commit fe1740cc76af3fa3b69df4d588a3112384700003
author Skyler Grey <minion@clicks.codes> Sat Oct 21 01:24:18 2023 +0000
committer Skyler Grey <minion@clicks.codes> Sat Oct 21 01:24:18 2023 +0000
tree 4ef413c0cd2f3205fa1c5f431ad082edc382b127
parent 2ca6ccd8796707dd8231ce578da9183153b8632f

Format with nixfmt

Change-Id: If9839d2c3308538ac8f3e166b69675d3b40bd7d9

modules/postgres.nix

diff --git a/modules/postgres.nix b/modules/postgres.nix
index 2ae67bb..0613633 100644
--- a/modules/postgres.nix
+++ b/modules/postgres.nix
@@ -10,13 +10,8 @@
       log_destination = lib.mkForce "syslog";
     };
 
-    ensureDatabases = [
-      "vaultwarden"
-      "gerrit"
-      "privatebin"
-      "keycloak"
-      "nextcloud"
-    ];
+    ensureDatabases =
+      [ "vaultwarden" "gerrit" "privatebin" "keycloak" "nextcloud" ];
 
     ensureUsers = [
       {
@@ -28,76 +23,75 @@
       }
       {
         name = "synapse";
-        ensurePermissions = {
-          "DATABASE synapse" = "ALL PRIVILEGES";
-        };
+        ensurePermissions = { "DATABASE synapse" = "ALL PRIVILEGES"; };
       }
       {
         name = "keycloak";
-        ensurePermissions = {
-          "DATABASE keycloak" = "ALL PRIVILEGES";
-        };
+        ensurePermissions = { "DATABASE keycloak" = "ALL PRIVILEGES"; };
       }
       {
         name = "gerrit";
-        ensurePermissions = {
-          "DATABASE gerrit" = "ALL PRIVILEGES";
-        };
+        ensurePermissions = { "DATABASE gerrit" = "ALL PRIVILEGES"; };
       }
       {
         name = "vaultwarden";
-        ensurePermissions = {
-          "DATABASE vaultwarden" = "ALL PRIVILEGES";
-        };
+        ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; };
       }
       {
         name = "privatebin";
-        ensurePermissions = {
-          "DATABASE privatebin" = "ALL PRIVILEGES";
-        };
+        ensurePermissions = { "DATABASE privatebin" = "ALL PRIVILEGES"; };
       }
       {
         name = "nextcloud";
-        ensurePermissions = {
-          "DATABASE nextcloud" = "ALL PRIVILEGES";
-        };
+        ensurePermissions = { "DATABASE nextcloud" = "ALL PRIVILEGES"; };
       }
-    ] ++ (map
-      (name: (
-        {
-          inherit name;
-          ensurePermissions = { "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; };
-        }
-      )) [ "minion" "coded" "pinea" ]);
+    ] ++ (map (name: ({
+      inherit name;
+      ensurePermissions = { "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; };
+    })) [ "minion" "coded" "pinea" ]);
 
   };
 
   systemd.services.postgresql.postStart = lib.mkMerge [
-    (
-      let
-        database = "synapse";
-        cfg = config.services.postgresql;
-      in
-      lib.mkBefore (
-        ''
-          PSQL="psql --port=${toString cfg.port}"
+    (let
+      database = "synapse";
+      cfg = config.services.postgresql;
+    in lib.mkBefore (''
+      PSQL="psql --port=${toString cfg.port}"
 
-          while ! $PSQL -d postgres -c "" 2> /dev/null; do
-              if ! kill -0 "$MAINPID"; then exit 1; fi
-              sleep 0.1
-          done
+      while ! $PSQL -d postgres -c "" 2> /dev/null; do
+          if ! kill -0 "$MAINPID"; then exit 1; fi
+          sleep 0.1
+      done
 
-          $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}" WITH LC_CTYPE="C" LC_COLLATE="C" TEMPLATE="template0"'
-        ''
-      ) # synapse needs C collation, so we can't use ensureDatabases for it
+      $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}" WITH LC_CTYPE="C" LC_COLLATE="C" TEMPLATE="template0"'
+    '') # synapse needs C collation, so we can't use ensureDatabases for it
     )
     (lib.mkAfter (lib.pipe [
-      { user = "clicks_grafana"; passwordFile = config.sops.secrets.clicks_grafana_db_password.path; }
-      { user = "keycloak"; passwordFile = config.sops.secrets.clicks_keycloak_db_password.path; }
-      { user = "gerrit"; passwordFile = config.sops.secrets.clicks_gerrit_db_password.path; }
-      { user = "vaultwarden"; passwordFile = config.sops.secrets.clicks_bitwarden_db_password.path; }
-      { user = "privatebin"; passwordFile = config.sops.secrets.clicks_privatebin_db_password.path; }
-      { user = "nextcloud"; passwordFile = config.sops.secrets.clicks_nextcloud_db_password.path; }
+      {
+        user = "clicks_grafana";
+        passwordFile = config.sops.secrets.clicks_grafana_db_password.path;
+      }
+      {
+        user = "keycloak";
+        passwordFile = config.sops.secrets.clicks_keycloak_db_password.path;
+      }
+      {
+        user = "gerrit";
+        passwordFile = config.sops.secrets.clicks_gerrit_db_password.path;
+      }
+      {
+        user = "vaultwarden";
+        passwordFile = config.sops.secrets.clicks_bitwarden_db_password.path;
+      }
+      {
+        user = "privatebin";
+        passwordFile = config.sops.secrets.clicks_privatebin_db_password.path;
+      }
+      {
+        user = "nextcloud";
+        passwordFile = config.sops.secrets.clicks_nextcloud_db_password.path;
+      }
     ] [
       (map (userData: ''
         $PSQL -tAc "ALTER USER ${userData.user} PASSWORD '$(cat ${userData.passwordFile})';"
@@ -119,7 +113,8 @@
       value = {
         mode = "0400";
         owner = config.services.postgresql.superUser;
-        group = config.users.users.${config.services.postgresql.superUser}.group;
+        group =
+          config.users.users.${config.services.postgresql.superUser}.group;
         sopsFile = ../secrets/postgres.json;
         format = "json";
       };