forgeje: use 2222 port for ssh

server: move caddy to seperate module
2024-11-01 12:45:18 +11:00 · 2024-11-01 12:45:18 +11:00 · 90e096262b
commit 90e096262b
parent 52cb6d10bc
9 changed files with 116 additions and 135 deletions
--- a/modules/nixos/server/database/default.nix
+++ b/modules/nixos/server/database/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./postgresql.nix
+  ];
+}
--- a/modules/nixos/server/database/postgresql.nix
+++ b/modules/nixos/server/database/postgresql.nix
@ -6,19 +6,33 @@
  inherit (lib) mkIf elem optionals;
  inherit (config.ooknet.server) services database;
 in {
-  config = mkIf database.postgresql {
+  config = mkIf database.postgresql.enable {
    services.postgresql = {
      enable = true;
+
+      checkConfig = true;
+
      ensureDatabases = optionals (elem "forgejo" services) ["forgejo"];
-      ensureUsers = optionals (elem "forgejo" services) [
-        {
-          name = "forgejo";
-          ensurePermissions = {
-            "DATABASE forgejo" = "ALL PRIVILEGES";
-          };
-        }
-      ];
+
+      ensureUsers =
+        [
+          {
+            name = "postgres";
+            ensureClauses = {
+              login = true;
+              superuser = true;
+              replication = true;
+              createdb = true;
+              createrole = true;
+            };
+          }
+        ]
+        ++ (optionals (elem "forgejo" services) [
+          {
+            name = "forgejo";
+            ensureDBOwnership = true;
+          }
+        ]);
    };
  };
 }
-