update
This commit is contained in:
parent
53f14c6fed
commit
4dec0d25ae
1 changed files with 64 additions and 23 deletions
67
flake.nix
67
flake.nix
|
@ -278,6 +278,26 @@
|
||||||
owner = lib.options.mkOption {
|
owner = lib.options.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
};
|
};
|
||||||
|
extensions = lib.options.mkOption {
|
||||||
|
type = lib.types.listOf lib.types.str;
|
||||||
|
default = [ ];
|
||||||
|
};
|
||||||
|
template = lib.options.mkOption {
|
||||||
|
type = lib.types.enum [ "template0" "template1" ];
|
||||||
|
default = "template1";
|
||||||
|
};
|
||||||
|
encoding = lib.options.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "UTF8";
|
||||||
|
};
|
||||||
|
lc_collate = lib.options.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "en_US.utf8";
|
||||||
|
};
|
||||||
|
lc_ctype = lib.options.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "en_US.utf8";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
@ -388,7 +408,7 @@
|
||||||
self.packages.${pkgs.system}.scram-sha-256
|
self.packages.${pkgs.system}.scram-sha-256
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ cfg.port ];
|
# networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||||
|
|
||||||
security.acme.certs."${config.networking.hostName}.${config.networking.domain}" = {
|
security.acme.certs."${config.networking.hostName}.${config.networking.domain}" = {
|
||||||
reloadServices = [
|
reloadServices = [
|
||||||
|
@ -609,40 +629,56 @@
|
||||||
if $PSQL --command "SELECT 1 FROM pg_roles WHERE rolname='${user.username}';" | grep -q 1
|
if $PSQL --command "SELECT 1 FROM pg_roles WHERE rolname='${user.username}';" | grep -q 1
|
||||||
then
|
then
|
||||||
echo "alter user ${user.username}"
|
echo "alter user ${user.username}"
|
||||||
$PSQL --command "ALTER ROLE ${user.username} WITH LOGIN PASSWORD '${escapeShell user.password}';"
|
echo "ALTER ROLE :username WITH LOGIN PASSWORD :'password';" | $PSQL --variable username="${user.username}" --variable password="${escapeShell user.password}"
|
||||||
else
|
else
|
||||||
echo "create user ${user.username}"
|
echo "create user ${user.username}"
|
||||||
$PSQL --command "CREATE ROLE ${user.username} WITH LOGIN PASSWORD '${escapeShell user.password}';"
|
echo "CREATE ROLE :username WITH LOGIN PASSWORD :'password';" | $PSQL --variable username="${user.username}" --variable password="${escapeShell user.password}"
|
||||||
fi
|
fi
|
||||||
''
|
''
|
||||||
)
|
)
|
||||||
cfg.users
|
cfg.users
|
||||||
);
|
);
|
||||||
databaseSetup = lib.strings.concatStringsSep "\n"
|
nuShellDatabaseSetup = ''
|
||||||
(
|
|
||||||
|
'';
|
||||||
|
databaseSetup = lib.strings.concatStringsSep "\n" (
|
||||||
map
|
map
|
||||||
(
|
(
|
||||||
database:
|
database: ''
|
||||||
''
|
if ! ( echo "SELECT 1 FROM pg_database WHERE datname=:'name';" | $PSQL --variable name="${database.name}" | grep -q 1 )
|
||||||
if ! ( $PSQL --command "SELECT 1 FROM pg_database WHERE datname='${database.name}';" | grep -q 1 )
|
|
||||||
then
|
then
|
||||||
echo "create database ${database.name}"
|
echo "create database ${database.name}"
|
||||||
$PSQL --command "CREATE DATABASE ${database.name} WITH OWNER ${database.owner};"
|
echo "CREATE DATABASE :name WITH OWNER = :'owner' TEMPLATE = :'template' ENCODING = :'encoding' LC_COLLATE = :'lc_collate' LC_CTYPE = :'lc_ctype';" | $PSQL --variable name="${database.name}" --variable owner="${database.owner}" --variable encoding="${database.encoding}" --variable lc_collate="${database.lc_collate}" --variable lc_ctype="${database.lc_ctype}" --variable template="${database.template}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "grant public schema priviliges to user ${database.owner}"
|
echo "grant public schema priviliges to user ${database.owner}"
|
||||||
$PSQL --dbname ${database.name} --command "GRANT ALL PRIVILEGES ON SCHEMA public to ${database.owner};"
|
echo "GRANT ALL PRIVILEGES ON SCHEMA public TO :owner;" | $PSQL --dbname "${database.name}" --variable name="${database.name}" --variable owner="${database.owner}"
|
||||||
echo "grant priviliges on database ${database.name} to user ${database.owner}"
|
echo "grant priviliges on database ${database.name} to user ${database.owner}"
|
||||||
$PSQL --dbname ${database.name} --command "GRANT ALL PRIVILEGES ON DATABASE ${database.name} to ${database.owner};"
|
echo "GRANT ALL PRIVILEGES ON DATABASE :name TO :owner;" | $PSQL --dbname "${database.name}" --variable name="${database.name}" --variable owner="${database.owner}"
|
||||||
|
'' +
|
||||||
|
(
|
||||||
|
lib.strings.concatStringsSep "\n" (
|
||||||
|
map
|
||||||
|
(
|
||||||
|
extension: ''
|
||||||
|
if ! ( $PSQL --dbname ${database.name} --command "SELECT 1 FROM pg_extension WHERE extname='${extension}';" | grep -q 1 )
|
||||||
|
then
|
||||||
|
echo "adding extention ${extension} to ${database.name}"
|
||||||
|
$PSQL --dbname ${database.name} --command "CREATE EXTENSION ${extension};"
|
||||||
|
fi
|
||||||
''
|
''
|
||||||
)
|
)
|
||||||
|
database.extensions
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
cfg.databases
|
cfg.databases
|
||||||
);
|
);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
description = "PostgreSQL User/Database Setup";
|
description = "PostgreSQL User/Database Setup";
|
||||||
requiredBy = [ "postgresql.service" ];
|
after = [ "postgresql.service" ];
|
||||||
bindsTo = [ "postgresql.service" ];
|
# bindsTo = [ "postgresql.service" ];
|
||||||
script = ''
|
script = ''
|
||||||
while ! ${postgresql}/bin/psql -d postgres -c "" 2> /dev/null
|
while ! ${postgresql}/bin/psql -d postgres -c "" 2> /dev/null
|
||||||
do
|
do
|
||||||
|
@ -756,6 +792,11 @@
|
||||||
};
|
};
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.prometheus.exporters.postgres = {
|
||||||
|
enable = true;
|
||||||
|
runAsLocalSuperUser = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue