diff --git a/hosts/cube/forgejo/default.nix b/hosts/cube/forgejo/default.nix index 5c38645..f22b7f5 100644 --- a/hosts/cube/forgejo/default.nix +++ b/hosts/cube/forgejo/default.nix @@ -17,16 +17,7 @@ in { owner = "forgejo"; }; - services.postgresql = let - users = [ "forgejo" ]; - in { - ensureDatabases = users; - ensureUsers = map users (name: { - inherit name; - - ensureDBOwnership = true; - }); - }; + services.postgresql.ensure = [ "forgejo" ]; services.restic.backups = genAttrs config.services.restic.hosts <| const { paths = [ "/var/lib/gitea-runner" "/var/lib/forgejo" ]; diff --git a/hosts/cube/grafana/default.nix b/hosts/cube/grafana/default.nix index 7c354e3..636b287 100644 --- a/hosts/cube/grafana/default.nix +++ b/hosts/cube/grafana/default.nix @@ -17,16 +17,7 @@ in { owner = "grafana"; }; - services.postgresql = let - users = [ "grafana" ]; - in { - ensureDatabases = users; - ensureUsers = map users (name: { - inherit name; - - ensureDBOwnership = true; - }); - }; + services.postgresql.ensure = [ "grafana" ]; services.restic.backups = genAttrs config.services.restic.hosts <| const { paths = [ "/var/lib/grafana" ]; diff --git a/hosts/cube/matrix/default.nix b/hosts/cube/matrix/default.nix index febf9b3..8caf1a0 100644 --- a/hosts/cube/matrix/default.nix +++ b/hosts/cube/matrix/default.nix @@ -46,16 +46,7 @@ in { owner = "matrix-synapse"; }; - services.postgresql = let - users = [ "matrix-synapse" "matrix-sliding-sync" ]; - in { - ensureDatabases = users; - ensureUsers = map users (name: { - inherit name; - - ensureDBOwnership = true; - }); - }; + services.postgresql.ensure = [ "matrix-synapse" "matrix-sliding-sync" ]; services.restic.backups = genAttrs config.services.restic.hosts <| const { paths = [ "/var/lib/matrix-synapse" "/var/lib/matrix-sliding-sync" ]; diff --git a/hosts/cube/nextcloud/default.nix b/hosts/cube/nextcloud/default.nix index d215563..d6612a7 100644 --- a/hosts/cube/nextcloud/default.nix +++ b/hosts/cube/nextcloud/default.nix @@ -25,16 +25,7 @@ in { passwordFile = config.secrets.nextcloudPasswordExporter.path; }; - services.postgresql = let - users = [ "nextcloud" ]; - in { - ensureDatabases = users; - ensureUsers = map users (name: { - inherit name; - - ensureDBOwnership = true; - }); - }; + services.postgresql.ensure = [ "nextcloud" ]; services.restic.backups = genAttrs config.services.restic.hosts <| const { paths = [ "/var/lib/nextcloud" ]; diff --git a/hosts/cube/postgresql.nix b/hosts/cube/postgresql.nix index 1b39eef..ce662cb 100644 --- a/hosts/cube/postgresql.nix +++ b/hosts/cube/postgresql.nix @@ -1,16 +1,16 @@ { config, lib, pkgs, ... }: let - inherit (lib) const enabled genAttrs mkForce mkOverride; + inherit (lib) const enabled flip genAttrs mkForce mkOverride mkValue; in { - environment.systemPackages = [ + config.environment.systemPackages = [ config.services.postgresql.package ]; - services.prometheus.exporters.postgres = enabled { + config.services.prometheus.exporters.postgres = enabled { listenAddress = "[::]"; runAsLocalSuperUser = true; }; - services.restic.backups = genAttrs config.services.restic.hosts <| const { + config.services.restic.backups = genAttrs config.services.restic.hosts <| const { paths = [ "/tmp/postgresql-dump.sql.gz" ]; backupPrepareCommand = '' @@ -24,7 +24,9 @@ in { ''; }; - services.postgresql = enabled { + options.services.postgresql.ensure = mkValue [ "postgres" "root" ]; + + config.services.postgresql = enabled { package = pkgs.postgresql_14; enableJIT = true; @@ -40,15 +42,16 @@ in { local all all peer ''; - ensureUsers = map [ "postgres" "root" ] (name: { + ensureDatabases = config.services.postgres.ensure; + + ensureUsers = flip map config.services.postgres.ensure (name: { inherit name; + ensureDBOwnership = true; + ensureClauses = { - createdb = true; - createrole = true; login = true; - replication = true; - superuser = true; + superuser = name == "postgres" || name == "root"; }; });