[NixOS] More sophisticated postgres initialization

This commit is contained in:
Ivan Malison 2024-01-04 19:52:46 -07:00
parent 18ef010bf1
commit 830499c7d6
5 changed files with 29 additions and 17 deletions

View File

@ -1,4 +1,4 @@
{ config, pkgs, options, inputs, makeEnable, ... }: { config, pkgs, forEachUser, makeEnable, realUsers, ... }:
makeEnable config "modules.base" true { makeEnable config "modules.base" true {
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"openssl-1.0.2u" "openssl-1.0.2u"
@ -73,4 +73,7 @@ makeEnable config "modules.base" true {
services.dbus.packages = [ pkgs.gcr ]; services.dbus.packages = [ pkgs.gcr ];
programs.dconf.enable = true; programs.dconf.enable = true;
home-manager.users = forEachUser (import ./home-manager.nix);
nix.settings.trusted-users = realUsers;
} }

View File

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, forEachUser, ... }:
{ {
imports = [ imports = [
./android.nix ./android.nix

View File

@ -151,10 +151,14 @@
specialArgs = rec { specialArgs = rec {
inherit inputs machineNames; inherit inputs machineNames;
makeEnable = (import ./make-enable.nix) nixpkgs.lib; makeEnable = (import ./make-enable.nix) nixpkgs.lib;
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
realUsers = [ "root" "imalison" "kat" "dean" "alex" "will" "mike" "micah" ];
forEachUser = mapValueToKeys realUsers;
keys = (import ./keys.nix); keys = (import ./keys.nix);
usersInfo = (import ./users.nix) { pkgs = { zsh = "zsh"; }; keys = keys; };
realUsers = (builtins.attrNames
(nixpkgs.lib.filterAttrs
(_: value: (builtins.elem "isNormalUser" (builtins.attrNames value)) && value.isNormalUser) usersInfo.users.users)
);
mapAllKeysToValue = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
forEachUser = mapAllKeysToValue realUsers;
} // specialArgs; } // specialArgs;
}); });
in in

View File

@ -1,4 +1,4 @@
{ pkgs, config, makeEnable, ... }: { pkgs, config, makeEnable, realUsers, ... }:
makeEnable config "modules.postgres" false { makeEnable config "modules.postgres" false {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -7,8 +7,21 @@ makeEnable config "modules.postgres" false {
authentication = pkgs.lib.mkOverride 10 '' authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser CIDR-ADDRESS auth-method #type database DBuser CIDR-ADDRESS auth-method
local all all trust local all all trust
host all all 0.0.0.0/0 trust host all all 0.0.0.0/0 trust
host all all ::1/128 trust host all all ::1/128 trust
'';
ensureUsers = map (username: {
name = username;
ensureClauses = {
superuser = true;
createrole = true;
createdb = true;
};
}) realUsers;
initialScript = pkgs.writeText "init-sql-script" ''
CREATE DATABASE IF NOT EXISTS railbird;
\c railbird
CREATE SCHEMA IF NOT EXISTS railbird;
''; '';
}; };
services.pgadmin = { services.pgadmin = {

View File

@ -1,4 +1,4 @@
{ pkgs, realUsers, forEachUser, keys, ... }: { pkgs, keys, ... }:
let let
extraGroups = [ extraGroups = [
"audio" "audio"
@ -31,31 +31,26 @@ in
imalison = userDefaults // { imalison = userDefaults // {
extraGroups = extraGroupsWithWheel; extraGroups = extraGroupsWithWheel;
name = "imalison"; name = "imalison";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys; openssh.authorizedKeys.keys = kanivanKeys;
}; };
kat = userDefaults // { kat = userDefaults // {
extraGroups = extraGroupsWithWheel; extraGroups = extraGroupsWithWheel;
name = "kat"; name = "kat";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys; openssh.authorizedKeys.keys = kanivanKeys;
}; };
dean = userDefaults // { dean = userDefaults // {
extraGroups = extraGroupsWithWheel; extraGroups = extraGroupsWithWheel;
name = "dean"; name = "dean";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys; openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
}; };
will = userDefaults // { will = userDefaults // {
extraGroups = extraGroupsWithWheel; extraGroups = extraGroupsWithWheel;
name = "will"; name = "will";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys ++ willKeys; openssh.authorizedKeys.keys = kanivanKeys ++ willKeys;
}; };
alex = userDefaults // { alex = userDefaults // {
extraGroups = extraGroupsWithWheel; extraGroups = extraGroupsWithWheel;
name = "alex"; name = "alex";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys; openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
}; };
loewy = userDefaults // { loewy = userDefaults // {
@ -80,11 +75,8 @@ in
}; };
}; };
nix.settings.trusted-users = realUsers;
nix.sshServe = { nix.sshServe = {
enable = true; enable = true;
keys = keys.allKeys; keys = keys.allKeys;
}; };
home-manager.users = forEachUser (import ./home-manager.nix);
} }