From d211fb72c406e2d61dc43d531ac4ac7b7c6babca Mon Sep 17 00:00:00 2001
From: Kabbone <tobias@opel-online.de>
Date: Wed, 28 Dec 2022 11:51:37 +0100
Subject: [PATCH] services: move all user operations in initscript

---
 modules/services/server/postgresql.nix     |  44 ---------------------
 secrets/services/postgresql/initScript.age | Bin 2971 -> 2991 bytes
 2 files changed, 44 deletions(-)

diff --git a/modules/services/server/postgresql.nix b/modules/services/server/postgresql.nix
index e08d452..bc6593c 100644
--- a/modules/services/server/postgresql.nix
+++ b/modules/services/server/postgresql.nix
@@ -31,50 +31,6 @@
         host   keycloakdb  keycloak       localhost scram-sha-256
     '';
     initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
-    ensureUsers = [
-        {
-            name = "gitea";
-            ensurePermissions = {
-                "DATABASE giteadb" = "ALL PRIVILEGES";
-            };
-        }
-        {
-            name = "nextcloud";
-            ensurePermissions = {
-                "DATABASE nextclouddb" = "ALL PRIVILEGES";
-            };
-        }
-        {
-            name = "synapse";
-            ensurePermissions = {
-                "DATABASE synapsedb" = "ALL PRIVILEGES";
-            };
-        }
-        {
-            name = "mautrixwa";
-            ensurePermissions = {
-                "DATABASE whatsappdb" = "ALL PRIVILEGES";
-            };
-        }
-        {
-            name = "mautrixtele";
-            ensurePermissions = {
-                "DATABASE telegramdb" = "ALL PRIVILEGES";
-            };
-        }
-        {
-            name = "mautrixsignal";
-            ensurePermissions = {
-                "DATABASE signaldb" = "ALL PRIVILEGES";
-            };
-        }
-        {
-            name = "keycloak";
-            ensurePermissions = {
-                "DATABASE keycloakdb" = "ALL PRIVILEGES";
-            };
-        }
-    ];
   };
 
   services.postgresqlBackup.enable = true;
diff --git a/secrets/services/postgresql/initScript.age b/secrets/services/postgresql/initScript.age
index 60736fc8f702afca23b256fa901b82e233c00273..9f05c38d0d87d2708dc836b12ee69933258c3a80 100644
GIT binary patch
literal 2991
zcmY+CYg|kT1BVMq(^AN~t(EIqQ)bRgXD(8iGxwP@_s%qvOXhm!exGS(h|N#fgtfU;
z?yXB9i!Bz(s}d3^Y?9k98!9S<lHGUr!~5a=^8fn$p6B;hp}KgTP2&nUJVv{1p52Aw
zd;lgsIo9nq#Ot&K5Co{PHXYNik;F2!ez8JD;hBV1NY1yh_+p9zg<z%_CF=m58eu?y
zQGjxI)}S5Z4^U7KPmc>~xeALum1+z)(h)9REHqMSK_XwDz(gD#uaaiBBLAbg+^Sf)
z$HaC>Fl-RZahcKsA|44=TX8I@gOq?32s|7<$7seGh(3eF44Sd2RvC=A-6{v<Gx7l{
z6E?HlIF=wN!1z@NHXwKNd<s6C8VFce>5d>M0B!0_A%#xzr`ZK`lGZL|k*Ru|&7rc9
zbOt2B%f^aq9->o63Sg)rmf3?B;JqlFBSVR>-zcRRgAy@Q=deI}i9uwr$pJvh$8z-u
z%n>q-46>OaP!f2M#6oiO0~o%-;6dr25cPXp9-f3k^4dufBP^1EW((DC04*RD&lQqc
zo}d^BT5NQVUoO%K34XaQpfCqyY7CyP2xuTPjmo3?VJ};ycBM1KE{z|x`ZLY41RV)R
zbaX?S7N?>+@C+wCAmma(7HR-xEN3t?6T*1p5RM;UA|fW<kK>@AD8Xr05TW#R4^NqC
zRBD8LA!wq)3L>hIGJ|Y~D@e5yMQD1O+NbauAQ0oQQT=8uAQp*;=s#|HBNJz35wte5
z!9jH}j2ezDpaM}al}1Jxc#X!7nB4}VokxZBE<Ydf1~Kjg#7H4aX$}{bD$C?50GtX@
zTKNhJClzK0{Rj^N1dyAI=<EucNh8wJwQ>ttZBExwV1`6#^kQ)4pwe&BkpZPS!C+w!
