draft: postgres in container

2026-01-26 22:16:26 +01:00 · 2026-01-26 22:16:26 +01:00 · f48059e37e
commit f48059e37e
parent 181e6f681e
9 changed files with 327 additions and 103 deletions
--- a/pkgs/postgres.nix
+++ b/pkgs/postgres.nix
@ -0,0 +1,32 @@
+{ lib, pkgs, ... }:
+
+{
+  services.postgresql = {
+    enable = true;
+
+    # settings = {
+    #   listen_addresses = lib.mkForce "127.0.0.1,10.89.0.10";
+    # };
+
+    # Allow root to log in as postgres in the DB (for the PowerDNS container)
+    identMap = ''
+      postgres root postgres
+    '';
+
+    authentication = lib.mkForce ''
+      # TYPE DATABASE        USER            ADDRESS       AUTH-METHOD   [auth-options]
+      host   hexname-backend hexname-backend 127.0.0.1/24  scram-sha-256
+      # host   all             powerdns-user   127.0.0.1/24  scram-sha-256
+      # local  all             root                          trust
+    '';
+
+    ensureUsers = [ { name = "hexname-backend"; } ];
+    # No need to define the DB since `diesel` creates everything
+
+    # This password is only the initial one - don't get too excited
+    initialScript = pkgs.writeText "set-initial-password-script" ''
+      alter user hexname-backend with password 'shuaze-gagyof';
+    '';
+  };
+}
+