This commit is contained in:
Théo Barnouin
parent
1e48d2b811
commit
b5734f3022
3 changed files with 21 additions and 0 deletions
|
|
@ -20,4 +20,5 @@ in {
|
||||||
"services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql];
|
"services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql];
|
||||||
"services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql];
|
"services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql];
|
||||||
"services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql];
|
"services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql];
|
||||||
|
"services/postgresql/secrets/onlyofficeDBPass.age".publicKeys = [tbarnouin postgresql];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,7 @@ in {
|
||||||
host gitea gitea 192.168.1.14/32 md5
|
host gitea gitea 192.168.1.14/32 md5
|
||||||
host authentik authentik 192.168.1.125/32 md5
|
host authentik authentik 192.168.1.125/32 md5
|
||||||
host grafana grafana 192.168.1.27/32 md5
|
host grafana grafana 192.168.1.27/32 md5
|
||||||
|
host onlyoffice onlyoffice 192.168.1.46/32 md5
|
||||||
";
|
";
|
||||||
initialScript = pkgs.writeText "init-sql-script" ''
|
initialScript = pkgs.writeText "init-sql-script" ''
|
||||||
CREATE ROLE nextcloud WITH LOGIN CREATEDB;
|
CREATE ROLE nextcloud WITH LOGIN CREATEDB;
|
||||||
|
|
@ -55,6 +56,10 @@ in {
|
||||||
CREATE ROLE grafana WITH LOGIN CREATEDB;
|
CREATE ROLE grafana WITH LOGIN CREATEDB;
|
||||||
CREATE DATABASE grafana;
|
CREATE DATABASE grafana;
|
||||||
GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;
|
GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;
|
||||||
|
|
||||||
|
CREATE ROLE onlyoffice WITH LOGIN CREATEDB;
|
||||||
|
CREATE DATABASE onlyoffice;
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
# Stolen from https://discourse.nixos.org/t/assign-password-to-postgres-user-declaratively/9726/3
|
# Stolen from https://discourse.nixos.org/t/assign-password-to-postgres-user-declaratively/9726/3
|
||||||
|
|
@ -80,6 +85,9 @@ in {
|
||||||
|
|
||||||
password := trim(both from replace(pg_read_file('${grafanaDBPass}'), E'\n', '''));
|
password := trim(both from replace(pg_read_file('${grafanaDBPass}'), E'\n', '''));
|
||||||
EXECUTE format('ALTER ROLE grafana WITH PASSWORD '''%s''';', password);
|
EXECUTE format('ALTER ROLE grafana WITH PASSWORD '''%s''';', password);
|
||||||
|
|
||||||
|
password := trim(both from replace(pg_read_file('${onlyofficeDBPass}'), E'\n', '''));
|
||||||
|
EXECUTE format('ALTER ROLE onlyoffice WITH PASSWORD '''%s''';', password);
|
||||||
END $$;
|
END $$;
|
||||||
EOF
|
EOF
|
||||||
'';
|
'';
|
||||||
|
|
|
||||||
12
services/postgresql/secrets/onlyofficeDBPass.age
Normal file
12
services/postgresql/secrets/onlyofficeDBPass.age
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA4eHFK
|
||||||
|
NjVmQ3VNMkljRlRtUGthelM0dkZPVTFpQ1M3ZDczdUZneE5wdzFzClcvUkJNSWEw
|
||||||
|
MnIxNmZHN0lLaTBPemgyZHZ0aGRRVXhYMFc0MEJnU2k2dHcKLT4gc3NoLWVkMjU1
|
||||||
|
MTkgc2luZ3ZRIGFqYVFWWVRSUWQ5eDZDczZUUStpeGdHMDhidEQzQ0RlVUQ3VUtF
|
||||||
|
ZHUvaTAKejNOY2s4cTRlR3NLQUw3VlpGUGN0cUlGOHZ0UDJ6dXQ5b0hUYjBBUEgr
|
||||||
|
NAotPiBxLWdyZWFzZSBESjFsS3EgajtwSGotCjRsRmVKOTlveG96aEFvM1FBaW9l
|
||||||
|
d0swT3VXQi9saHRuUzdtemlQVlROR05KT3c5TUpUSUhycEhOLzVSMWd2bFkKdkhj
|
||||||
|
N1UvT3dWUVZRK2syMDhpK04yQnRNK3NXeDA1dUE5SGcrM1NrRgotLS0gN0FGQTRs
|
||||||
|
aHZyQzNRSjlsV3o3R2EwRGxXV29IU3FVbWdDdFBDZ29DcU9UOAqI+4PESny5uNem
|
||||||
|
Idc5C5BHpvwJKrvVMKxhwnboH/oziNJL1KxpQSBOFMh3Zqdu
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
Loading…
Add table
Reference in a new issue