[NixOS] More sophisticated postgres initialization

This commit is contained in:
Ivan Malison 2024-01-04 19:52:46 -07:00
parent 18ef010bf1
commit 830499c7d6
5 changed files with 29 additions and 17 deletions

View File

@ -1,4 +1,4 @@
{ config, pkgs, options, inputs, makeEnable, ... }:
{ config, pkgs, forEachUser, makeEnable, realUsers, ... }:
makeEnable config "modules.base" true {
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.0.2u"
@ -73,4 +73,7 @@ makeEnable config "modules.base" true {
services.dbus.packages = [ pkgs.gcr ];
programs.dconf.enable = true;
home-manager.users = forEachUser (import ./home-manager.nix);
nix.settings.trusted-users = realUsers;
}

View File

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, forEachUser, ... }:
{
imports = [
./android.nix

View File

@ -151,10 +151,14 @@
specialArgs = rec {
inherit inputs machineNames;
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
realUsers = [ "root" "imalison" "kat" "dean" "alex" "will" "mike" "micah" ];
forEachUser = mapValueToKeys realUsers;
keys = (import ./keys.nix);
usersInfo = (import ./users.nix) { pkgs = { zsh = "zsh"; }; keys = keys; };
realUsers = (builtins.attrNames
(nixpkgs.lib.filterAttrs
(_: value: (builtins.elem "isNormalUser" (builtins.attrNames value)) && value.isNormalUser) usersInfo.users.users)
);
mapAllKeysToValue = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
forEachUser = mapAllKeysToValue realUsers;
} // specialArgs;
});
in

View File

@ -1,4 +1,4 @@
{ pkgs, config, makeEnable, ... }:
{ pkgs, config, makeEnable, realUsers, ... }:
makeEnable config "modules.postgres" false {
services.postgresql = {
enable = true;
@ -7,8 +7,21 @@ makeEnable config "modules.postgres" false {
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser CIDR-ADDRESS auth-method
local all all trust
host all all 0.0.0.0/0 trust
host all all ::1/128 trust
host all all 0.0.0.0/0 trust
host all all ::1/128 trust
'';
ensureUsers = map (username: {
name = username;
ensureClauses = {
superuser = true;
createrole = true;
createdb = true;
};
}) realUsers;
initialScript = pkgs.writeText "init-sql-script" ''
CREATE DATABASE IF NOT EXISTS railbird;
\c railbird
CREATE SCHEMA IF NOT EXISTS railbird;
'';
};
services.pgadmin = {

View File

@ -1,4 +1,4 @@
{ pkgs, realUsers, forEachUser, keys, ... }:
{ pkgs, keys, ... }:
let
extraGroups = [
"audio"
@ -31,31 +31,26 @@ in
imalison = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "imalison";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys;
};
kat = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "kat";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys;
};
dean = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "dean";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
};
will = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "will";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys ++ willKeys;
};
alex = userDefaults // {
extraGroups = extraGroupsWithWheel;
name = "alex";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
};
loewy = userDefaults // {
@ -80,11 +75,8 @@ in
};
};
nix.settings.trusted-users = realUsers;
nix.sshServe = {
enable = true;
keys = keys.allKeys;
};
home-manager.users = forEachUser (import ./home-manager.nix);
}