forked from jan-leila/nix-config
fixed postgres config for forgejo
This commit is contained in:
parent
9ecba48dcf
commit
8f59f8aeca
5 changed files with 55 additions and 52 deletions
|
|
@ -2,7 +2,8 @@
|
|||
imports = [
|
||||
./network_storage
|
||||
./reverse_proxy.nix
|
||||
./jellyfin.nix
|
||||
./postgres.nix
|
||||
./jellyfin.nix
|
||||
./forgejo.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,20 +17,33 @@ in {
|
|||
config =
|
||||
lib.mkIf config.host.forgejo.enable
|
||||
{
|
||||
enable = true;
|
||||
database = {
|
||||
type = "postgres";
|
||||
socket = "/run/postgresql";
|
||||
};
|
||||
lfs.enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
|
||||
HTTP_PORT = forgejoPort;
|
||||
host = {
|
||||
reverse_proxy.subdomains.${config.host.forgejo.subdomain} = {
|
||||
target = "http://localhost:${toString forgejoPort}";
|
||||
};
|
||||
postgres = {
|
||||
enable = true;
|
||||
extraUsers = {
|
||||
forgejo = {
|
||||
isClient = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {
|
||||
target = "http://localhost:${toString forgejoPort}";
|
||||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
database = {
|
||||
type = "postgres";
|
||||
socket = "/run/postgresql";
|
||||
};
|
||||
lfs.enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
|
||||
HTTP_PORT = forgejoPort;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,11 +34,11 @@ in {
|
|||
assertions = [
|
||||
{
|
||||
assertion = config.services.jellyfin.dataDir == jellyfin_data_directory;
|
||||
description = "jellyfin data directory does not match persistence";
|
||||
message = "jellyfin data directory does not match persistence";
|
||||
}
|
||||
{
|
||||
assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory;
|
||||
description = "jellyfin cache directory does not match persistence";
|
||||
message = "jellyfin cache directory does not match persistence";
|
||||
}
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -5,38 +5,29 @@
|
|||
...
|
||||
}: let
|
||||
dataDir = "/var/lib/postgresql/15";
|
||||
adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
|
||||
clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
|
||||
in {
|
||||
options = {
|
||||
host.postgres = {
|
||||
enable = lib.mkEnableOption "enable postgres";
|
||||
extraAdminUsers = lib.mkOption {
|
||||
type = lib.types.attrsOf lib.types.submodule ({name, ...}: {
|
||||
extraUsers = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
|
||||
options = {
|
||||
name = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = name;
|
||||
description = ''
|
||||
What should this users name on the system be
|
||||
'';
|
||||
defaultText = lib.literalExpression "config.host.users.\${name}.name";
|
||||
};
|
||||
isAdmin = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
isClient = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
extraDatabaseUsers = lib.mkOption {
|
||||
type = lib.types.attrsOf lib.types.submodule ({name, ...}: {
|
||||
options = {
|
||||
name = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = name;
|
||||
description = ''
|
||||
What should this users name on the system be
|
||||
'';
|
||||
defaultText = lib.literalExpression "config.host.users.\${name}.name";
|
||||
};
|
||||
};
|
||||
});
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
|
|
@ -47,18 +38,12 @@ in {
|
|||
services = {
|
||||
postgresql = {
|
||||
enable = true;
|
||||
ensureUsers =
|
||||
[
|
||||
{
|
||||
name = "postgres";
|
||||
}
|
||||
]
|
||||
+ (lib.attrsets.mapAttrsToList (user: {
|
||||
name = user.name;
|
||||
ensureDBOwnership = true;
|
||||
})
|
||||
config.host.postgres.extraDatabaseUsers);
|
||||
ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers;
|
||||
package = pkgs.postgresql_15;
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "postgres";
|
||||
}
|
||||
];
|
||||
identMap =
|
||||
''
|
||||
# ArbitraryMapName systemUser DBUser
|
||||
|
|
@ -68,14 +53,14 @@ in {
|
|||
superuser_map postgres postgres
|
||||
''
|
||||
+ (
|
||||
lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers)
|
||||
lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers)
|
||||
)
|
||||
+ ''
|
||||
|
||||
# Client Users
|
||||
''
|
||||
+ (
|
||||
lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers)
|
||||
lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers)
|
||||
);
|
||||
# configuration here lets users access the db that matches their name and lets user postgres access everything
|
||||
authentication = pkgs.lib.mkOverride 10 ''
|
||||
|
|
@ -91,7 +76,7 @@ in {
|
|||
assertions = [
|
||||
{
|
||||
assertion = config.services.postgresql.dataDir == dataDir;
|
||||
description = "postgres data directory does not match persistence";
|
||||
message = "postgres data directory does not match persistence";
|
||||
}
|
||||
];
|
||||
environment.persistence."/persist/system/root" = {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue