From 830499c7d60d459af483784b8a1d48316daf24a1 Mon Sep 17 00:00:00 2001
From: Ivan Malison <IvanMalison@gmail.com>
Date: Thu, 4 Jan 2024 19:52:46 -0700
Subject: [PATCH] [NixOS] More sophisticated postgres initialization

---
 nixos/base.nix          |  5 ++++-
 nixos/configuration.nix |  2 +-
 nixos/flake.nix         | 10 +++++++---
 nixos/postgres.nix      | 19 ++++++++++++++++---
 nixos/users.nix         | 10 +---------
 5 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/nixos/base.nix b/nixos/base.nix
index fbb493e4..381cc5dd 100644
--- a/nixos/base.nix
+++ b/nixos/base.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, options, inputs, makeEnable, ... }:
+{ config, pkgs, forEachUser, makeEnable, realUsers, ... }:
 makeEnable config "modules.base" true {
   nixpkgs.config.permittedInsecurePackages = [
     "openssl-1.0.2u"
@@ -73,4 +73,7 @@ makeEnable config "modules.base" true {
   services.dbus.packages = [ pkgs.gcr ];
 
   programs.dconf.enable = true;
+
+  home-manager.users = forEachUser (import ./home-manager.nix);
+  nix.settings.trusted-users = realUsers;
 }
diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 2e18ee03..f2a3c051 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, forEachUser, ... }:
 {
   imports = [
     ./android.nix
diff --git a/nixos/flake.nix b/nixos/flake.nix
index 541f0fa0..1a3e23c2 100644
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@@ -151,10 +151,14 @@
       specialArgs = rec {
         inherit inputs machineNames;
         makeEnable = (import ./make-enable.nix) nixpkgs.lib;
-        mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
-        realUsers = [ "root" "imalison" "kat" "dean" "alex" "will" "mike" "micah" ];
-        forEachUser = mapValueToKeys realUsers;
         keys = (import ./keys.nix);
+        usersInfo = (import ./users.nix) { pkgs = { zsh = "zsh"; }; keys = keys; };
+        realUsers = (builtins.attrNames
+        (nixpkgs.lib.filterAttrs
+           (_: value: (builtins.elem "isNormalUser" (builtins.attrNames value)) && value.isNormalUser) usersInfo.users.users)
+        );
+        mapAllKeysToValue = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
+        forEachUser = mapAllKeysToValue realUsers;
       } // specialArgs;
     });
   in
diff --git a/nixos/postgres.nix b/nixos/postgres.nix
index b1b27284..39f19cad 100644
--- a/nixos/postgres.nix
+++ b/nixos/postgres.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, makeEnable, ... }:
+{ pkgs, config, makeEnable, realUsers, ... }:
 makeEnable config "modules.postgres" false {
   services.postgresql = {
     enable = true;
@@ -7,8 +7,21 @@ makeEnable config "modules.postgres" false {
     authentication = pkgs.lib.mkOverride 10 ''
       #type database  DBuser  CIDR-ADDRESS auth-method
       local all       all                  trust
-      host  all       all  0.0.0.0/0       trust
-      host  all       all  ::1/128         trust
+      host  all       all     0.0.0.0/0    trust
+      host  all       all     ::1/128      trust
+    '';
+    ensureUsers = map (username: {
+        name = username;
+        ensureClauses = {
+          superuser = true;
+          createrole = true;
+          createdb = true;
+        };
+    }) realUsers;
+    initialScript = pkgs.writeText "init-sql-script" ''
+      CREATE DATABASE IF NOT EXISTS railbird;
+      \c railbird
+      CREATE SCHEMA IF NOT EXISTS railbird;
     '';
   };
   services.pgadmin = {
diff --git a/nixos/users.nix b/nixos/users.nix
index a4557bd0..a6d00406 100644
--- a/nixos/users.nix
+++ b/nixos/users.nix
@@ -1,4 +1,4 @@
-{ pkgs, realUsers, forEachUser, keys, ... }:
+{ pkgs, keys, ... }:
 let
   extraGroups = [
     "audio"
@@ -31,31 +31,26 @@ in
     imalison = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "imalison";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys;
     };
     kat = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "kat";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys;
     };
     dean = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "dean";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
     };
     will = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "will";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys ++ willKeys;
     };
     alex = userDefaults // {
       extraGroups = extraGroupsWithWheel;
       name = "alex";
-      shell = pkgs.zsh;
       openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
     };
     loewy = userDefaults // {
@@ -80,11 +75,8 @@ in
     };
   };
 
-  nix.settings.trusted-users = realUsers;
   nix.sshServe = {
     enable = true;
     keys = keys.allKeys;
   };
-
-  home-manager.users = forEachUser (import ./home-manager.nix);
 }