44 lines
1.3 KiB
Nix
44 lines
1.3 KiB
Nix
{ pkgs, ... }:
|
|
{
|
|
services.postgresql.enable = true;
|
|
services.postgresql.package = pkgs.postgresql_12;
|
|
services.postgresql.dataDir = "/mnt/data/postgresql";
|
|
services.postgresql.enableTCPIP = true;
|
|
services.postgresql.authentication = ''
|
|
host all all 10.88.0.0/16 trust
|
|
'';
|
|
services.postgresql.initialScript = pkgs.writeText "backend-initScript" ''
|
|
CREATE DATABASE vault;
|
|
|
|
CREATE USER vault WITH ENCRYPTED PASSWORD '${(builtins.readFile /opt/cloud-init-misc-data/vault_db_password)}';
|
|
|
|
GRANT ALL PRIVILEGES ON DATABASE vault TO vault;
|
|
\c vault
|
|
CREATE TABLE vault_kv_store (
|
|
parent_path TEXT COLLATE "C" NOT NULL,
|
|
path TEXT COLLATE "C",
|
|
key TEXT COLLATE "C",
|
|
value BYTEA,
|
|
CONSTRAINT pkey PRIMARY KEY (path, key)
|
|
);
|
|
CREATE INDEX parent_path_idx ON vault_kv_store (parent_path);
|
|
GRANT ALL PRIVILEGES ON TABLE vault_kv_store TO vault;
|
|
'';
|
|
|
|
system.activationScripts = {
|
|
mnt = {
|
|
text = "chmod 755 /mnt && mkdir -p /mnt/data/postgresql && chown -R postgres:postgres /mnt/data/postgresql";
|
|
deps = [];
|
|
};
|
|
};
|
|
|
|
fileSystems."/mnt/data" = {
|
|
device = "/dev/sdb";
|
|
fsType = "ext4";
|
|
label = "data";
|
|
options = [ "nofail" ];
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [5432];
|
|
}
|