nixos-servers/nixos/modules/terraform-database/default.nix

50 lines
1.4 KiB
Nix
Raw Normal View History

2023-11-24 12:52:51 +00:00
{ pkgs, lib, config, ... }:
2023-12-29 12:46:12 +00:00
let cfg = config.lab.terraformDatabase;
2023-11-24 12:52:51 +00:00
in {
2023-12-29 12:46:12 +00:00
options.lab.terraformDatabase.enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to start a postgreSQL database for Terraform states
'';
2023-11-24 12:52:51 +00:00
};
config = lib.mkIf cfg.enable {
2023-12-29 12:46:12 +00:00
networking.firewall.allowedTCPPorts = [ 5432 ];
2023-11-24 12:52:51 +00:00
services.postgresql = {
enable = true;
ensureDatabases = [ "terraformstates" ];
package = pkgs.postgresql_15;
enableTCPIP = true;
2023-12-26 12:44:59 +00:00
2024-01-06 23:22:44 +00:00
dataDir = "${config.lab.storage.dataMountPoint}/postgresql/${config.services.postgresql.package.psqlSchema}";
2023-12-26 12:44:59 +00:00
2023-11-24 12:52:51 +00:00
authentication = ''
2023-11-25 12:41:49 +00:00
hostssl terraformstates terraform all cert
2023-11-24 12:52:51 +00:00
'';
2023-12-26 12:44:59 +00:00
settings =
let
serverCert = builtins.toFile "postgresql_server.crt"
(builtins.readFile ./postgresql_server.crt);
in
{
ssl = true;
ssl_cert_file = serverCert;
ssl_key_file = config.age.secrets."postgresql_server.key".path;
ssl_ca_file = serverCert;
};
2023-12-26 12:44:59 +00:00
ensureUsers = [{ name = "terraform"; }];
2023-11-24 12:52:51 +00:00
};
age.secrets."postgresql_server.key" = {
file = ../../secrets/postgresql_server.key.age;
2023-11-24 12:52:51 +00:00
mode = "400";
owner = builtins.toString config.ids.uids.postgres;
group = builtins.toString config.ids.gids.postgres;
};
};
}