diff --git a/nixos/configuration.nix b/nixos/configuration.nix index e9ddbb0..70a346a 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -5,15 +5,17 @@ ./networking.nix ./users.nix ./time.nix + + ./databases/postgres.nix + ./databases/mysql.nix + ./databases/redis.nix + ./programs/nginx.nix ./programs/bash.nix ./programs/acme.nix - ./programs/postgres.nix ./programs/mastodon.nix - ./programs/redis.nix ./programs/nextcloud.nix ./programs/jellyfin.nix - ./programs/mysql.nix ./programs/photoprism.nix ./programs/synapse.nix ./programs/fail2ban.nix diff --git a/nixos/programs/mysql.nix b/nixos/databases/mysql.nix similarity index 100% rename from nixos/programs/mysql.nix rename to nixos/databases/mysql.nix diff --git a/nixos/databases/postgres.nix b/nixos/databases/postgres.nix new file mode 100644 index 0000000..233641c --- /dev/null +++ b/nixos/databases/postgres.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: +{ + config.services.postgresql = { + enable = true; + package = pkgs.postgresql_15; + ensureDatabases = [ + "mastodon" + "matrix-synapse" + "nextcloud" + "maddy" + "plausible" + "microboard" + "freshrss" + "prosody" + "grafana" + ]; + ensureUsers = [ + { + name = "mastodon"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + { + name = "nextcloud"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + { + name = "matrix-synapse"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + { + name = "maddy"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + { + name = "plausible"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + { + name = "microboard"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + { + name = "freshrss"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + { + name = "prosody"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + { + name = "grafana"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + identMap = '' + # ArbitraryMapName systemUser DBUser + superuser_map root postgres + superuser_map postgres postgres + + # Let other names login as themselves + superuser_map /^(.*)$ \1 + ''; + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method optional_ident_map + local sameuser all peer map=superuser_map + + #type database DBuser origin-address auth-method + host all all 127.0.0.1/32 scram-sha-256 + ''; + }; +} diff --git a/nixos/programs/redis.nix b/nixos/databases/redis.nix similarity index 100% rename from nixos/programs/redis.nix rename to nixos/databases/redis.nix diff --git a/nixos/programs/postgres.nix b/nixos/programs/postgres.nix deleted file mode 100644 index 6234c5a..0000000 --- a/nixos/programs/postgres.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, pkgs, ... }: -{ - config.services.postgresql = { - enable = true; - package = pkgs.postgresql_15; - ensureDatabases = [ "mastodon" "matrix-synapse" "nextcloud" "maddy" "plausible" "microboard" "freshrss" "prosody" "grafana" ]; - ensureUsers = [ - { - name = "mastodon"; - ensurePermissions = { - "DATABASE mastodon" = "ALL PRIVILEGES"; - }; - ensureClauses.login = true; - } - { - name = "nextcloud"; - ensurePermissions = { - "DATABASE nextcloud" = "ALL PRIVILEGES"; - }; - ensureClauses.login = true; - } - { - name = "matrix-synapse"; - ensurePermissions = { - "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; - }; - ensureClauses.login = true; - } - { - name = "maddy"; - ensurePermissions = { - "DATABASE maddy" = "ALL PRIVILEGES"; - }; - ensureClauses.login = true; - } - { - name = "plausible"; - ensurePermissions = { - "DATABASE plausible" = "ALL PRIVILEGES"; - }; - ensureClauses.login = true; - } - { - name = "microboard"; - ensurePermissions = { - "DATABASE microboard" = "ALL PRIVILEGES"; - }; - ensureClauses.login = true; - } - { - name = "freshrss"; - ensurePermissions = { - "DATABASE freshrss" = "ALL PRIVILEGES"; - }; - ensureClauses.login = true; - } - { - name = "prosody"; - ensurePermissions = { - "DATABASE prosody" = "ALL PRIVILEGES"; - }; - ensureClauses.login = true; - } - { - name = "grafana"; - ensurePermissions = { - "DATABASE grafana" = "ALL PRIVILEGES"; - }; - ensureClauses.login = true; - } - ]; - initialScript = pkgs.writeText "pg-init.sql" '' - ALTER DATABASE nextcloud OWNER TO nextcloud; - ALTER DATABASE mastodon OWNER TO mastodon; - ALTER DATABASE "matrix-synapse" OWNER TO "matrix-synapse"; - ALTER DATABASE maddy OWNER TO maddy; - ALTER DATABASE plausible OWNER TO plausible; - ALTER DATABASE microboard OWNER TO microboard; - ALTER DATABASE freshrss OWNER TO freshrss; - ALTER DATABASE prosody OWNER TO prosody; - ALTER DATABASE grafana OWNER TO grafana; - ''; - identMap = '' - # ArbitraryMapName systemUser DBUser - superuser_map root postgres - superuser_map postgres postgres - - # Let other names login as themselves - superuser_map /^(.*)$ \1 - ''; - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method optional_ident_map - local sameuser all peer map=superuser_map - - #type database DBuser origin-address auth-method - host all all 127.0.0.1/32 scram-sha-256 - ''; - }; -}