mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
47 lines
1.2 KiB
Nix
47 lines
1.2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.modules) mkIf mkMerge mkOptionDefault mkDefault;
|
|
inherit (lib.options) mkOption mkEnableOption;
|
|
inherit (lib.lists) any;
|
|
cfg = config.services.postgresql;
|
|
ensureUserModule = { config, ... }: {
|
|
options = with lib.types; {
|
|
tailscale = {
|
|
allow = mkEnableOption "tailscale TCP connections";
|
|
database = mkOption {
|
|
type = str;
|
|
};
|
|
};
|
|
};
|
|
config = {
|
|
tailscale.database = mkIf (config.ensureDBOwnership) (
|
|
mkOptionDefault config.name
|
|
);
|
|
};
|
|
};
|
|
in {
|
|
options.services.postgresql = with lib.types; {
|
|
ensureUsers = mkOption {
|
|
type = listOf (submodule ensureUserModule);
|
|
};
|
|
};
|
|
config.services.postgresql = {
|
|
enableTCPIP = mkIf (any (user: user.tailscale.allow) cfg.ensureUsers) (
|
|
mkDefault true
|
|
);
|
|
authentication = let
|
|
allowTail = { database, user }: ''
|
|
host ${database} ${user} fd7a:115c:a1e0::/96 md5
|
|
host ${database} ${user} fd7a:115c:a1e0:ab12::/64 md5
|
|
host ${database} ${user} 100.64.0.0/10 md5
|
|
'';
|
|
in mkMerge (map
|
|
(user: mkIf user.tailscale.allow (
|
|
allowTail { inherit (user.tailscale) database; user = user.name; }
|
|
)) cfg.ensureUsers
|
|
);
|
|
};
|
|
}
|