From baa18a192970790547246db66d3393a730531913 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Fri, 24 Nov 2023 10:48:18 +0100
Subject: [PATCH] add terraform user permit terraformstates db access to
 terraform user

---
 modules/custom.nix | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/modules/custom.nix b/modules/custom.nix
index 6f721b3..aebc25b 100644
--- a/modules/custom.nix
+++ b/modules/custom.nix
@@ -64,15 +64,18 @@
         "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
       # TODO: for now trust, replace this with client certificate later
       authentication = ''
-        hostssl terraformstates all all trust
+        hostssl terraformstates terraform all trust
       '';
       settings = {
         ssl = true;
-        # TODO: create key pair for server
         ssl_cert_file = builtins.toFile "postgresql_server.crt"
           (builtins.readFile ../postgresql_server.crt);
         ssl_key_file = config.age.secrets."postgresql_server.key".path;
       };
+      ensureUsers = [{
+        name = "terraform";
+        ensurePermissions = { "DATABASE terraformstates" = "ALL PRIVILEGES"; };
+      }];
     };
 
     age.secrets."postgresql_server.key" = {
@@ -81,10 +84,5 @@
       owner = builtins.toString config.ids.uids.postgres;
       group = builtins.toString config.ids.gids.postgres;
     };
-
-    # age.secrets."postgresql_server.key" =
-    #   lib.mkIf config.custom.terraformDatabase.enable {
-    #     file = ../secrets/postgresql_server.key.age;
-    #   };
   };
 }