services.postgresql.ensureUsers.*.ensureClauses.createrole
Grants the user, created by the ensureUser attr, createrole permissions. From the postgres docs:
A role must be explicitly given permission to create more roles (except for superusers, since those bypass all permission checks). To create such a role, use CREATE ROLE name CREATEROLE. A role with CREATEROLE privilege can alter and drop other roles, too, as well as grant or revoke membership in them. However, to create, alter, drop, or change membership of a superuser role, superuser status is required; CREATEROLE is insufficient for that.
More information on postgres roles can be found here
- Type
null or boolean- Default
null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.- Declared
- <nixpkgs/nixos/modules/services/databases/postgresql.nix>