removed headscale

2025-01-03 16:34:15 -06:00 · 2025-01-03 16:34:15 -06:00 · da8919b999
commit da8919b999
parent 0e5cf34809
4 changed files with 39 additions and 102 deletions
--- a/modules/nixos-modules/server/postgres.nix
+++ b/modules/nixos-modules/server/postgres.nix
@ -7,6 +7,8 @@
  dataDir = "/var/lib/postgresql/15";
  adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
  clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
+  createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
+  createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases;
 in {
  options = {
    host.postgres = {
@ -26,6 +28,21 @@ in {
              type = lib.types.bool;
              default = false;
            };
+            createUser = lib.mkOption {
+              type = lib.types.bool;
+              default = false;
+            };
+          };
+        }));
+        default = {};
+      };
+      extraDatabases = lib.mkOption {
+        type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
+          options = {
+            name = lib.mkOption {
+              type = lib.types.str;
+              default = name;
+            };
          };
        }));
        default = {};
@ -39,11 +56,19 @@ in {
        postgresql = {
          enable = true;
          package = pkgs.postgresql_15;
-          ensureUsers = [
-            {
-              name = "postgres";
-            }
-          ];
+          ensureUsers =
+            [
+              {
+                name = "postgres";
+              }
+            ]
+            ++ (
+              builtins.map (user: {
+                name = user.name;
+              })
+              createUsers
+            );
+          ensureDatabases = builtins.map (database: database.name) createDatabases;
          identMap =
            ''
              # ArbitraryMapName systemUser DBUser
@ -60,13 +85,13 @@ in {
              # Client Users
            ''
            + (
-              lib.strings.concatLines (builtins.map (user: "superuser_map      ${user.name}   ${user.name}") clientUsers)
+              lib.strings.concatLines (builtins.map (user: "user_map      ${user.name}   ${user.name}") clientUsers)
            );
          # configuration here lets users access the db that matches their name and lets user postgres access everything
          authentication = pkgs.lib.mkOverride 10 ''
            # type database DBuser    origin-address auth-method   optional_ident_map
            local  all      postgres                 peer          map=superuser_map
-            local  sameuser all                      peer          map=superuser_map
+            local  sameuser all                      peer          map=user_map
          '';
        };
      };