50 lines
1.4 KiB
Nix
50 lines
1.4 KiB
Nix
{
|
|
self,
|
|
hostPath,
|
|
...
|
|
}: let
|
|
wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix";
|
|
wireguardHosts = wireguardData.hosts;
|
|
|
|
localContainersAddresses = import "${hostPath}/data/containerAddresses.nix";
|
|
in {
|
|
services.postgresql = {
|
|
enable = true;
|
|
enableTCPIP = true;
|
|
ensureDatabases = [
|
|
"piped"
|
|
"gotosocial"
|
|
"quassel"
|
|
"roundcube"
|
|
];
|
|
ensureUsers = [
|
|
{
|
|
name = "piped";
|
|
ensurePermissions."DATABASE piped" = "ALL PRIVILEGES";
|
|
}
|
|
{
|
|
name = "gotosocial";
|
|
ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES";
|
|
}
|
|
{
|
|
name = "quassel";
|
|
ensurePermissions."DATABASE quassel" = "ALL PRIVILEGES";
|
|
}
|
|
{
|
|
name = "roundcube";
|
|
ensurePermissions."DATABASE roundcube" = "ALL PRIVILEGES";
|
|
}
|
|
];
|
|
# If the host is a local container then use the container's IP
|
|
# otherwise use the host's IP
|
|
authentication = ''
|
|
host piped piped ${localContainersAddresses.containers."piped-fi"}/32 trust
|
|
host piped piped ${wireguardHosts."raspberry".ip}/32 trust
|
|
|
|
host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust
|
|
host quassel quassel ${localContainersAddresses.containers."quassel"}/32 trust
|
|
host roundcube roundcube ${localContainersAddresses.containers."roundcube"}/32 trust
|
|
'';
|
|
};
|
|
}
|