setup sops, added pg user and pass for vaultwarden

commit: b618460ac3cb7879868f074ab7a9426319e8d754 [log] [tgz]
author: TheCodedProf <samuel.shuert@gmail.com> Tue Jun 13 17:04:59 2023 -0400
committer: TheCodedProf <samuel.shuert@gmail.com> Tue Jun 13 17:04:59 2023 -0400
tree: 32bfd62638da7ad1b10e21032994de5983cb981c
parent: d23784c80cd04acc8e0a966e1bb32ea312cb64f6 [diff] [blame]
diff --git a/modules/postgres.nix b/modules/postgres.nix
index 742e3d4..8f6c5f1 100644
--- a/modules/postgres.nix
+++ b/modules/postgres.nix

@@ -10,6 +10,10 @@
       log_destination = lib.mkForce "syslog";
     };
 
+    ensureDatabases = [
+      "vaultwarden"
+    ];
+
     ensureUsers = [
       {
         name = "clicks_grafana";
@@ -24,6 +28,12 @@
           "DATABASE synapse" = "ALL PRIVILEGES";
         };
       }
+      {
+        name = "vaultwarden";
+        ensurePermissions = {
+          "DATABASE vaultwarden" = "ALL PRIVILEGES";
+        };
+      }
     ] ++ (map
       (name: (
         {
@@ -55,6 +65,7 @@
     )
     (lib.mkAfter (lib.pipe [
       { user = "clicks_grafana"; passwordFile = config.sops.secrets.clicks_grafana_db_password.path; }
+      { user = "vaultwarden"; passwordFile = config.sops.secrets.clicks_bitwarden_db_password.path; }
     ] [
       (map (userData: ''
         $PSQL -tAc "ALTER USER ${userData.user} PASSWORD '$(cat ${userData.passwordFile})';"
@@ -65,6 +76,7 @@
 
   sops.secrets = lib.pipe [
     "clicks_grafana_db_password"
+    "clicks_bitwarden_db_password"
   ] [
     (map (name: {
       inherit name;
commit	b618460ac3cb7879868f074ab7a9426319e8d754	[log] [tgz]
author	TheCodedProf <samuel.shuert@gmail.com>	Tue Jun 13 17:04:59 2023 -0400
committer	TheCodedProf <samuel.shuert@gmail.com>	Tue Jun 13 17:04:59 2023 -0400
tree	32bfd62638da7ad1b10e21032994de5983cb981c
parent	d23784c80cd04acc8e0a966e1bb32ea312cb64f6 [diff] [blame]