update
This commit is contained in:
parent
53f14c6fed
commit
4dec0d25ae
GPG key ID:
6F86035A6D97044E
87
flake.nix
87
flake.nix
|
|
@ -278,6 +278,26 @@
|
|||
owner = lib.options.mkOption {
|
||||
type = lib.types.str;
|
||||
};
|
||||
extensions = lib.options.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
};
|
||||
template = lib.options.mkOption {
|
||||
type = lib.types.enum [ "template0" "template1" ];
|
||||
default = "template1";
|
||||
};
|
||||
encoding = lib.options.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "UTF8";
|
||||
};
|
||||
lc_collate = lib.options.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "en_US.utf8";
|
||||
};
|
||||
lc_ctype = lib.options.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "en_US.utf8";
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
|
|
@ -388,7 +408,7 @@
|
|||
self.packages.${pkgs.system}.scram-sha-256
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
# networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
|
||||
security.acme.certs."${config.networking.hostName}.${config.networking.domain}" = {
|
||||
reloadServices = [
|
||||
|
|
@ -609,40 +629,56 @@
|
|||
if $PSQL --command "SELECT 1 FROM pg_roles WHERE rolname='${user.username}';" | grep -q 1
|
||||
then
|
||||
echo "alter user ${user.username}"
|
||||
$PSQL --command "ALTER ROLE ${user.username} WITH LOGIN PASSWORD '${escapeShell user.password}';"
|
||||
echo "ALTER ROLE :username WITH LOGIN PASSWORD :'password';" | $PSQL --variable username="${user.username}" --variable password="${escapeShell user.password}"
|
||||
else
|
||||
echo "create user ${user.username}"
|
||||
$PSQL --command "CREATE ROLE ${user.username} WITH LOGIN PASSWORD '${escapeShell user.password}';"
|
||||
echo "CREATE ROLE :username WITH LOGIN PASSWORD :'password';" | $PSQL --variable username="${user.username}" --variable password="${escapeShell user.password}"
|
||||
fi
|
||||
''
|
||||
)
|
||||
cfg.users
|
||||
);
|
||||
databaseSetup = lib.strings.concatStringsSep "\n"
|
||||
(
|
||||
map
|
||||
(
|
||||
database:
|
||||
''
|
||||
if ! ( $PSQL --command "SELECT 1 FROM pg_database WHERE datname='${database.name}';" | grep -q 1 )
|
||||
then
|
||||
echo "create database ${database.name}"
|
||||
$PSQL --command "CREATE DATABASE ${database.name} WITH OWNER ${database.owner};"
|
||||
fi
|
||||
nuShellDatabaseSetup = ''
|
||||
|
||||
echo "grant public schema priviliges to user ${database.owner}"
|
||||
$PSQL --dbname ${database.name} --command "GRANT ALL PRIVILEGES ON SCHEMA public to ${database.owner};"
|
||||
echo "grant priviliges on database ${database.name} to user ${database.owner}"
|
||||
$PSQL --dbname ${database.name} --command "GRANT ALL PRIVILEGES ON DATABASE ${database.name} to ${database.owner};"
|
||||
''
|
||||
'';
|
||||
databaseSetup = lib.strings.concatStringsSep "\n" (
|
||||
map
|
||||
(
|
||||
database: ''
|
||||
if ! ( echo "SELECT 1 FROM pg_database WHERE datname=:'name';" | $PSQL --variable name="${database.name}" | grep -q 1 )
|
||||
then
|
||||
echo "create database ${database.name}"
|
||||
echo "CREATE DATABASE :name WITH OWNER = :'owner' TEMPLATE = :'template' ENCODING = :'encoding' LC_COLLATE = :'lc_collate' LC_CTYPE = :'lc_ctype';" | $PSQL --variable name="${database.name}" --variable owner="${database.owner}" --variable encoding="${database.encoding}" --variable lc_collate="${database.lc_collate}" --variable lc_ctype="${database.lc_ctype}" --variable template="${database.template}"
|
||||
fi
|
||||
|
||||
echo "grant public schema priviliges to user ${database.owner}"
|
||||
echo "GRANT ALL PRIVILEGES ON SCHEMA public TO :owner;" | $PSQL --dbname "${database.name}" --variable name="${database.name}" --variable owner="${database.owner}"
|
||||
echo "grant priviliges on database ${database.name} to user ${database.owner}"
|
||||
echo "GRANT ALL PRIVILEGES ON DATABASE :name TO :owner;" | $PSQL --dbname "${database.name}" --variable name="${database.name}" --variable owner="${database.owner}"
|
||||
'' +
|
||||
(
|
||||
lib.strings.concatStringsSep "\n" (
|
||||
map
|
||||
(
|
||||
extension: ''
|
||||
if ! ( $PSQL --dbname ${database.name} --command "SELECT 1 FROM pg_extension WHERE extname='${extension}';" | grep -q 1 )
|
||||
then
|
||||
echo "adding extention ${extension} to ${database.name}"
|
||||
$PSQL --dbname ${database.name} --command "CREATE EXTENSION ${extension};"
|
||||
fi
|
||||
''
|
||||
)
|
||||
database.extensions
|
||||
)
|
||||
)
|
||||
cfg.databases
|
||||
);
|
||||
)
|
||||
cfg.databases
|
||||
);
|
||||
in
|
||||
{
|
||||
description = "PostgreSQL User/Database Setup";
|
||||
requiredBy = [ "postgresql.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
# bindsTo = [ "postgresql.service" ];
|
||||
script = ''
|
||||
while ! ${postgresql}/bin/psql -d postgres -c "" 2> /dev/null
|
||||
do
|
||||
|
|
@ -756,6 +792,11 @@
|
|||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
services.prometheus.exporters.postgres = {
|
||||
enable = true;
|
||||
runAsLocalSuperUser = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue