2024-09-12 15:14:15 +02:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.custom.services.postgresql;
|
|
|
|
|
in
|
|
|
|
|
{
|
2024-03-26 23:37:53 +01:00
|
|
|
options.custom.services.postgresql = {
|
|
|
|
|
enable = lib.mkEnableOption "postgresql";
|
2021-07-15 17:09:32 +02:00
|
|
|
};
|
2021-11-29 02:04:29 +01:00
|
|
|
|
2024-03-26 23:37:53 +01:00
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
services.postgresql = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.postgresql_15;
|
|
|
|
|
enableTCPIP = true;
|
|
|
|
|
identMap = ''
|
|
|
|
|
root_as_others root postgres
|
|
|
|
|
root_as_others root synapse
|
|
|
|
|
root_as_others root nextcloud
|
|
|
|
|
root_as_others root roundcube
|
2024-12-14 05:07:09 +01:00
|
|
|
root_as_others root immich
|
2024-03-26 23:37:53 +01:00
|
|
|
'';
|
|
|
|
|
authentication = ''
|
|
|
|
|
local all postgres peer
|
|
|
|
|
local all all peer map=root_as_others
|
|
|
|
|
host all all 10.0.1.0/24 md5
|
|
|
|
|
'';
|
2021-12-27 16:39:22 +01:00
|
|
|
};
|
2024-03-26 23:37:53 +01:00
|
|
|
|
|
|
|
|
sops.secrets = {
|
2024-12-13 22:57:15 +01:00
|
|
|
synapseDbPasswordPg = {
|
|
|
|
|
owner = config.services.postgresql.superUser;
|
2024-03-26 23:37:53 +01:00
|
|
|
key = "synapse/db_password";
|
|
|
|
|
restartUnits = [ "postgresql-setup.service" ];
|
|
|
|
|
};
|
2024-12-13 22:57:15 +01:00
|
|
|
nextcloudDbPasswordPg = {
|
|
|
|
|
owner = config.services.postgresql.superUser;
|
2024-03-26 23:37:53 +01:00
|
|
|
key = "nextcloud/db_password";
|
|
|
|
|
restartUnits = [ "postgresql-setup.service" ];
|
|
|
|
|
};
|
2024-12-13 22:57:15 +01:00
|
|
|
roundcubeDbPasswordPg = {
|
2024-03-26 23:37:53 +01:00
|
|
|
owner = config.services.postgresql.superUser;
|
|
|
|
|
key = "roundcube/db_password";
|
|
|
|
|
restartUnits = [ "postgresql-setup.service" ];
|
|
|
|
|
};
|
2024-12-14 05:07:09 +01:00
|
|
|
immichDbPasswordPg = {
|
|
|
|
|
owner = config.services.postgresql.superUser;
|
|
|
|
|
key = "immich/db_password";
|
|
|
|
|
restartUnits = [ "postgresql-setup.service" ];
|
|
|
|
|
};
|
2022-12-01 02:31:13 +01:00
|
|
|
};
|
2021-11-29 02:04:29 +01:00
|
|
|
|
2024-09-12 15:14:15 +02:00
|
|
|
systemd.services.postgresql-setup =
|
|
|
|
|
let
|
|
|
|
|
pgsql = config.services.postgresql;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
after = [ "postgresql.service" ];
|
|
|
|
|
bindsTo = [ "postgresql.service" ];
|
|
|
|
|
wantedBy = [ "postgresql.service" ];
|
|
|
|
|
path = [
|
|
|
|
|
pgsql.package
|
|
|
|
|
pkgs.util-linux
|
|
|
|
|
];
|
|
|
|
|
script = ''
|
|
|
|
|
set -u
|
|
|
|
|
PSQL() {
|
|
|
|
|
psql --port=${toString pgsql.settings.port} "$@"
|
|
|
|
|
}
|
2022-10-19 07:30:00 +02:00
|
|
|
|
2024-09-12 15:14:15 +02:00
|
|
|
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"'
|
|
|
|
|
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"'
|
|
|
|
|
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
|
2024-12-14 05:07:09 +01:00
|
|
|
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'immich'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "immich"'
|
2022-10-19 07:30:00 +02:00
|
|
|
|
2024-09-12 15:14:15 +02:00
|
|
|
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
|
|
|
|
|
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
|
|
|
|
|
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
|
2024-12-14 05:07:09 +01:00
|
|
|
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'immich'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "immich" OWNER "immich"'
|
2021-11-29 02:04:29 +01:00
|
|
|
|
2024-09-12 15:14:15 +02:00
|
|
|
PSQL -tAc "ALTER ROLE synapse LOGIN"
|
|
|
|
|
PSQL -tAc "ALTER ROLE nextcloud LOGIN"
|
|
|
|
|
PSQL -tAc "ALTER ROLE roundcube LOGIN"
|
2024-12-14 05:07:09 +01:00
|
|
|
PSQL -tAc "ALTER ROLE immich LOGIN"
|
2021-11-29 02:04:29 +01:00
|
|
|
|
2024-12-13 22:57:15 +01:00
|
|
|
synapse_password="$(<'${config.sops.secrets.synapseDbPasswordPg.path}')"
|
2024-09-12 15:14:15 +02:00
|
|
|
PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"
|
2024-12-13 22:57:15 +01:00
|
|
|
nextcloud_password="$(<'${config.sops.secrets.nextcloudDbPasswordPg.path}')"
|
2024-09-12 15:14:15 +02:00
|
|
|
PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
|
2024-12-13 22:57:15 +01:00
|
|
|
roundcube_password="$(<'${config.sops.secrets.roundcubeDbPasswordPg.path}')"
|
2024-09-12 15:14:15 +02:00
|
|
|
PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
|
2024-12-14 05:07:09 +01:00
|
|
|
immich_password="$(<'${config.sops.secrets.immichDbPasswordPg.path}')"
|
|
|
|
|
PSQL -tAc "ALTER ROLE immich WITH PASSWORD '$immich_password'"
|
2024-09-12 15:14:15 +02:00
|
|
|
'';
|
2023-09-30 02:31:28 +02:00
|
|
|
|
2024-09-12 15:14:15 +02:00
|
|
|
serviceConfig = {
|
|
|
|
|
User = pgsql.superUser;
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
RemainAfterExit = true;
|
|
|
|
|
};
|
2024-03-26 23:37:53 +01:00
|
|
|
};
|
2023-09-30 02:31:28 +02:00
|
|
|
};
|
2021-07-15 17:33:31 +02:00
|
|
|
}
|
