This commit is contained in:
Jeffrey C. Ollie 2023-05-23 16:03:29 -05:00
parent 53f14c6fed
commit 4dec0d25ae
Signed by: jeff
GPG key ID: 6F86035A6D97044E

View file

@ -278,6 +278,26 @@
owner = lib.options.mkOption { owner = lib.options.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
extensions = lib.options.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
template = lib.options.mkOption {
type = lib.types.enum [ "template0" "template1" ];
default = "template1";
};
encoding = lib.options.mkOption {
type = lib.types.str;
default = "UTF8";
};
lc_collate = lib.options.mkOption {
type = lib.types.str;
default = "en_US.utf8";
};
lc_ctype = lib.options.mkOption {
type = lib.types.str;
default = "en_US.utf8";
};
}; };
} }
); );
@ -388,7 +408,7 @@
self.packages.${pkgs.system}.scram-sha-256 self.packages.${pkgs.system}.scram-sha-256
]; ];
networking.firewall.allowedTCPPorts = [ cfg.port ]; # networking.firewall.allowedTCPPorts = [ cfg.port ];
security.acme.certs."${config.networking.hostName}.${config.networking.domain}" = { security.acme.certs."${config.networking.hostName}.${config.networking.domain}" = {
reloadServices = [ reloadServices = [
@ -609,40 +629,56 @@
if $PSQL --command "SELECT 1 FROM pg_roles WHERE rolname='${user.username}';" | grep -q 1 if $PSQL --command "SELECT 1 FROM pg_roles WHERE rolname='${user.username}';" | grep -q 1
then then
echo "alter user ${user.username}" echo "alter user ${user.username}"
$PSQL --command "ALTER ROLE ${user.username} WITH LOGIN PASSWORD '${escapeShell user.password}';" echo "ALTER ROLE :username WITH LOGIN PASSWORD :'password';" | $PSQL --variable username="${user.username}" --variable password="${escapeShell user.password}"
else else
echo "create user ${user.username}" echo "create user ${user.username}"
$PSQL --command "CREATE ROLE ${user.username} WITH LOGIN PASSWORD '${escapeShell user.password}';" echo "CREATE ROLE :username WITH LOGIN PASSWORD :'password';" | $PSQL --variable username="${user.username}" --variable password="${escapeShell user.password}"
fi fi
'' ''
) )
cfg.users cfg.users
); );
databaseSetup = lib.strings.concatStringsSep "\n" nuShellDatabaseSetup = ''
(
'';
databaseSetup = lib.strings.concatStringsSep "\n" (
map map
( (
database: database: ''
'' if ! ( echo "SELECT 1 FROM pg_database WHERE datname=:'name';" | $PSQL --variable name="${database.name}" | grep -q 1 )
if ! ( $PSQL --command "SELECT 1 FROM pg_database WHERE datname='${database.name}';" | grep -q 1 )
then then
echo "create database ${database.name}" echo "create database ${database.name}"
$PSQL --command "CREATE DATABASE ${database.name} WITH OWNER ${database.owner};" echo "CREATE DATABASE :name WITH OWNER = :'owner' TEMPLATE = :'template' ENCODING = :'encoding' LC_COLLATE = :'lc_collate' LC_CTYPE = :'lc_ctype';" | $PSQL --variable name="${database.name}" --variable owner="${database.owner}" --variable encoding="${database.encoding}" --variable lc_collate="${database.lc_collate}" --variable lc_ctype="${database.lc_ctype}" --variable template="${database.template}"
fi fi
echo "grant public schema priviliges to user ${database.owner}" echo "grant public schema priviliges to user ${database.owner}"
$PSQL --dbname ${database.name} --command "GRANT ALL PRIVILEGES ON SCHEMA public to ${database.owner};" echo "GRANT ALL PRIVILEGES ON SCHEMA public TO :owner;" | $PSQL --dbname "${database.name}" --variable name="${database.name}" --variable owner="${database.owner}"
echo "grant priviliges on database ${database.name} to user ${database.owner}" echo "grant priviliges on database ${database.name} to user ${database.owner}"
$PSQL --dbname ${database.name} --command "GRANT ALL PRIVILEGES ON DATABASE ${database.name} to ${database.owner};" echo "GRANT ALL PRIVILEGES ON DATABASE :name TO :owner;" | $PSQL --dbname "${database.name}" --variable name="${database.name}" --variable owner="${database.owner}"
'' +
(
lib.strings.concatStringsSep "\n" (
map
(
extension: ''
if ! ( $PSQL --dbname ${database.name} --command "SELECT 1 FROM pg_extension WHERE extname='${extension}';" | grep -q 1 )
then
echo "adding extention ${extension} to ${database.name}"
$PSQL --dbname ${database.name} --command "CREATE EXTENSION ${extension};"
fi
'' ''
) )
database.extensions
)
)
)
cfg.databases cfg.databases
); );
in in
{ {
description = "PostgreSQL User/Database Setup"; description = "PostgreSQL User/Database Setup";
requiredBy = [ "postgresql.service" ]; after = [ "postgresql.service" ];
bindsTo = [ "postgresql.service" ]; # bindsTo = [ "postgresql.service" ];
script = '' script = ''
while ! ${postgresql}/bin/psql -d postgres -c "" 2> /dev/null while ! ${postgresql}/bin/psql -d postgres -c "" 2> /dev/null
do do
@ -756,6 +792,11 @@
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
services.prometheus.exporters.postgres = {
enable = true;
runAsLocalSuperUser = true;
};
}; };
}; };
}; };