[NixOS] More sophisticated postgres initialization
This commit is contained in:
parent
18ef010bf1
commit
830499c7d6
@ -1,4 +1,4 @@
|
|||||||
{ config, pkgs, options, inputs, makeEnable, ... }:
|
{ config, pkgs, forEachUser, makeEnable, realUsers, ... }:
|
||||||
makeEnable config "modules.base" true {
|
makeEnable config "modules.base" true {
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
"openssl-1.0.2u"
|
"openssl-1.0.2u"
|
||||||
@ -73,4 +73,7 @@ makeEnable config "modules.base" true {
|
|||||||
services.dbus.packages = [ pkgs.gcr ];
|
services.dbus.packages = [ pkgs.gcr ];
|
||||||
|
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
|
|
||||||
|
home-manager.users = forEachUser (import ./home-manager.nix);
|
||||||
|
nix.settings.trusted-users = realUsers;
|
||||||
}
|
}
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, lib, ... }:
|
{ config, lib, forEachUser, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./android.nix
|
./android.nix
|
||||||
|
@ -151,10 +151,14 @@
|
|||||||
specialArgs = rec {
|
specialArgs = rec {
|
||||||
inherit inputs machineNames;
|
inherit inputs machineNames;
|
||||||
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
|
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
|
||||||
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
|
||||||
realUsers = [ "root" "imalison" "kat" "dean" "alex" "will" "mike" "micah" ];
|
|
||||||
forEachUser = mapValueToKeys realUsers;
|
|
||||||
keys = (import ./keys.nix);
|
keys = (import ./keys.nix);
|
||||||
|
usersInfo = (import ./users.nix) { pkgs = { zsh = "zsh"; }; keys = keys; };
|
||||||
|
realUsers = (builtins.attrNames
|
||||||
|
(nixpkgs.lib.filterAttrs
|
||||||
|
(_: value: (builtins.elem "isNormalUser" (builtins.attrNames value)) && value.isNormalUser) usersInfo.users.users)
|
||||||
|
);
|
||||||
|
mapAllKeysToValue = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
||||||
|
forEachUser = mapAllKeysToValue realUsers;
|
||||||
} // specialArgs;
|
} // specialArgs;
|
||||||
});
|
});
|
||||||
in
|
in
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ pkgs, config, makeEnable, ... }:
|
{ pkgs, config, makeEnable, realUsers, ... }:
|
||||||
makeEnable config "modules.postgres" false {
|
makeEnable config "modules.postgres" false {
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -7,8 +7,21 @@ makeEnable config "modules.postgres" false {
|
|||||||
authentication = pkgs.lib.mkOverride 10 ''
|
authentication = pkgs.lib.mkOverride 10 ''
|
||||||
#type database DBuser CIDR-ADDRESS auth-method
|
#type database DBuser CIDR-ADDRESS auth-method
|
||||||
local all all trust
|
local all all trust
|
||||||
host all all 0.0.0.0/0 trust
|
host all all 0.0.0.0/0 trust
|
||||||
host all all ::1/128 trust
|
host all all ::1/128 trust
|
||||||
|
'';
|
||||||
|
ensureUsers = map (username: {
|
||||||
|
name = username;
|
||||||
|
ensureClauses = {
|
||||||
|
superuser = true;
|
||||||
|
createrole = true;
|
||||||
|
createdb = true;
|
||||||
|
};
|
||||||
|
}) realUsers;
|
||||||
|
initialScript = pkgs.writeText "init-sql-script" ''
|
||||||
|
CREATE DATABASE IF NOT EXISTS railbird;
|
||||||
|
\c railbird
|
||||||
|
CREATE SCHEMA IF NOT EXISTS railbird;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
services.pgadmin = {
|
services.pgadmin = {
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ pkgs, realUsers, forEachUser, keys, ... }:
|
{ pkgs, keys, ... }:
|
||||||
let
|
let
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"audio"
|
"audio"
|
||||||
@ -31,31 +31,26 @@ in
|
|||||||
imalison = userDefaults // {
|
imalison = userDefaults // {
|
||||||
extraGroups = extraGroupsWithWheel;
|
extraGroups = extraGroupsWithWheel;
|
||||||
name = "imalison";
|
name = "imalison";
|
||||||
shell = pkgs.zsh;
|
|
||||||
openssh.authorizedKeys.keys = kanivanKeys;
|
openssh.authorizedKeys.keys = kanivanKeys;
|
||||||
};
|
};
|
||||||
kat = userDefaults // {
|
kat = userDefaults // {
|
||||||
extraGroups = extraGroupsWithWheel;
|
extraGroups = extraGroupsWithWheel;
|
||||||
name = "kat";
|
name = "kat";
|
||||||
shell = pkgs.zsh;
|
|
||||||
openssh.authorizedKeys.keys = kanivanKeys;
|
openssh.authorizedKeys.keys = kanivanKeys;
|
||||||
};
|
};
|
||||||
dean = userDefaults // {
|
dean = userDefaults // {
|
||||||
extraGroups = extraGroupsWithWheel;
|
extraGroups = extraGroupsWithWheel;
|
||||||
name = "dean";
|
name = "dean";
|
||||||
shell = pkgs.zsh;
|
|
||||||
openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
|
openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
|
||||||
};
|
};
|
||||||
will = userDefaults // {
|
will = userDefaults // {
|
||||||
extraGroups = extraGroupsWithWheel;
|
extraGroups = extraGroupsWithWheel;
|
||||||
name = "will";
|
name = "will";
|
||||||
shell = pkgs.zsh;
|
|
||||||
openssh.authorizedKeys.keys = kanivanKeys ++ willKeys;
|
openssh.authorizedKeys.keys = kanivanKeys ++ willKeys;
|
||||||
};
|
};
|
||||||
alex = userDefaults // {
|
alex = userDefaults // {
|
||||||
extraGroups = extraGroupsWithWheel;
|
extraGroups = extraGroupsWithWheel;
|
||||||
name = "alex";
|
name = "alex";
|
||||||
shell = pkgs.zsh;
|
|
||||||
openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
|
openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
|
||||||
};
|
};
|
||||||
loewy = userDefaults // {
|
loewy = userDefaults // {
|
||||||
@ -80,11 +75,8 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.settings.trusted-users = realUsers;
|
|
||||||
nix.sshServe = {
|
nix.sshServe = {
|
||||||
enable = true;
|
enable = true;
|
||||||
keys = keys.allKeys;
|
keys = keys.allKeys;
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users = forEachUser (import ./home-manager.nix);
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user