From a45482532deb22b566048772126d5688defd43fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Thu, 24 Oct 2024 14:26:28 +0200 Subject: [PATCH] Changes on postgresql role --- services/postgresql/default.nix | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/services/postgresql/default.nix b/services/postgresql/default.nix index 235e2b0..b263087 100644 --- a/services/postgresql/default.nix +++ b/services/postgresql/default.nix @@ -9,9 +9,16 @@ in config = lib.mkIf cfg.enable { services.postgresql = { enable = true; + package = postgresql_17; enableTCPIP = true; settings.port = 5432; - ensureDatabases = [ "gitea" "nextcloud" ]; + ensureDatabases = [ + "gitea" + "nextcloud" + "netbox" + "authentik" + "grafana" + ]; ensureUsers = [ { name = "gitea"; @@ -22,16 +29,19 @@ in ensureDBOwnership = true; } ]; - authentication = pkgs.lib.mkOverride 10 '' - #type database user origin-address auth-method - # IPv4 local connections: - local all all trust - host gitea gitea 192.168.122.3/24 trust - host nextcloud nextcloud 192.168.122.7/24 trust - ''; + authentication = " + host nextcloud nextcloud 192.168.1.44/32 md5 + host gitea gitea 192.168.1.14/32 md5 + host netbox netbox 192.168.1.45/32 md5 + host authentik authentik 192.168.1.125/32 md5 + host grafana grafana 192.168.1.27/32 md5 + "; + # Not great, not in prod, cleartext pass + # waiting for ensureUsers.*.passwordFile option + # https://github.com/NixOS/nixpkgs/pull/326306 initialScript = pkgs.writeText "init-sql-script" '' - alter user gitea with password 'gitea'; - alter user nextcloud with password 'nextcloud'; + alter user gitea with password 'password'; + alter user nextcloud with password 'password'; ''; }; networking.firewall.allowedTCPPorts = [ 5432 ];