nixfiles/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix

50 lines
1.4 KiB
Nix
Raw Normal View History

{
self,
hostPath,
...
}: let
wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix";
wireguardHosts = wireguardData.hosts;
localContainersAddresses = import "${hostPath}/data/containerAddresses.nix";
in {
services.postgresql = {
enable = true;
enableTCPIP = true;
ensureDatabases = [
"piped"
"gotosocial"
"quassel"
"roundcube"
];
ensureUsers = [
{
name = "piped";
ensurePermissions."DATABASE piped" = "ALL PRIVILEGES";
}
{
name = "gotosocial";
ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES";
}
{
name = "quassel";
ensurePermissions."DATABASE quassel" = "ALL PRIVILEGES";
}
{
name = "roundcube";
ensurePermissions."DATABASE roundcube" = "ALL PRIVILEGES";
}
];
# If the host is a local container then use the container's IP
# otherwise use the host's IP
authentication = ''
host piped piped ${localContainersAddresses.containers."piped-fi"}/32 trust
host piped piped ${wireguardHosts."raspberry".ip}/32 trust
host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust
host quassel quassel ${localContainersAddresses.containers."quassel"}/32 trust
host roundcube roundcube ${localContainersAddresses.containers."roundcube"}/32 trust
'';
};
}