32 lines
978 B
Nix
32 lines
978 B
Nix
{ lib, pkgs, ... }:
|
|
|
|
{
|
|
services.postgresql = {
|
|
enable = true;
|
|
|
|
# settings = {
|
|
# listen_addresses = lib.mkForce "127.0.0.1,10.89.0.10";
|
|
# };
|
|
|
|
# Allow root to log in as postgres in the DB (for the PowerDNS container)
|
|
identMap = ''
|
|
postgres root postgres
|
|
'';
|
|
|
|
authentication = lib.mkForce ''
|
|
# TYPE DATABASE USER ADDRESS AUTH-METHOD [auth-options]
|
|
host hexname-backend hexname-backend 127.0.0.1/24 scram-sha-256
|
|
# host all powerdns-user 127.0.0.1/24 scram-sha-256
|
|
# local all root trust
|
|
'';
|
|
|
|
ensureUsers = [ { name = "hexname-backend"; } ];
|
|
# No need to define the DB since `diesel` creates everything
|
|
|
|
# This password is only the initial one - don't get too excited
|
|
initialScript = pkgs.writeText "set-initial-password-script" ''
|
|
alter user hexname-backend with password 'shuaze-gagyof';
|
|
'';
|
|
};
|
|
}
|
|
|