sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

allow ip range db

Browse Source
This commit is contained in:
soraefir
2026-05-06 03:20:11 +02:00
parent 0782278a0c
commit e276df28b4
1 changed files with 2 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
modules/server/database/default.nix
View File

@@ -19,6 +19,7 @@ in {
local all all trust
host all all 127.0.0.1/32 trust
host all all 10.0.0.0/8 scram-sha-256
host all all 169.254.0.0/16 scram-sha-256
host all all ::1/128 trust
'';
ensureDatabases = map (name: "${name}_db") allApps;
@@ -42,28 +43,10 @@ in {
$PSQL -tAc "ALTER DATABASE ${name}_db OWNER TO ${name}_user;"
if [ -f "${config.sops.secrets."${lib.toUpper name}".path}" ]; then
PASS=$(grep "^DB_PASSWORD=" "${config.sops.secrets."${lib.toUpper name}".path}" | cut -d'=' -f2- | tr -d '"' | tr -d "'")
PASS=$(grep "^DB_PASSWORD=" "${config.sops.secrets."${lib.toUpper name}".path}" | cut -d'=' -f2-)
$PSQL -tAc "ALTER USER ${name}_user WITH PASSWORD '$PASS';"
fi
'') allApps}
'';
# systemd.services.init-db-permissions = {
# description = "Set DB passwords and ownership after Postgres is ready";
# after = [ "postgresql.service" ];
# requires = [ "postgresql.service" ];
# partOf = [ "postgresql.service" ];
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "oneshot";
# User = "postgres"; # Runs as postgres user directly
# RemainAfterExit = true;
# ExecStartPre = "${pkgs.coreutils}/bin/sleep 2";
# };
# script = ''
# '';
# };
};
}