54 lines
1.9 KiB
Nix
54 lines
1.9 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
cfg = config.services.vm_postgresql;
|
|
in {
|
|
options.services.vm_postgresql = {
|
|
enable = lib.mkEnableOption "Enable minimal config";
|
|
};
|
|
config = lib.mkIf cfg.enable {
|
|
age.secrets = {
|
|
nextcloudDBPass.file = ./secrets/nextcloudDBPass.age;
|
|
giteaDBPass.file = ./secrets/giteaDBPass.age;
|
|
authentikDBPass.file = ./secrets/authentikDBPass.age;
|
|
grafanaDBPass.file = ./secrets/grafanaDBPass.age;
|
|
};
|
|
services.postgresql = {
|
|
enable = true;
|
|
package = pkgs.postgresql_16;
|
|
enableTCPIP = true;
|
|
settings.port = 5432;
|
|
authentication = "
|
|
host nextcloud nextcloud 192.168.1.44/32 md5
|
|
host gitea gitea 192.168.1.14/32 md5
|
|
host authentik authentik 192.168.1.125/32 md5
|
|
host grafana grafana 192.168.1.27/32 md5
|
|
";
|
|
initialScript = pkgs.writeText "init-sql-script" ''
|
|
nextcloudSecret = $(echo ${config.age.secrets.nextcloudDBPass.path})
|
|
CREATE ROLE nextcloud WITH LOGIN PASSWORD $nextcloudSecret CREATEDB;
|
|
CREATE DATABASE nextcloud;
|
|
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
|
|
|
|
giteaSecret = $(echo ${config.age.secrets.giteaDBPass.path})
|
|
CREATE ROLE gitea WITH LOGIN PASSWORD $giteaSecret CREATEDB;
|
|
CREATE DATABASE gitea;
|
|
GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
|
|
|
|
authentikSecret = $(echo ${config.age.secrets.authentikDBPass.path})
|
|
CREATE ROLE authentik WITH LOGIN PASSWORD $authentikSecret CREATEDB;
|
|
CREATE DATABASE authentik;
|
|
GRANT ALL PRIVILEGES ON DATABASE authentik TO authentik;
|
|
|
|
grafanaSecret = $(echo ${config.age.secrets.grafanaDBPass.path})
|
|
CREATE ROLE grafana WITH LOGIN PASSWORD $grafanaSecret CREATEDB;
|
|
CREATE DATABASE grafana;
|
|
GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;
|
|
'';
|
|
};
|
|
networking.firewall.allowedTCPPorts = [5432];
|
|
};
|
|
}
|