strato-infra/nixos/machines/postgres/default.nix
2022-05-22 12:10:21 +02:00

40 lines
1 KiB
Nix

{ config, pkgs, ... }: {
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "postgres";
system.stateVersion = "21.11";
environment.systemPackages = with pkgs; [ rsync ];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 5432 ];
services.postgresql = {
enable = true;
package = pkgs.postgresql_13;
# yes scuffed, but technically lxd can do whatever with the ip's it gives
authentication = ''
local all all trust
host all all 10.0.0.0/8 trust
host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust
'';
ensureDatabases = [ "gitea" "vault" "vaultwarden" ];
ensureUsers = [
{
name = "gitea";
ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
}
{
name = "vault";
ensurePermissions = { "DATABASE \"vault\"" = "ALL PRIVILEGES"; };
}
{
name = "vaultwarden";
ensurePermissions = { "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES"; };
}
];
enableTCPIP = true;
};
}