foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 10:58:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/plover: update PostgreSQL initial script

Browse Source 
We're doing the secure schema usage pattern as recommended from the
documentation. Since it is an initial script that will only run once, I
think it is OK to override steps such as creating roles ahead.
This commit is contained in:
Gabriel Arazas 2022-12-12 14:17:57 +08:00
parent 604cbbd48f
commit 4190b4a481
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/plover/default.nix
View File

@ -161,14 +161,17 @@ in
# feature). # feature).
initialScript = initialScript =
let let
# This will be run once anyways so it is acceptable to create users
# "forcibly".
perUserSchemas = lib.lists.map perUserSchemas = lib.lists.map
(user: "CREATE SCHEMA ${user.name};") (user: ''
CREATE USER ${user.name};
CREATE SCHEMA ${user.name} AUTHORIZATION ${user.name};
'')
config.services.postgresql.ensureUsers; config.services.postgresql.ensureUsers;
script = pkgs.writeText "plover-initial-postgresql-script" '' in pkgs.writeText "plover-initial-postgresql-script" ''
${lib.concatStringsSep "\n" perUserSchemas} ${lib.concatStringsSep "\n" perUserSchemas}
''; '';
in
script;
settings = { settings = {
log_connections = true; log_connections = true;