zLB2*{gRwM7q)oLd7*ewka4<O_36<KUpiQ84@#q{-Y^DhSjlw`zyD(ZKs`lb_3{a%S
z%N<sQ%nIp&bfFb5ND~S0bOS$4?<1;BCaH?Va0ZPsHEh-!EIfiLK^p)dlLcd<Q+ZgJ
zZ?JPM6r0*6gz!YEA;4ll3bNluaN@OkDMxGN%gqSo-yb`SzIX=#B*mgGDH+U+rFpC}
zj~w;M{Q+i>q_-%20tuIr%B82l9Et-_djXvutA#W~JS@OSTs9QuX`B!hp#xUP=b<VP
zmq?#(qxiKPB>++>@_&X&^Kk#4C6%CFi6oZhl9Smc9_Vl*M!Au~VNw`qTBc5_O7$91
z2`W{4wOT)34g0-R8HN{d*bz{w^2+oYGsqYF)5%;79Kf685X+^N;8B}Vh}UvNdY1WL
zuj$Ho)TL9ob+MY*)CIFy(=k#A7cf{oFx6lZQ&J(Ofs2QIK@lOyrYYGl52m_B0lbV1
zY1n3&n#iXRQwb!OAOYr(iFA$$!eQJH!>0_$xPU6?v6vKcpV<{8Bya$c+6+MwOniKN
zteI_>QvnA^a>{L1I+Y-_3&}(~l&VxxDRi5W%*xbYNj4eZspDe)jF~AFZcfX88i!!U
zY~L?lUzioyFr@Tpxv%r}j6>z{)xrIrmcL=H>yN|!Rjo^$F>S@}3tKu5oxPF2j}&Qq
zEzSs8Cj6Q0JaOzdO3&-S`LdKMvOsETBVhLAC@*o|S<aoGmN^NR+*^FdNSyzIZoX;g
z8oK2(c;y>MUa$;5CVouYYSZ!Vv1i<08%67K&L;m_)VkpM^r>+}4XSF9>~hPJ`x_!F
z^UuwFy=A&>Yuc%4t{tq~Gmx@1F_EWsoIm?Mf9qy2r!QI4uR0ic_<Dpg6WDXbN@7!E
z4ve|zI9kwr=Um#mdPo1Jb>{fy^7qb_EqmFXYm*+0B<*<Bza;}GXzpoo{vMy%I{f<4
zsr#<f^?ouu{H=%=jvq&R!5^~f-lQ`12qb!VkFxLb#zpC=gr!Hl`%L@|*P3eRuRh)T
z<HYcp^NKs7KfUur>>Br=uY&MOp1-JMNm<Y}Fse${hH{7ncS9M@wA%%b3XPN296x2~
zJYTK6owO6_(VYIw*mkk0vupWRw@O=rA01*^;*!x*+(Q2=2Vrbx?=cN!S?71TCt0P@
zC16j}uG$m^FVC{!d}G(Os@f26>=)&iqkr0ZtSS9JdDx}kqT(;-T|GK?`LN-)+pW)^
zY~Gf#p?2AsKiRbC!S+$L(0%5{F=JZ>JKQ$7Zm+llEVlo|uUpm!fAuX#D*4!bcAV<K
zwf>h;`q<g6<&04uKHoXzn_5Xhmgh+;YpW0DOP1XNd`n`Y<M`g*xQV&k`wu<!vv18i
zI2>ryBXbkWoVl1mRSyu>dQ!aV;F9(wQE9`5&X1_0yd|s4icY+`ggxHzq4@f=A+u7z
z*ozK&=9xv`lDE_9zPp_BO_$(tV*j?Jk&D?FVfdCst;wY`R%L(z(V7)zN)cvhfx^3Z
zA1UH);~{5U_Z)HC-=v)1Z%mMeZ!T7UmpW?k)Is3}+dyatbEvY?V$3TW<|_ED`T#j4
z;Y{Tde}TYA#zYE*%ifigU73EcC{us6OuD0FZb<|1Zu6-7;kV{IX&1LM6=7Lxri_Ez
z8`t;mjv8e;e4w|mq2tlo#+Hog#X|*Ex$nEn>*su3E(T)9EDepSor%5u=rM;<@$ec?
