
@@ -428,6 +428,17 @@ in
       ];
     };
 
+    # Work around 'pq: permission denied for schema public' with postgres v15, until a
+    # solution for `services.postgresql.ensureUsers` is found.
+    # See https://github.com/NixOS/nixpkgs/issues/216989
+    systemd.services.postgresql.postStart = lib.mkIf (
+      usePostgresql
+      && cfg.database.createDatabase
+      && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0"
+    ) (lib.mkAfter ''
+      $PSQL -tAc 'ALTER DATABASE "${cfg.database.name}" OWNER TO "${cfg.database.user}";'
+    '');
+
     services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) {
       enable = mkDefault true;
       package = mkDefault pkgs.mariadb;