feat: deployed frontend, postgres, rev-proxy, tailscale config, initialisation scripts

2026-01-31 14:28:52 +01:00 · 2026-01-31 14:28:52 +01:00 · a24fd5bd93
commit a24fd5bd93
parent f48059e37e
20 changed files with 413 additions and 262 deletions
--- a/pkgs/postgres.nix
+++ b/pkgs/postgres.nix
@ -3,30 +3,49 @@
 {
  services.postgresql = {
    enable = true;
+    settings = {
+      # Set hashing algorithm
+      password_encryption = "scram-sha-256";

-    # settings = {
-    #   listen_addresses = lib.mkForce "127.0.0.1,10.89.0.10";
-    # };
+      # Replication conf
+      wal_level = "logical";
+      max_wal_senders = "5";
+      max_replication_slots = "5";
+    };

    # Allow root to log in as postgres in the DB (for the PowerDNS container)
-    identMap = ''
-      postgres root postgres
-    '';
+    # identMap = ''
+    #   postgres root postgres
+    # '';

-    authentication = lib.mkForce ''
-      # TYPE DATABASE        USER            ADDRESS       AUTH-METHOD   [auth-options]
-      host   hexname-backend hexname-backend 127.0.0.1/24  scram-sha-256
-      # host   all             powerdns-user   127.0.0.1/24  scram-sha-256
-      # local  all             root                          trust
-    '';
-
-    ensureUsers = [ { name = "hexname-backend"; } ];
-    # No need to define the DB since `diesel` creates everything
+    # authentication = lib.mkForce ''
+    #   # TYPE DATABASE        USER            ADDRESS       AUTH-METHOD   [auth-options]
+    #   # host   hexname-backend hexname-backend 127.0.0.1/24  scram-sha-256
+    #   # host   postgres        postgres        127.0.0.1/24  scram-sha-256
+    #   host   all        all        127.0.0.1/24  scram-sha-256
+    #   # host   all             powerdns-user   127.0.0.1/24  scram-sha-256
+    #   # local  all             root                          trust
+    # '';

    # This password is only the initial one - don't get too excited
-    initialScript = pkgs.writeText "set-initial-password-script" ''
-      alter user hexname-backend with password 'shuaze-gagyof';
-    '';
+    initialScript = "/etc/env/hexname/init-db-dns.sql";
+    # initialScript = pkgs.writeText "set-initial-password-script" ''
+      # CREATE USER powerdns WITH PASSWORD 'shuaze-gagyof';
+      # CREATE USER hexname_backend WITH PASSWORD 'shuaze-gagyof2' CREATEDB;
+      # CREATE USER replication_user SUPERUSER WITH PASSWORD 'shuaze-gagyof3';
+
+      # CREATE DATABASE powerdns OWNER "powerdns";
+      # CREATE DATABASE hexname_backend OWNER "hexname-backend";
+      # CREATE DATABASE hexname_backend OWNER "hexname-backend";
+
+      # \c powerdns;
+      # CREATE PUBLICATION powerdns_pub FOR ALL TABLES;
+
+      # CREATE SUBSCRIPTION hexname_ns2
+      #   CONNECTION 'host=publisher_ip_address port=5432 user=replication_user password=' ' dbname=powerdns'
+      #   PUBLICATION powerdns_pub;
+    # '';
+      # ALTER USER "postgres" WITH PASSWORD 'shuaze-gagyof';
  };
 }