zC4E#Vk{*9?D73dObW;&)N6dxlC(~wP&dBx2k_F+FSoO&4{kw%lBZIB<VK>Vj*VG|(
zHMs(P$s6v3XE&+{v(^Nkgr=^zXjkeN>J#FguJrH+T01N0DWu7=pmQ-?M|_Y^3h9n2
zmB%b--`Od9k;r*DKk>_xcjpGtnoT332lHn?uWCV7;d4jibcEfNRGip~jZM-WSon6-
z^Geau{O}zENus*PJBpJIl=43YH+I(slWx026t*eEQi$Fa`8tJ+#8)8|7xQ`^{PZ>9
z+0d@+N8CA-XNN^wp4aNWUsPMN!mh2qB=?5p=qlQDv^4=kcr(_rY3a&03zv&O3+6MS
zJGS%b3F#faRhNhGM<)@Lk?68R!HToQyoMt`H1O(Iq4Uw&D*rp++H=&tA}fDW{nA%!
zkA8^CdjA7-l<+2QNn6yE9Q^pPCwf1eo?Q@ui_chpvjN<7q;mASSELqXGk)I|9e(^J
z&DDagbL-j?k1h`iNvm5r!oS$=oV=EFr0{)JZvm!ccf{C;)BN9;{yyGYb+$EU`_luX
zI}Sf%p4eIZsS;{~nj%WW`!-}x<^M?^GmUE9Rg*PKvQiOD%Iq3&x1>*|x!&%Y_gOMg
z=P&%&mM|^rl73eGKu>;ga69(W^ur}rk+_?4_9lZj!%*AAv6YXXG5fBMkBL-i-xL@A
zlgKjoaLj7(6b~v2`9wTh+&jAe`O9NUZ(s6**~D#&{)oCGUR5~T`ks>=-M=FH={oyj
z?ykJQ`^CP?gXHLd0-$35XzHF^##$TJw`TBB0)3`p&DH&LUjBIS9;4)VW%Sx}*pzer
zy}x{WNq4rn`F=%1WA4EwPE$tr7u5-Xcv$<-f7PtNn*U{IBqUAinlda~${s!WcK+(w
zduBe}-Z*KGD{EzG%&;fx8ZyXtHZ2R?y)t{lefs{&axn})*vH8Lo#m+?hU5;s*){8J
zO0`Cd|7PQ)W1;~@YglJi|J~0(_4SXTrB4PDo37+XVYfalsGnPU@7xEa|8?a~#e}^_
zU3VK#PM9-PU#j~4>h2nQ?oAGyRLxPo-HCa5dcwTV+>p2%zv8?PNA&v+Q46c`{)*FU
zhdW11ocy>6EpiXAIDzBIQy9C7e+Xq(9(kUHAN^H7uzvI87b#_iE%u!Yycd2{Z-PhF
zA8wd9n76}|vr7N{$eh#OzOnm0uE)Hr+S)T8sp$_nWZqxVeqmvA7&iNFleF%a%~O-^
ZZ!Kxw?Z4uQ#a1$1RPa|~_Jlyme*vSw|6>3E

literal 2971
zcmY+@_ghnk0>*KLiV|^;Y6Xp;REU_pppNWwLN?hrI62v5oSaNjEfo~e)(tW&h@w_e
zs#X-Y;=<Mk6<l>7B8a<M>j06<ZGX5w+`r)Se4poiA&V)+<bu&0#AkE6X1P%dK0w5z
z%)xrS))bSGM5Pj$SeJ<xg5_8#A)Ba@yX1h#rOwF)b$Y8uj1ODDbW{UKl^RIs1spUc
z!3%^e7>|nY15hbnhQ~`}ES?XvXN$yot4nNv6g-bZptFQCm?kgmAjtoxp<W29_Spr9
z9K(Smbez#jqnVw2l{FxyyNx0#*J$=h_!PF@9^y$T44cWrF#$%vq4fz#BE85VlR^?P
zU!<iGxfqVut<eJ(B?ORdK|;FB<Kbs`(lvn)q98M<W;5)9as+w?!O9d$HAYofN<vt0
