add terraform user

permit terraformstates db access to terraform user
This commit is contained in:
Pim Kunis 2023-11-24 10:48:18 +01:00
parent fbf8bb2ad6
commit baa18a1929

View file

@ -64,15 +64,18 @@
"/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}"; "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
# TODO: for now trust, replace this with client certificate later # TODO: for now trust, replace this with client certificate later
authentication = '' authentication = ''
hostssl terraformstates all all trust hostssl terraformstates terraform all trust
''; '';
settings = { settings = {
ssl = true; ssl = true;
# TODO: create key pair for server
ssl_cert_file = builtins.toFile "postgresql_server.crt" ssl_cert_file = builtins.toFile "postgresql_server.crt"
(builtins.readFile ../postgresql_server.crt); (builtins.readFile ../postgresql_server.crt);
ssl_key_file = config.age.secrets."postgresql_server.key".path; ssl_key_file = config.age.secrets."postgresql_server.key".path;
}; };
ensureUsers = [{
name = "terraform";
ensurePermissions = { "DATABASE terraformstates" = "ALL PRIVILEGES"; };
}];
}; };
age.secrets."postgresql_server.key" = { age.secrets."postgresql_server.key" = {
@ -81,10 +84,5 @@
owner = builtins.toString config.ids.uids.postgres; owner = builtins.toString config.ids.uids.postgres;
group = builtins.toString config.ids.gids.postgres; group = builtins.toString config.ids.gids.postgres;
}; };
# age.secrets."postgresql_server.key" =
# lib.mkIf config.custom.terraformDatabase.enable {
# file = ../secrets/postgresql_server.key.age;
# };
}; };
} }