Move jinx to system and assign postgres database
We wanted an easy way to view the jinx logs and to avoid using a
separate user account which is more complicated to operate, and has more
challenges in deployment, than a normal systemd service
Change-Id: I436247a14925316ec3dcd77fb18875dc35c69560
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/398
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>
diff --git a/modules/common/postgres.nix b/modules/common/postgres.nix
index a4e107e..7955bc2 100644
--- a/modules/common/postgres.nix
+++ b/modules/common/postgres.nix
@@ -15,8 +15,7 @@
log_destination = lib.mkForce "syslog";
};
- ensureDatabases =
- [ "vaultwarden" "gerrit" "privatebin" "keycloak" "nextcloud" "synapse" "taiga" ];
+ ensureDatabases = [ "vaultwarden" "gerrit" "privatebin" "keycloak" "nextcloud" "synapse" "taiga" "jinx" ];
ensureUsers = [
{
@@ -45,6 +44,14 @@
name = "taiga";
ensureDBOwnership = true;
}
+ {
+ name = "taiga";
+ ensureDBOwnership = true;
+ }
+ {
+ name = "jinx";
+ ensureDBOwnership = true;
+ }
] ++ (map (name: ({
inherit name;
})) [ "minion" "coded" "pineafan" ]);
@@ -53,6 +60,9 @@
authentication = "host all all samenet scram-sha-256";
};
+ systemd.services.postgresql.restartTriggers = [
+ config.systemd.services.postgresql.postStart
+ ];
systemd.services.postgresql.postStart = lib.mkMerge [
(let
database = "synapse";
@@ -93,6 +103,10 @@
user = "taiga";
passwordFile = config.sops.secrets.clicks_taiga_db_password.path;
}
+ {
+ user = "jinx";
+ passwordFile = config.sops.secrets.clicks_jinx_db_password.path;
+ }
] [
(map (userData: ''
$PSQL -tAc "ALTER USER ${userData.user} PASSWORD '$(cat ${userData.passwordFile})';"
@@ -121,6 +135,7 @@
"clicks_privatebin_db_password"
"clicks_nextcloud_db_password"
"clicks_taiga_db_password"
+ "clicks_jinx_db_password"
] [
(map (name: {
inherit name;