zAYe1Pt!zF@gD^tBTSWFjVIiubQdJyfh=3PS1aeKt=ao?9qA-UIT4@@{LRJfWEE@=`
z4Pl+dU<GI{yw0v-xiA?3pTSUY+*T?+><DWBp)H-s0jx?0&hS`K1xzvn4jhEAbNpfu
zr}7w>A-A4Lrx|@#oYo->kT56}k!d9Xhk#-c+VB|&fgDB{PM(bgTkWu$hZ30*ipQA~
z4k+aagM;KaZ8k62js^u>Bt-Q4K#bmrz)Ch%CAGQJc_Ey@sP)s?;-CtY%0O$-sihGp
z9@Gb0NCcb&^|EA$hTs=ufG|5G<>*N)JH``8*Wn2?B24zl$R5)_l*?wONdjB}J|qk{
zC@QZ<hIgC1Qnr9fvU;=iW`;{hFeqTapvAi(Ge+p6a6l9RIRcr{KtpsykS6z2Ktuwm
z#4y3bm-z!m5mhDxl^ndrU}m~G<_wNXV9geqaCid~!5B0)vfd)1BOudF_G*JJh=PZO
zTs1LFwJ|AfE=OXtKy)jY<EQZ0Fw^Ar2@O_?4#)sGJQfggU<6d6gTO^iMnGZm;DkaB
zi0}eFRO%FxtPoerCMsw?7D=E8fZ0x^fX51unPwg23ChUcfJX_NFy3^#N(bxIJ|mzE
zGXT_>0SXLyK9T2lL39^e=`vdNs7FF&>j?ku7_kLX5E7M!wV(<*HHc-=+yu8DXOYwJ
zWQj>em7wOZn@usvD0DHAtW#&h%wSkU<`ZZl8%BlCNM~8q28IgZhY>nnM%PfSI3|xE
z^Fn4Ejm<&n{~RJ6fPw$F6mpASF2}NLWU|w$V&dowo0h8z_{ma%)&$dWN}*jJ0Kz6H
zM~%3sHgcFD#`v-WcCSf*I$>_eE4S+0W?2TPhAk$AQ~>JS1jy!q{A`}qC${|C^_@tS
zVnI!i*Mx<zs#KaxZ^pt&W^^8Q$@KY)0v>xJ#v#(!6d5E~1u!{2l;^=K5SExqWr0Lf
z5Y$2{4$JG3`N&R@Q7gv<NJ_O#OE*viS|<l_OQk#m29uJKf+dToI&nIah+|qj2D{tO
zBht7Wrdh0WGYv}6!1AyeZh=8*LQx(j={NY=ZCkx9Sl<~DiCf+j?<`a=vlg~)IrjVp
zcV+eQVw@mtjOzKVq-#^=|FnAWZ@A@I9}{TTSFWr19y?zP_am!CWpZ@<pL|P!8uL+m
zVwm4Bc{Z&))_apA98f;<*owAtxcKX{yCWID-`MbG7o7K&6u;b3-nKDe@{B9d@q$lh
zT3a}M+`59aew`4FggWXPG!^DE6@TL|w_jejjW<!)zpry<ebY~Io!-W)w!YDsUu3^u
zJ3Lu#BNUCQx|~-2)f{^099WW!r)`-tJHL{4>V@zb$a>VJDh_8)r_5axk-#djbT539
zcc1%B%oU(<?dkiu)5=c>(_4@AjqlSbqx)HV2Dk25{O;DAHE)lH^^HySor$r`gSX=R
zrRV8aDxUo{JnuqmRE70o;D^RPj+^?9ynR}0Z#Yv?y8AP{6W*OS{F*;D3SL!}R(1BO
z5c6qK{f`45hDLFal7iPX&q4L+vTvJp9M;;V)FG93!`Ru!3Tgz>VpnN!Nnep>OIv@6
z{C8K&=U>iENLnzF@gcYIdD-Wd%dC=HafOso&u1(dReEpsw_9DBaj}E`Q$4wdRdSXw
ztcx(?q@wk~=J@W&r}v;8@hWQwjIdOnrP6e1_Y-rkIZeQwcPs??Vd~zV@2Igu<|`+(
