[NixOS] More sophisticated postgres initialization
This commit is contained in:
parent
18ef010bf1
commit
830499c7d6
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, options, inputs, makeEnable, ... }:
|
||||
{ config, pkgs, forEachUser, makeEnable, realUsers, ... }:
|
||||
makeEnable config "modules.base" true {
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"openssl-1.0.2u"
|
||||
@ -73,4 +73,7 @@ makeEnable config "modules.base" true {
|
||||
services.dbus.packages = [ pkgs.gcr ];
|
||||
|
||||
programs.dconf.enable = true;
|
||||
|
||||
home-manager.users = forEachUser (import ./home-manager.nix);
|
||||
nix.settings.trusted-users = realUsers;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, ... }:
|
||||
{ config, lib, forEachUser, ... }:
|
||||
{
|
||||
imports = [
|
||||
./android.nix
|
||||
|
@ -151,10 +151,14 @@
|
||||
specialArgs = rec {
|
||||
inherit inputs machineNames;
|
||||
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
|
||||
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
||||
realUsers = [ "root" "imalison" "kat" "dean" "alex" "will" "mike" "micah" ];
|
||||
forEachUser = mapValueToKeys realUsers;
|
||||
keys = (import ./keys.nix);
|
||||
usersInfo = (import ./users.nix) { pkgs = { zsh = "zsh"; }; keys = keys; };
|
||||
realUsers = (builtins.attrNames
|
||||
(nixpkgs.lib.filterAttrs
|
||||
(_: value: (builtins.elem "isNormalUser" (builtins.attrNames value)) && value.isNormalUser) usersInfo.users.users)
|
||||
);
|
||||
mapAllKeysToValue = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
||||
forEachUser = mapAllKeysToValue realUsers;
|
||||
} // specialArgs;
|
||||
});
|
||||
in
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ pkgs, config, makeEnable, ... }:
|
||||
{ pkgs, config, makeEnable, realUsers, ... }:
|
||||
makeEnable config "modules.postgres" false {
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
@ -7,8 +7,21 @@ makeEnable config "modules.postgres" false {
|
||||
authentication = pkgs.lib.mkOverride 10 ''
|
||||
#type database DBuser CIDR-ADDRESS auth-method
|
||||
local all all trust
|
||||
host all all 0.0.0.0/0 trust
|
||||
host all all ::1/128 trust
|
||||
host all all 0.0.0.0/0 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
ensureUsers = map (username: {
|
||||
name = username;
|
||||
ensureClauses = {
|
||||
superuser = true;
|
||||
createrole = true;
|
||||
createdb = true;
|
||||
};
|
||||
}) realUsers;
|
||||
initialScript = pkgs.writeText "init-sql-script" ''
|
||||
CREATE DATABASE IF NOT EXISTS railbird;
|
||||
\c railbird
|
||||
CREATE SCHEMA IF NOT EXISTS railbird;
|
||||
'';
|
||||
};
|
||||
services.pgadmin = {
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ pkgs, realUsers, forEachUser, keys, ... }:
|
||||
{ pkgs, keys, ... }:
|
||||
let
|
||||
extraGroups = [
|
||||
"audio"
|
||||
@ -31,31 +31,26 @@ in
|
||||
imalison = userDefaults // {
|
||||
extraGroups = extraGroupsWithWheel;
|
||||
name = "imalison";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = kanivanKeys;
|
||||
};
|
||||
kat = userDefaults // {
|
||||
extraGroups = extraGroupsWithWheel;
|
||||
name = "kat";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = kanivanKeys;
|
||||
};
|
||||
dean = userDefaults // {
|
||||
extraGroups = extraGroupsWithWheel;
|
||||
name = "dean";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
|
||||
};
|
||||
will = userDefaults // {
|
||||
extraGroups = extraGroupsWithWheel;
|
||||
name = "will";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = kanivanKeys ++ willKeys;
|
||||
};
|
||||
alex = userDefaults // {
|
||||
extraGroups = extraGroupsWithWheel;
|
||||
name = "alex";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
|
||||
};
|
||||
loewy = userDefaults // {
|
||||
@ -80,11 +75,8 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings.trusted-users = realUsers;
|
||||
nix.sshServe = {
|
||||
enable = true;
|
||||
keys = keys.allKeys;
|
||||
};
|
||||
|
||||
home-manager.users = forEachUser (import ./home-manager.nix);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user