strato-infra/nixos/machines/postgres/default.nix

53 lines
1.4 KiB
Nix
Raw Permalink Normal View History

2022-05-25 19:13:13 +02:00
{ config, pkgs, ... }:
let
user = name: {
name = name;
ensurePermissions = { "DATABASE \"${name}\"" = "ALL PRIVILEGES"; };
};
in {
2022-05-19 17:47:41 +02:00
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "postgres";
system.stateVersion = "21.11";
2022-05-19 21:10:04 +02:00
environment.systemPackages = with pkgs; [ rsync ];
2022-05-19 17:47:41 +02:00
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 5432 ];
services.postgresql = {
enable = true;
2022-05-19 21:10:04 +02:00
package = pkgs.postgresql_13;
2022-05-19 17:47:41 +02:00
# yes scuffed, but technically lxd can do whatever with the ip's it gives
2022-05-19 21:10:04 +02:00
authentication = ''
local all all trust
host all all 10.0.0.0/8 trust
2022-05-21 21:59:14 +02:00
host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust
2022-05-19 21:10:04 +02:00
'';
ensureDatabases =
2022-06-12 00:34:11 +02:00
[ "gitea" "vault" "vaultwarden" "authentik" "umami" "drone" "tickets" ];
2022-05-19 21:10:04 +02:00
ensureUsers = [
{
name = "gitea";
ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
}
2022-05-20 23:57:58 +02:00
{
name = "vault";
ensurePermissions = { "DATABASE \"vault\"" = "ALL PRIVILEGES"; };
}
2022-05-22 12:09:12 +02:00
{
name = "vaultwarden";
ensurePermissions = { "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES"; };
}
2022-05-23 13:43:58 +02:00
{
name = "authentik";
ensurePermissions = { "DATABASE \"authentik\"" = "ALL PRIVILEGES"; };
}
2022-05-25 19:13:13 +02:00
(user "umami")
2022-05-30 13:14:15 +02:00
(user "drone")
2022-06-12 00:34:11 +02:00
(user "tickets")
2022-05-19 21:10:04 +02:00
];
2022-05-19 17:47:41 +02:00
enableTCPIP = true;
};
}