[NixOS] More sophisticated postgres initialization

nixos/base.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, options, inputs, makeEnable, ... }:
+{ config, pkgs, forEachUser, makeEnable, realUsers, ... }:
 makeEnable config "modules.base" true {
   nixpkgs.config.permittedInsecurePackages = [
     "openssl-1.0.2u"
@@ -73,4 +73,7 @@ makeEnable config "modules.base" true {
   services.dbus.packages = [ pkgs.gcr ];
 
   programs.dconf.enable = true;
+
+  home-manager.users = forEachUser (import ./home-manager.nix);
+  nix.settings.trusted-users = realUsers;
 }

nixos/configuration.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, forEachUser, ... }:
 {
   imports = [
     ./android.nix

nixos/flake.nix

@@ -151,10 +151,14 @@
       specialArgs = rec {
         inherit inputs machineNames;
         makeEnable = (import ./make-enable.nix) nixpkgs.lib;
-        mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
-        realUsers = [ "root" "imalison" "kat" "dean" "alex" "will" "mike" "micah" ];
-        forEachUser = mapValueToKeys realUsers;
         keys = (import ./keys.nix);
+        usersInfo = (import ./users.nix) { pkgs = { zsh = "zsh"; }; keys = keys; };
+        realUsers = (builtins.attrNames
+        (nixpkgs.lib.filterAttrs
+           (_: value: (builtins.elem "isNormalUser" (builtins.attrNames value)) && value.isNormalUser) usersInfo.users.users)
+        );
+        mapAllKeysToValue = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
+        forEachUser = mapAllKeysToValue realUsers;
       } // specialArgs;
     });
   in

nixos/postgres.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, makeEnable, ... }:
+{ pkgs, config, makeEnable, realUsers, ... }:
 makeEnable config "modules.postgres" false {
   services.postgresql = {
     enable = true;
@@ -7,8 +7,21 @@ makeEnable config "modules.postgres" false {
     authentication = pkgs.lib.mkOverride 10 ''
       #type database  DBuser  CIDR-ADDRESS auth-method
       local all       all                  trust
-      host  all       all  0.0.0.0/0       trust
-      host  all       all  ::1/128         trust
+      host  all       all     0.0.0.0/0    trust
+      host  all       all     ::1/128      trust
+    '';
+    ensureUsers = map (username: {
+        name = username;
+        ensureClauses = {
+          superuser = true;
+          createrole = true;
+          createdb = true;
+        };
+    }) realUsers;
+    initialScript = pkgs.writeText "init-sql-script" ''
+      CREATE DATABASE IF NOT EXISTS railbird;
+      \c railbird
+      CREATE SCHEMA IF NOT EXISTS railbird;
     '';
   };
   services.pgadmin = {

nixos/users.nix

@@ -1,4 +1,4 @@
-{ pkgs, realUsers, forEachUser, keys, ... }:
+{ pkgs, keys, ... }:
 let
   extraGroups = [
     "audio"
@@ -31,31 +31,26 @@ in
     imalison = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "imalison";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys;
     };
     kat = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "kat";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys;
     };
     dean = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "dean";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
     };
     will = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "will";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys ++ willKeys;
     };
     alex = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "alex";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
     };
     loewy = userDefaults // {
@@ -80,11 +75,8 @@ in
     };
   };
 
-  nix.settings.trusted-users = realUsers;
   nix.sshServe = {
     enable = true;
     keys = keys.allKeys;
   };
-
-  home-manager.users = forEachUser (import ./home-manager.nix);
 }