fix: fix postgresql ensure declarations and add a helper

2025-07-28 18:47:44 +00:00 · 2025-02-23 15:02:47 +03:00 · 2025-02-23 15:02:47 +03:00 · 377d93df78
commit 377d93df78
parent d8bcbab825
5 changed files with 17 additions and 50 deletions
--- a/hosts/cube/forgejo/default.nix
+++ b/hosts/cube/forgejo/default.nix
@ -17,16 +17,7 @@ in {
    owner = "forgejo";
  };
-  services.postgresql = let
+  services.postgresql.ensure = [ "forgejo" ];
    users = [ "forgejo" ];
  in {
    ensureDatabases = users;
    ensureUsers     = map users (name: {
      inherit name;
      ensureDBOwnership = true;
    });
  };
  services.restic.backups = genAttrs config.services.restic.hosts <| const {
    paths = [ "/var/lib/gitea-runner"  "/var/lib/forgejo" ];
--- a/hosts/cube/grafana/default.nix
+++ b/hosts/cube/grafana/default.nix
@ -17,16 +17,7 @@ in {
    owner = "grafana";
  };
-  services.postgresql = let
+  services.postgresql.ensure = [ "grafana" ];
    users = [ "grafana" ];
  in {
    ensureDatabases = users;
    ensureUsers     = map users (name: {
      inherit name;
      ensureDBOwnership = true;
    });
  };
  services.restic.backups = genAttrs config.services.restic.hosts <| const {
    paths = [ "/var/lib/grafana" ];
--- a/hosts/cube/matrix/default.nix
+++ b/hosts/cube/matrix/default.nix
@ -46,16 +46,7 @@ in {
    owner = "matrix-synapse";
  };
-  services.postgresql = let
+  services.postgresql.ensure = [ "matrix-synapse" "matrix-sliding-sync" ];
    users = [ "matrix-synapse" "matrix-sliding-sync" ];
  in {
    ensureDatabases = users;
    ensureUsers     = map users (name: {
      inherit name;
      ensureDBOwnership = true;
    });
  };
  services.restic.backups = genAttrs config.services.restic.hosts <| const {
    paths = [ "/var/lib/matrix-synapse"  "/var/lib/matrix-sliding-sync" ];
--- a/hosts/cube/nextcloud/default.nix
+++ b/hosts/cube/nextcloud/default.nix
@ -25,16 +25,7 @@ in {
    passwordFile = config.secrets.nextcloudPasswordExporter.path;
  };
-  services.postgresql = let
+  services.postgresql.ensure = [ "nextcloud" ];
    users = [ "nextcloud" ];
  in {
    ensureDatabases = users;
    ensureUsers     = map users (name: {
      inherit name;
      ensureDBOwnership = true;
    });
  };
  services.restic.backups = genAttrs config.services.restic.hosts <| const {
    paths = [ "/var/lib/nextcloud" ];
--- a/hosts/cube/postgresql.nix
+++ b/hosts/cube/postgresql.nix
@ -1,16 +1,16 @@
 { config, lib, pkgs, ... }: let
-  inherit (lib) const enabled genAttrs mkForce mkOverride;
+  inherit (lib) const enabled flip genAttrs mkForce mkOverride mkValue;
 in {
-  environment.systemPackages = [
+  config.environment.systemPackages = [
    config.services.postgresql.package
  ];
-  services.prometheus.exporters.postgres = enabled {
+  config.services.prometheus.exporters.postgres = enabled {
    listenAddress       = "[::]";
    runAsLocalSuperUser = true;
  };
-  services.restic.backups = genAttrs config.services.restic.hosts <| const {
+  config.services.restic.backups = genAttrs config.services.restic.hosts <| const {
    paths = [ "/tmp/postgresql-dump.sql.gz" ];
    backupPrepareCommand = ''
@ -24,7 +24,9 @@ in {
    '';
  };
-  services.postgresql = enabled {
+  options.services.postgresql.ensure = mkValue [ "postgres" "root" ];
  config.services.postgresql = enabled {
    package = pkgs.postgresql_14;
    enableJIT = true;
@ -40,15 +42,16 @@ in {
      local  all      all    peer
    '';
-    ensureUsers = map [ "postgres" "root" ] (name: {
+    ensureDatabases = config.services.postgres.ensure;
    ensureUsers = flip map config.services.postgres.ensure (name: {
      inherit name;
      ensureDBOwnership = true;
      ensureClauses = {
        createdb    = true;
        createrole  = true;
        login       = true;
-        replication = true;
+        superuser   = name == "postgres" || name == "root";
        superuser   = true;
      };
    });