From e276df28b464205eb4016be45d9c309b84cd6627 Mon Sep 17 00:00:00 2001 From: soraefir Date: Wed, 6 May 2026 03:20:11 +0200 Subject: [PATCH] allow ip range db --- modules/server/database/default.nix | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/modules/server/database/default.nix b/modules/server/database/default.nix index 1d5a758..dcc84f6 100644 --- a/modules/server/database/default.nix +++ b/modules/server/database/default.nix @@ -19,6 +19,7 @@ in { local all all trust host all all 127.0.0.1/32 trust host all all 10.0.0.0/8 scram-sha-256 + host all all 169.254.0.0/16 scram-sha-256 host all all ::1/128 trust ''; ensureDatabases = map (name: "${name}_db") allApps; @@ -42,28 +43,10 @@ in { $PSQL -tAc "ALTER DATABASE ${name}_db OWNER TO ${name}_user;" if [ -f "${config.sops.secrets."${lib.toUpper name}".path}" ]; then - PASS=$(grep "^DB_PASSWORD=" "${config.sops.secrets."${lib.toUpper name}".path}" | cut -d'=' -f2- | tr -d '"' | tr -d "'") + PASS=$(grep "^DB_PASSWORD=" "${config.sops.secrets."${lib.toUpper name}".path}" | cut -d'=' -f2-) $PSQL -tAc "ALTER USER ${name}_user WITH PASSWORD '$PASS';" fi '') allApps} ''; - # systemd.services.init-db-permissions = { - # description = "Set DB passwords and ownership after Postgres is ready"; - # after = [ "postgresql.service" ]; - # requires = [ "postgresql.service" ]; - # partOf = [ "postgresql.service" ]; - # wantedBy = [ "multi-user.target" ]; - - # serviceConfig = { - # Type = "oneshot"; - # User = "postgres"; # Runs as postgres user directly - # RemainAfterExit = true; - # ExecStartPre = "${pkgs.coreutils}/bin/sleep 2"; - # }; - - # script = '' - - # ''; - # }; }; } \ No newline at end of file