add terraform user
permit terraformstates db access to terraform user
This commit is contained in:
parent
fbf8bb2ad6
commit
baa18a1929
1 changed files with 5 additions and 7 deletions
|
@ -64,15 +64,18 @@
|
||||||
"/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
|
"/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
|
||||||
# TODO: for now trust, replace this with client certificate later
|
# TODO: for now trust, replace this with client certificate later
|
||||||
authentication = ''
|
authentication = ''
|
||||||
hostssl terraformstates all all trust
|
hostssl terraformstates terraform all trust
|
||||||
'';
|
'';
|
||||||
settings = {
|
settings = {
|
||||||
ssl = true;
|
ssl = true;
|
||||||
# TODO: create key pair for server
|
|
||||||
ssl_cert_file = builtins.toFile "postgresql_server.crt"
|
ssl_cert_file = builtins.toFile "postgresql_server.crt"
|
||||||
(builtins.readFile ../postgresql_server.crt);
|
(builtins.readFile ../postgresql_server.crt);
|
||||||
ssl_key_file = config.age.secrets."postgresql_server.key".path;
|
ssl_key_file = config.age.secrets."postgresql_server.key".path;
|
||||||
};
|
};
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "terraform";
|
||||||
|
ensurePermissions = { "DATABASE terraformstates" = "ALL PRIVILEGES"; };
|
||||||
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."postgresql_server.key" = {
|
age.secrets."postgresql_server.key" = {
|
||||||
|
@ -81,10 +84,5 @@
|
||||||
owner = builtins.toString config.ids.uids.postgres;
|
owner = builtins.toString config.ids.uids.postgres;
|
||||||
group = builtins.toString config.ids.gids.postgres;
|
group = builtins.toString config.ids.gids.postgres;
|
||||||
};
|
};
|
||||||
|
|
||||||
# age.secrets."postgresql_server.key" =
|
|
||||||
# lib.mkIf config.custom.terraformDatabase.enable {
|
|
||||||
# file = ../secrets/postgresql_server.key.age;
|
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue