tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 8 Pull requests Activity

refactor(postgres): Split postgres module

Browse source
This commit is contained in:
Tristan Daniël Maat 2026-02-24 23:45:18 +08:00
parent 13dc31c671
commit 2a9b08f1e6
Signed by: tlater
GPG key ID: 02E935006CF2E8E7
5 changed files with 105 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

14
configuration/default.nix
View file

@ -1,4 +1,5 @@
{ {
pkgs,
lib, lib,
modulesPath, modulesPath,
flake-inputs, flake-inputs,
@ -53,6 +54,19 @@
}; };
logrotate.enable = true; logrotate.enable = true;
postgresql = {
package = pkgs.postgresql_14;
enable = true;
# Only enable connections via the unix socket, and check with the
# OS to make sure the user matches the database name.
#
# See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
authentication = ''
local sameuser all peer
'';
};
}; };
security = { security = {

1
configuration/services/default.nix
View file

@ -11,7 +11,6 @@
./ntfy-sh ./ntfy-sh
./minecraft.nix ./minecraft.nix
./nextcloud.nix ./nextcloud.nix
./postgres.nix
./webserver.nix ./webserver.nix
./wireguard.nix ./wireguard.nix
]; ];

17
configuration/services/metrics/grafana.nix
View file

@ -8,7 +8,8 @@ in
443 443
]; ];
services.grafana = { services = {
grafana = {
enable = true; enable = true;
settings = { settings = {
server = { server = {
@ -73,7 +74,18 @@ in
}; };
}; };
services.nginx.virtualHosts."${domain}" = { postgresql = {
ensureUsers = [
{
name = "grafana";
ensureDBOwnership = true;
}
];
ensureDatabases = [ "grafana" ];
};
nginx.virtualHosts."${domain}" = {
forceSSL = true; forceSSL = true;
useACMEHost = "tlater.net"; useACMEHost = "tlater.net";
enableHSTS = true; enableHSTS = true;
@ -85,6 +97,7 @@ in
}; };
}; };
}; };
};
sops.secrets = { sops.secrets = {
"grafana/adminPassword" = { "grafana/adminPassword" = {

11
configuration/services/nextcloud.nix
View file

@ -103,6 +103,17 @@ in
}; };
}; };
services.postgresql = {
ensureUsers = [
{
name = "nextcloud";
ensureDBOwnership = true;
}
];
ensureDatabases = [ "nextcloud" ];
};
# Ensure that this service doesn't start before postgres is ready # Ensure that this service doesn't start before postgres is ready
systemd.services.nextcloud-setup.after = [ "postgresql.target" ]; systemd.services.nextcloud-setup.after = [ "postgresql.target" ];

35
configuration/services/postgres.nix
View file

@ -1,35 +0,0 @@
{ pkgs, ... }:
{
services.postgresql = {
package = pkgs.postgresql_14;
enable = true;
# Only enable connections via the unix socket, and check with the
# OS to make sure the user matches the database name.
#
# See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
authentication = ''
local sameuser all peer
'';
# Note: The following options with ensure.* are set-only; i.e.,
# when permissions/users/databases are removed from these lists,
# that operation needs to be performed manually on the system as
# well.
ensureUsers = [
{
name = "grafana";
ensureDBOwnership = true;
}
{
name = "nextcloud";
ensureDBOwnership = true;
}
];
ensureDatabases = [
"grafana"
"nextcloud"
];
};
}