forked from jan-leila/nix-config
fixed postgres config for forgejo
This commit is contained in:
parent
9ecba48dcf
commit
8f59f8aeca
5 changed files with 55 additions and 52 deletions
|
|
@ -69,6 +69,10 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
subdomain = "media";
|
subdomain = "media";
|
||||||
};
|
};
|
||||||
|
forgejo = {
|
||||||
|
enable = true;
|
||||||
|
subdomain = "git";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
networking = {
|
networking = {
|
||||||
hostId = "c51763d6";
|
hostId = "c51763d6";
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,8 @@
|
||||||
imports = [
|
imports = [
|
||||||
./network_storage
|
./network_storage
|
||||||
./reverse_proxy.nix
|
./reverse_proxy.nix
|
||||||
./jellyfin.nix
|
|
||||||
./postgres.nix
|
./postgres.nix
|
||||||
|
./jellyfin.nix
|
||||||
|
./forgejo.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,20 +17,33 @@ in {
|
||||||
config =
|
config =
|
||||||
lib.mkIf config.host.forgejo.enable
|
lib.mkIf config.host.forgejo.enable
|
||||||
{
|
{
|
||||||
enable = true;
|
host = {
|
||||||
database = {
|
reverse_proxy.subdomains.${config.host.forgejo.subdomain} = {
|
||||||
type = "postgres";
|
target = "http://localhost:${toString forgejoPort}";
|
||||||
socket = "/run/postgresql";
|
};
|
||||||
};
|
postgres = {
|
||||||
lfs.enable = true;
|
enable = true;
|
||||||
settings = {
|
extraUsers = {
|
||||||
server = {
|
forgejo = {
|
||||||
DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
|
isClient = true;
|
||||||
HTTP_PORT = forgejoPort;
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {
|
|
||||||
target = "http://localhost:${toString forgejoPort}";
|
services.forgejo = {
|
||||||
|
enable = true;
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
socket = "/run/postgresql";
|
||||||
|
};
|
||||||
|
lfs.enable = true;
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
|
||||||
|
HTTP_PORT = forgejoPort;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -34,11 +34,11 @@ in {
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion = config.services.jellyfin.dataDir == jellyfin_data_directory;
|
assertion = config.services.jellyfin.dataDir == jellyfin_data_directory;
|
||||||
description = "jellyfin data directory does not match persistence";
|
message = "jellyfin data directory does not match persistence";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory;
|
assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory;
|
||||||
description = "jellyfin cache directory does not match persistence";
|
message = "jellyfin cache directory does not match persistence";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,38 +5,29 @@
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
dataDir = "/var/lib/postgresql/15";
|
dataDir = "/var/lib/postgresql/15";
|
||||||
|
adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
|
||||||
|
clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
host.postgres = {
|
host.postgres = {
|
||||||
enable = lib.mkEnableOption "enable postgres";
|
enable = lib.mkEnableOption "enable postgres";
|
||||||
extraAdminUsers = lib.mkOption {
|
extraUsers = lib.mkOption {
|
||||||
type = lib.types.attrsOf lib.types.submodule ({name, ...}: {
|
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
|
||||||
options = {
|
options = {
|
||||||
name = lib.mkOption {
|
name = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = name;
|
default = name;
|
||||||
description = ''
|
};
|
||||||
What should this users name on the system be
|
isAdmin = lib.mkOption {
|
||||||
'';
|
type = lib.types.bool;
|
||||||
defaultText = lib.literalExpression "config.host.users.\${name}.name";
|
default = false;
|
||||||
|
};
|
||||||
|
isClient = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
}));
|
||||||
default = {};
|
|
||||||
};
|
|
||||||
extraDatabaseUsers = lib.mkOption {
|
|
||||||
type = lib.types.attrsOf lib.types.submodule ({name, ...}: {
|
|
||||||
options = {
|
|
||||||
name = lib.mkOption {
|
|
||||||
type = lib.types.str;
|
|
||||||
default = name;
|
|
||||||
description = ''
|
|
||||||
What should this users name on the system be
|
|
||||||
'';
|
|
||||||
defaultText = lib.literalExpression "config.host.users.\${name}.name";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
});
|
|
||||||
default = {};
|
default = {};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -47,18 +38,12 @@ in {
|
||||||
services = {
|
services = {
|
||||||
postgresql = {
|
postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ensureUsers =
|
package = pkgs.postgresql_15;
|
||||||
[
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "postgres";
|
name = "postgres";
|
||||||
}
|
}
|
||||||
]
|
];
|
||||||
+ (lib.attrsets.mapAttrsToList (user: {
|
|
||||||
name = user.name;
|
|
||||||
ensureDBOwnership = true;
|
|
||||||
})
|
|
||||||
config.host.postgres.extraDatabaseUsers);
|
|
||||||
ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers;
|
|
||||||
identMap =
|
identMap =
|
||||||
''
|
''
|
||||||
# ArbitraryMapName systemUser DBUser
|
# ArbitraryMapName systemUser DBUser
|
||||||
|
|
@ -68,14 +53,14 @@ in {
|
||||||
superuser_map postgres postgres
|
superuser_map postgres postgres
|
||||||
''
|
''
|
||||||
+ (
|
+ (
|
||||||
lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers)
|
lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers)
|
||||||
)
|
)
|
||||||
+ ''
|
+ ''
|
||||||
|
|
||||||
# Client Users
|
# Client Users
|
||||||
''
|
''
|
||||||
+ (
|
+ (
|
||||||
lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers)
|
lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers)
|
||||||
);
|
);
|
||||||
# configuration here lets users access the db that matches their name and lets user postgres access everything
|
# configuration here lets users access the db that matches their name and lets user postgres access everything
|
||||||
authentication = pkgs.lib.mkOverride 10 ''
|
authentication = pkgs.lib.mkOverride 10 ''
|
||||||
|
|
@ -91,7 +76,7 @@ in {
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion = config.services.postgresql.dataDir == dataDir;
|
assertion = config.services.postgresql.dataDir == dataDir;
|
||||||
description = "postgres data directory does not match persistence";
|
message = "postgres data directory does not match persistence";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
environment.persistence."/persist/system/root" = {
|
environment.persistence."/persist/system/root" = {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue