Fix postgres, enable atuin

2024-09-06 16:44:15 -05:00 · 2024-09-06 16:44:15 -05:00 · 379adc7ec6
parent 639aad8c8a
commit 379adc7ec6
1 changed files with 120 additions and 108 deletions
--- a/nixos/beefcake.nix
+++ b/nixos/beefcake.nix
@ -362,6 +362,17 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
    #   };
    # }
    {
+      # services.postgresql = {
+      #   ensureDatabases = [
+      #     "nextcloud"
+      #   ];
+      #   ensureUsers = [
+      #     {
+      #       name = "nextcloud";
+      #       ensureDBOwnership = true;
+      #     }
+      #   ];
+      # };
      # nextcloud
      # users.users.nextcloud = {
      #   isSystemUser = true;
@ -369,8 +380,15 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
      #   group = "nextcloud";
      # };
    }
+    {
+      # plausible
+      # ensureDatabases = ["plausible"];
+      # ensureUsers = [
      #   {
-    #   # plausible
+      #     name = "plausible";
+      #     ensureDBOwnership = true;
+      #   }
+      # ];
      #   users.users.plausible = {
      #     isSystemUser = true;
      #     createHome = false;
@ -439,7 +457,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
      #       reverse_proxy :${toString config.services.plausible.server.port}
      #     '';
      #   };
-    # }
+    }
    # {
    #   # clickhouse
    #   environment.etc = {
@ -562,46 +580,31 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
      # };
    }
    {
+      systemd.tmpfiles.settings = {
+        "10-backups" = {
+          "/storage/postgres" = {
+            "d" = {
+              mode = "0770";
+              user = "postgres";
+              group = "postgres";
+            };
+          };
+        };
+      };
      services.postgresql = {
        enable = true;
-        ensureDatabases = [
-          "daniel"
-          "plausible"
-          "nextcloud"
-          "atuin"
-        ];
-        ensureUsers = [
-          {
-            name = "daniel";
-            ensureDBOwnership = true;
-          }
-          {
-            name = "plausible";
-            ensureDBOwnership = true;
-          }
-          {
-            name = "nextcloud";
-            ensureDBOwnership = true;
-          }
-          {
-            name = "atuin";
-            ensureDBOwnership = true;
-          }
-        ];
        dataDir = "/storage/postgres";
        enableTCPIP = true;

        package = pkgs.postgresql_15;

        # https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
+        # TODO: enable the "daniel" user to access all databases
        authentication = pkgs.lib.mkOverride 10 ''
          #type database  user      auth-method    auth-options
          local all       postgres  peer           map=superuser_map
          local all       daniel    peer           map=superuser_map
          local sameuser  all       peer           map=superuser_map
-          # local plausible plausible peer
-          # local nextcloud nextcloud peer
-          # local atuin     atuin     peer

          # lan ipv4
          host  all       daniel    192.168.0.0/16 trust
@ -927,19 +930,28 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
    #     };
    #   };
    # }
-    # {
-    #   services.atuin = {
-    #     enable = true;
-    #     database = {
-    #       createLocally = true;
-    #       # uri = "postgresql://atuin@localhost:5432/atuin";
-    #     };
-    #     openRegistration = false;
-    #   };
-    #   services.caddy.virtualHosts."atuin.h.lyte.dev" = {
-    #     extraConfig = ''reverse_proxy :${toString config.services.atuin.port}'';
-    #   };
-    # }
+    {
+      services.postgresql = {
+        ensureDatabases = ["atuin"];
+        ensureUsers = [
+          {
+            name = "atuin";
+            ensureDBOwnership = true;
+          }
+        ];
+      };
+      services.atuin = {
+        enable = true;
+        database = {
+          createLocally = false;
+          uri = "postgresql://atuin@localhost:5432/atuin";
+        };
+        openRegistration = false;
+      };
+      services.caddy.virtualHosts."atuin.h.lyte.dev" = {
+        extraConfig = ''reverse_proxy :${toString config.services.atuin.port}'';
+      };
+    }
    # {
    #   # jland minecraft server
    #   users.groups.jland = {