39 lines
950 B
Nix
39 lines
950 B
Nix
{pkgs, ...}: {
|
|
services.postgresql = {
|
|
package = pkgs.postgresql_14;
|
|
enable = true;
|
|
|
|
# Only enable connections via the unix socket, and check with the
|
|
# OS to make sure the user matches the database name.
|
|
#
|
|
# See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
|
|
authentication = ''
|
|
local sameuser all peer
|
|
'';
|
|
|
|
# Note: The following options with ensure.* are set-only; i.e.,
|
|
# when permissions/users/databases are removed from these lists,
|
|
# that operation needs to be performed manually on the system as
|
|
# well.
|
|
ensureUsers = [
|
|
{
|
|
name = "grafana";
|
|
ensurePermissions = {
|
|
"DATABASE grafana" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
{
|
|
name = "nextcloud";
|
|
ensurePermissions = {
|
|
"DATABASE nextcloud" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
];
|
|
|
|
ensureDatabases = [
|
|
"grafana"
|
|
"nextcloud"
|
|
];
|
|
};
|
|
}
|