gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: postgresql

Browse source
This commit is contained in:
arcnmx 2024-01-13 12:42:41 -08:00
parent a50966a8ea
commit 3d188ab76e
8 changed files with 80 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

47
modules/nixos/postgres.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
...
}: let
inherit (lib.modules) mkIf mkMerge mkOptionDefault mkDefault;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.lists) any;
cfg = config.services.postgresql;
ensureUserModule = { config, ... }: {
options = with lib.types; {
tailscale = {
allow = mkEnableOption "tailscale TCP connections";
database = mkOption {
type = str;
};
};
};
config = {
tailscale.database = mkIf (config.ensureDBOwnership) (
mkOptionDefault config.name
);
};
};
in {
options.services.postgresql = with lib.types; {
ensureUsers = mkOption {
type = listOf (submodule ensureUserModule);
};
};
config.services.postgresql = {
enableTCPIP = mkIf (any (user: user.tailscale.allow) cfg.ensureUsers) (
mkDefault true
);
authentication = let
allowTail = { database, user }: ''
host ${database} ${user} fd7a:115c:a1e0::/96 md5
host ${database} ${user} fd7a:115c:a1e0:ab12::/64 md5
host ${database} ${user} 100.64.0.0/10 md5
'';
in mkMerge (map
(user: mkIf user.tailscale.allow (
allowTail { inherit (user.tailscale) database; user = user.name; }
)) cfg.ensureUsers
);
};
}