Add vaultwarden service
This commit is contained in:
Théo Barnouin
parent
3e9dafde76
commit
2918c6fd89
6 changed files with 74 additions and 30 deletions
|
|
@ -39,6 +39,10 @@ in {
|
|||
file = ./secrets/onlyofficeDBPass.age;
|
||||
owner = "postgres";
|
||||
};
|
||||
vaultwardenDBPass = {
|
||||
file = ./secrets/vaultwardenDBPass.age;
|
||||
owner = "postgres";
|
||||
};
|
||||
};
|
||||
services = {
|
||||
crowdsec = {
|
||||
|
|
@ -64,12 +68,13 @@ in {
|
|||
enableTCPIP = true;
|
||||
settings.port = 5432;
|
||||
authentication = "
|
||||
host nextcloud nextcloud 192.168.1.45/32 md5
|
||||
host gitea gitea 192.168.1.14/32 md5
|
||||
host authentik authentik 192.168.1.125/32 md5
|
||||
host grafana grafana 192.168.1.27/32 md5
|
||||
host netbox netbox 192.168.1.90/32 md5
|
||||
host onlyoffice onlyoffice 192.168.1.20/32 md5
|
||||
host nextcloud nextcloud 192.168.1.45/32 md5
|
||||
host gitea gitea 192.168.1.14/32 md5
|
||||
host authentik authentik 192.168.1.125/32 md5
|
||||
host grafana grafana 192.168.1.27/32 md5
|
||||
host netbox netbox 192.168.1.90/32 md5
|
||||
host onlyoffice onlyoffice 192.168.1.20/32 md5
|
||||
host vaultwarden vaultwarden 192.168.1.22/32 md5
|
||||
";
|
||||
initialScript = pkgs.writeText "init-sql-script" ''
|
||||
CREATE ROLE nextcloud WITH LOGIN CREATEDB;
|
||||
|
|
@ -95,6 +100,10 @@ in {
|
|||
CREATE ROLE onlyoffice WITH LOGIN CREATEDB;
|
||||
CREATE DATABASE onlyoffice;
|
||||
GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice;
|
||||
|
||||
CREATE ROLE vaultwarden WITH LOGIN CREATEDB;
|
||||
CREATE DATABASE vaultwarden;
|
||||
GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
@ -106,7 +115,7 @@ in {
|
|||
authentikDBPass = config.age.secrets.authentikDBPass.path;
|
||||
grafanaDBPass = config.age.secrets.grafanaDBPass.path;
|
||||
netboxDBPass = config.age.secrets.netboxDBPass.path;
|
||||
onlyofficeDBPass = config.age.secrets.onlyofficeDBPass.path;
|
||||
vaultwardenDBPass = config.age.secrets.vaultwardenDBPass.path;
|
||||
in ''
|
||||
$PSQL -tA <<'EOF'
|
||||
DO $$
|
||||
|
|
@ -127,8 +136,8 @@ in {
|
|||
password := trim(both from replace(pg_read_file('${netboxDBPass}'), E'\n', '''));
|
||||
EXECUTE format('ALTER ROLE netbox WITH PASSWORD '''%s''';', password);
|
||||
|
||||
password := trim(both from replace(pg_read_file('${onlyofficeDBPass}'), E'\n', '''));
|
||||
EXECUTE format('ALTER ROLE onlyoffice WITH PASSWORD '''%s''';', password);
|
||||
password := trim(both from replace(pg_read_file('${vaultwardenDBPass}'), E'\n', '''));
|
||||
EXECUTE format('ALTER ROLE vaultwarden WITH PASSWORD '''%s''';', password);
|
||||
END $$;
|
||||
EOF
|
||||
'';
|
||||
|
|
|
|||
12
services/postgresql/secrets/vaultwardenDBPass.age
Normal file
12
services/postgresql/secrets/vaultwardenDBPass.age
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA4L3gy
|
||||
RnJDQ2VOQitLNVd2d0haN2RveUE5OWJOcnUxakdyOGNBVWhMYUdnCjZGTDJuRjda
|
||||
L1ZuZmNxVEVLaElQQXlWWjR4NmgrekpnSzNKWi9xdGNVb2cKLT4gc3NoLWVkMjU1
|
||||
MTkgc2luZ3ZRIC9Pcy95WTM1Tm1oOUIxVlJUT3RHZ3lOZjdBN2dhUm14blRMSzNI
|
||||
SS9ORlUKQUZiMGF5eWNWUVNCL0h5OU5UQ0d6bytxTkxPdTVyRVF0c0FwZkRiUGJD
|
||||
TQotPiBFV09dKy1ncmVhc2Ugby4sbiBmJnJZZkYgaCQsZ3RhCkpOakF5akVSTEpE
|
||||
b2w4Q1pSN1ZxY3ltOTV3eGhNank3eHVWazlVT3h2WWNXUUhaUHl5aHhFdTNqQUJn
|
||||
SFRSSVUKUlpaeDRaUEF2VVdSNUY1L3Z3UQotLS0ganBmdU4yVmNNMUh2NFlZN09t
|
||||
WE5LRmlYU0RxL25JZXJXaFdzeTVBbmtMRQqkmAEDkEwwBnIxkBH6I6qzzwg5fPy/
|
||||
IL6FzdjsGrBYOrfP1IVfFF/iz5Phd8fsSkusyg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
Loading…
Add table
Add a link
Reference in a new issue