2022-05-19 17:47:41 +02:00
|
|
|
{ config, pkgs, ... }: {
|
|
|
|
|
imports = [ ../../common ../../common/lxc.nix ];
|
|
|
|
|
networking.hostName = "postgres";
|
|
|
|
|
system.stateVersion = "21.11";
|
|
|
|
|
|
2022-05-19 21:10:04 +02:00
|
|
|
environment.systemPackages = with pkgs; [ rsync ];
|
|
|
|
|
|
2022-05-19 17:47:41 +02:00
|
|
|
networking.firewall.enable = true;
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 5432 ];
|
|
|
|
|
|
|
|
|
|
services.postgresql = {
|
|
|
|
|
enable = true;
|
2022-05-19 21:10:04 +02:00
|
|
|
package = pkgs.postgresql_13;
|
2022-05-19 17:47:41 +02:00
|
|
|
# yes scuffed, but technically lxd can do whatever with the ip's it gives
|
2022-05-19 21:10:04 +02:00
|
|
|
authentication = ''
|
|
|
|
|
local all all trust
|
|
|
|
|
host all all 10.0.0.0/8 trust
|
2022-05-21 21:59:14 +02:00
|
|
|
host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust
|
2022-05-19 21:10:04 +02:00
|
|
|
'';
|
2022-05-23 13:43:58 +02:00
|
|
|
ensureDatabases = [ "gitea" "vault" "vaultwarden" "authentik" ];
|
2022-05-19 21:10:04 +02:00
|
|
|
ensureUsers = [
|
|
|
|
|
{
|
|
|
|
|
name = "gitea";
|
|
|
|
|
ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
|
|
|
|
|
}
|
2022-05-20 23:57:58 +02:00
|
|
|
|
|
|
|
|
{
|
|
|
|
|
name = "vault";
|
|
|
|
|
ensurePermissions = { "DATABASE \"vault\"" = "ALL PRIVILEGES"; };
|
|
|
|
|
}
|
2022-05-22 12:09:12 +02:00
|
|
|
{
|
|
|
|
|
name = "vaultwarden";
|
|
|
|
|
ensurePermissions = { "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES"; };
|
|
|
|
|
}
|
2022-05-23 13:43:58 +02:00
|
|
|
{
|
|
|
|
|
name = "authentik";
|
|
|
|
|
ensurePermissions = { "DATABASE \"authentik\"" = "ALL PRIVILEGES"; };
|
|
|
|
|
}
|
2022-05-19 21:10:04 +02:00
|
|
|
];
|
|
|
|
|
|
2022-05-19 17:47:41 +02:00
|
|
|
enableTCPIP = true;
|
|
|
|
|
};
|
|
|
|
|
}
|