zoT^SM9Tq{zly6BMeS3RgdHs=@C6ANi2Rtg=esE|=b9Li}_pX$8&dR}C+MCBLEPhgP
z^-FzQURLJNjmQ$mTp4n4>S{)8?Z)<nqQw(8jcp~#IPPInG5LGW4v9*xleTpJa{og|
zTKDUxv#W=LZJupuf2JmBj$HdwviF&jvS#Yr?7Col+3{H)fJ?xE`tq%BCLbExG;RPe
zPIP|Sk(aoK&A}ae+P~NZ1%EyseY1PwhLPcX`ZDGGcFK#I>zl@W*Bo19n>FZp+3}wo
zY&24w{zxk}b*^lF@=-CEf9j2FM{D#k$8<;9*W;_ne;sO>2Q&$?cIDSD!r3RL&S{J5
zzYc*#UFPlu4f(YX28>=d@5^rtNu8-w^PsHaq4{I|rGsOMmitFPv=#I&DW199+njLg
zWwO&pE2(XNJTkOk`GKDkiaiZOpFQh<AHZvZoA?`;kpb;@*doEA$WTh^se;u{Zp8ok
zB6sPedyCgS7>(&%@y+fX7rB=<@5^LtS-UF!-lzDzS*SN=_JyO>+vXg0e7R)*-kQQb
zbFZbclDzq#{ieC0bvBUP-TfS#YFcg7R!1aSbdR<}c|(R9@=s^Ik8w?o-sKqC9oJm8
z`Psvw(WmD<Y+XEX*$vt(e0tAPEAJZg?IYQpw**0Z47MV;w<dUQ?ds?grqRT+18N6#
zTHHFd5nH_OK}t*uXT*{CD^0UHY}X^;DL6rY4>V$U`QMLED`V;=jfX%&Q|-nZC8;aj
zxL+RjBz_7;EkBBnJJ~uht8k&>Ze80S(a6x<5AUE(p5;Vbd1bdsk}>9{`C!=#Ot*RI
zy~D2??_9jKdtlW5w_R_y@7{!8{W@1WXQRCI^7pe^)?Y4<h@U~av?yWHjLuAjKeN(z
zWTb!Ygo!2dZ)4-$XADu~rhjN?Olr5xS2eHMbqSYuB(~tMc&~g9a7I<T;MKH|b!iQ$
z7xwigM{br}9}JVml^yD<YPei?DuTIfd+>Oh`|r62GrAb6#fF5D%hueTk{q%QJ>RCt
zxi0iRSo3Zce%+H|S#-QH?`~ID+^(uJ&w%}nt`i4#J)PUTf6|*DZyxh7*?0-)ktN>g
zcp?`q`r_68b0<G{z8tI5!?`u9l1s_YnwO4w|A*w`sjCfRYl`r2a_lSLVNStUpSw>o
zQ$2$QT3^-AOFb}s&~^h!nYds-GJ<pH{fOx4>wCxS*mrW^muKeog*N<WQI+{D_NKkC
zX^m>zVTbMFr74%3AyJXqfRbDv`}bf=K0iPGDDtaub%iUppYe-3GAoa>H>sNe>Z+I(
zZ_2KZ`fxY))}zS3?oZizB=PDJ>4nJkq$jKSdpU~_hAQpphl4xo@?wMwa(|}|1%D;>
zjWA^%F5D@&^J5K|SsxM6J0PlSZ~2htYpZfT=m+aS^{)p^jf7AAB|U+qDGOO!H@umf
zN>y#`NXe<{;MbY6-qge(K&?G)DgI^h+vMokJA>HEs*;|hwH+^0*WRwkufI@8J$7RN
zapREW&ZTn_P7W#P%UB;efAn_m`v+TGEz_RfU$tyo?z(LL?k0BZ7zXuBl>WhvbK6&p
z?IVx5wSMJqiKz5Idvf-UA0B_0F|Rg>J2$H^wqG%7s%`U$3CgB=xGbf<EBW(C!td{*
zc;fuZqUz3sHdD{u)2X3~n5U=q2{-l5%fG+k^EWR8RhqiKwvnZXwX8cTrlGdCM{we4
MU-5>7dF{Uc0`y$<tN;K2