More refactoring #173
5 changed files with 105 additions and 103 deletions
|
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
modulesPath,
|
||||
flake-inputs,
|
||||
|
|
@ -53,6 +54,19 @@
|
|||
};
|
||||
|
||||
logrotate.enable = true;
|
||||
|
||||
postgresql = {
|
||||
package = pkgs.postgresql_14;
|
||||
enable = true;
|
||||
|
||||
# Only enable connections via the unix socket, and check with the
|
||||
# OS to make sure the user matches the database name.
|
||||
#
|
||||
# See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
|
||||
authentication = ''
|
||||
local sameuser all peer
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
security = {
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@
|
|||
./ntfy-sh
|
||||
./minecraft.nix
|
||||
./nextcloud.nix
|
||||
./postgres.nix
|
||||
./webserver.nix
|
||||
./wireguard.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -8,7 +8,8 @@ in
|
|||
443
|
||||
];
|
||||
|
||||
services.grafana = {
|
||||
services = {
|
||||
grafana = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
|
|
@ -73,7 +74,18 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
postgresql = {
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "grafana";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
|
||||
ensureDatabases = [ "grafana" ];
|
||||
};
|
||||
|
||||
nginx.virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "tlater.net";
|
||||
enableHSTS = true;
|
||||
|
|
@ -85,6 +97,7 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"grafana/adminPassword" = {
|
||||
|
|
|
|||
|
|
@ -103,6 +103,17 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "nextcloud";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
|
||||
ensureDatabases = [ "nextcloud" ];
|
||||
};
|
||||
|
||||
# Ensure that this service doesn't start before postgres is ready
|
||||
systemd.services.nextcloud-setup.after = [ "postgresql.target" ];
|
||||
|
||||
|
|
|
|||
|
|
@ -1,35 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.postgresql = {
|
||||
package = pkgs.postgresql_14;
|
||||
enable = true;
|
||||
|
||||
# Only enable connections via the unix socket, and check with the
|
||||
# OS to make sure the user matches the database name.
|
||||
#
|
||||
# See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
|
||||
authentication = ''
|
||||
local sameuser all peer
|
||||
'';
|
||||
|
||||
# Note: The following options with ensure.* are set-only; i.e.,
|
||||
# when permissions/users/databases are removed from these lists,
|
||||
# that operation needs to be performed manually on the system as
|
||||
# well.
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "grafana";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
{
|
||||
name = "nextcloud";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
|
||||
ensureDatabases = [
|
||||
"grafana"
|
||||
"nextcloud"
|
||||
];
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue