xengi/infra
0
1
Fork 0
Code Pull requests Activity Actions

psql things

Browse source
This commit is contained in:
XenGi 2026-02-06 23:14:37 +01:00
parent 1b2e45f838
commit 854dace74e
Signed by: xengi
SSH key fingerprint: SHA256:dM+fLZGsDvyv6kunjE8bGduL24VsCFB4LEOSdmRHdG0
3 changed files with 11 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
flake.nix
View file

@ -112,8 +112,14 @@
{ environment.systemPackages = [ (agenix.packages.${system}.default) ]; } { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
{ {
age.secrets = { age.secrets = {
postgres-user-password-pda = { postgres-matrix-synapse = {
file = ./secrets/postgres-user-password-pda.age; file = ./secrets/postgres-matrix-synapse.age;
owner = "postgres";
group = "postgres";
mode = "0400";
};
postgres-hedgedoc = {
file = ./secrets/postgres-hedgedoc.age;
owner = "postgres"; owner = "postgres";
group = "postgres"; group = "postgres";
mode = "0400"; mode = "0400";

4
hosts/sql/postgres.nix
View file

@ -29,7 +29,7 @@ let
EXECUTE format( EXECUTE format(
'ALTER ROLE %I WITH PASSWORD %L', 'ALTER ROLE %I WITH PASSWORD %L',
'${e.user.name}', '${e.user.name}',
trim(both E'\n' from pg_read_file('${config.age.secrets.postgres-${entry.user.name}.path}')) trim(both E'\n' from pg_read_file('${config.age.secrets."postgres-${e.user.name}".path}'))
); );
END IF; END IF;
END END
@ -60,7 +60,7 @@ in
}; };
}; };
systemd.services.postgresql.postStart = '' systemd.services.postgresql.postStart = ''
${pkgs.postgresql}/bin/psql \ ${config.services.postgresql.package}/bin/psql \
--dbname=postgres \ --dbname=postgres \
--no-password \ --no-password \
--file=${passwordScript} --file=${passwordScript}

1
services/postgres.nix
View file

@ -10,6 +10,7 @@
"--locale=C" "--locale=C"
"--encoding=UTF8" "--encoding=UTF8"
]; ];
settings.listen_addresses = "*";
}; };
postgresqlBackup = { postgresqlBackup = {
enable = true; enable = true;