server: add secrets to nextcloud and postgresql

2022-12-27 09:25:23 +01:00
parent 92a56bff1c
commit 211e8cbca2
6 changed files with 66 additions and 8 deletions
--- a/modules/services/server/postgresql.nix
+++ b/modules/services/server/postgresql.nix
@@ -21,18 +21,16 @@
        timezone = "Europe/Berlin";
    };
    authentication = pkgs.lib.mkOverride 14 ''
-        local all        postgres                  peer
+        #local all        postgres                  peer
        host  giteadb     gitea           samehost scram-sha-256
        host  nextclouddb nextcloud       samehost scram-sha-256
-        host  synapsedb   synapse_user    samehost scram-sha-256
+        host  synapsedb   synapse         samehost scram-sha-256
        host  whatsappdb  mautrixwa       samehost scram-sha-256
        host  telegramdb  mautrixtele     samehost scram-sha-256
        host  signaldb    mautrixsignal   samehost scram-sha-256
-        #host  facebookdb  mautrixfacebook samehost scram-sha-256
-        #host  xmppdb      ejabberd        samehost scram-sha-256
-        #host  prosodydb   prosody         samehost scram-sha-256
        host  keycloakdb  keycloak        samehost scram-sha-256
    '';
+    initialScript = config.age.secrets."services/postgresql/initScript".path;
    ensureDatabases = [
        "giteadb"
        "nextclouddb"
@@ -90,4 +88,9 @@

  services.postgresqlBackup.enable = true;

+  age.secrets."services/postgresql/initScript" = {
+      file = ../../../secrets/services/postgresql/initScript.age;
+      owner = "postgres";
+  };
+
 }