40 lines
		
	
	
	
		
			932 B
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			40 lines
		
	
	
	
		
			932 B
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { pkgs, ... }:
 | |
| {
 | |
|   services.postgresql = {
 | |
|     package = pkgs.postgresql_14;
 | |
|     enable = true;
 | |
| 
 | |
|     # Only enable connections via the unix socket, and check with the
 | |
|     # OS to make sure the user matches the database name.
 | |
|     #
 | |
|     # See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
 | |
|     authentication = ''
 | |
|       local sameuser all peer
 | |
|     '';
 | |
| 
 | |
|     # Note: The following options with ensure.* are set-only; i.e.,
 | |
|     # when permissions/users/databases are removed from these lists,
 | |
|     # that operation needs to be performed manually on the system as
 | |
|     # well.
 | |
|     ensureUsers = [
 | |
|       {
 | |
|         name = "authelia";
 | |
|         ensureDBOwnership = true;
 | |
|       }
 | |
|       {
 | |
|         name = "grafana";
 | |
|         ensureDBOwnership = true;
 | |
|       }
 | |
|       {
 | |
|         name = "nextcloud";
 | |
|         ensureDBOwnership = true;
 | |
|       }
 | |
|     ];
 | |
| 
 | |
|     ensureDatabases = [
 | |
|       "authelia"
 | |
|       "grafana"
 | |
|       "nextcloud"
 | |
|     ];
 | |
|   };
 | |
| }
 |