Prior to this commit if the local user name was changed but the group
was left at the default then neither the user nor group was created.
This resulted in a failed `chown'.
These changes allow service restarts to pick up a new
environment (including the correct gemset) when restarted.
Also, make migrations its own service that other services need to wait
for.
This is a breaking change that will require you to change your Phoebe
settings for PostgreSQL.
* New database configuration options
* Accounts no longer automatically create databases
* Databases have `owners' that tie them back to an account
* Databases have `users' that grant accounts full access
* Databases have `readers' that grant read-only access to accounts
* Accounts can use `ident' authentication for local connections if
you enable the `allowIdent' option.
* Existing accounts that are not configured via Phoebe will be
locked so they cannot be used. That way if you delete a user from
Phoebe the account will continue to exist, but won't have access
to anything.
Now that we point nginx at /var/lib/rails instead of /nix/store we
need to change the permissions on the app home to allow nginx to read
files from the Rails' public directory.
If you set the `deployedExternally' option to true you can use the
nix-copy-closure command to deploy updates to the application.
See `scripts/deploy-rails-app.sh' for more details.
* New script `railsdo' to help run commands as a rails user
* The symlink in the home directory is now always called `app'. It
was previously named after the application itself.
* Each now has a systemd target so you can start and stop all
services together.
* New `enable' option so you can prevent services from
starting (e.g., on development machines)
Apparently the nixos-install tool locks the root account of stdin
isn't a terminal. This change makes it so the root user doesn't have
a password and then blasts out a warning with instructions on how to
set the root password.
* Replace the @app location with a unique ID generated from the
Rails application name
* Puma is currently only listening on IPv4 so having nginx proxy to
localhost wasted a connection to ::1. The proxy address is now to
127.0.0.1 to keep that from happening.
* Services that need password files will automatically depend on the
appropriate NixOps key service as necessary.
* New `sourcedFile` option for Rails applications to load a Bash
script just before starting the Rails service. Useful for setting
secret environment variables.
This is necessary for files like the state file that tells the
migration script whether or not the schema needs to be loaded.
Fixes a bug where the migration script would try to load the schema on
a second deployment (since touching a file in the db directory fails
because it's in the nix store).
