{ config, pkgs, ... }: { services.postgresql = { package = pkgs.postgresql_14; enable = true; # Only enable connections via the unix socket, and check with the # OS to make sure the user matches the database name. # # See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html authentication = '' local sameuser all peer ''; # Note: The following options with ensure.* are set-only; i.e., # when permissions/users/databases are removed from these lists, # that operation needs to be performed manually on the system as # well. ensureUsers = [ { name = "grafana"; ensureDBOwnership = true; } { name = "nextcloud"; ensureDBOwnership = true; } { name = config.services.authelia.instances.main.user; ensureDBOwnership = true; } ]; ensureDatabases = [ "grafana" "nextcloud" config.services.authelia.instances.main.user ]; }; }