76 lines
1.7 KiB
Nix
76 lines
1.7 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
catLines = builtins.concatStringsSep "\n";
|
|
|
|
userOpts = { config, ... }: {
|
|
options = {
|
|
passwd = mkOption {
|
|
type = types.str;
|
|
description = ''
|
|
The password of a given user.
|
|
'';
|
|
};
|
|
|
|
databases = mkOption {
|
|
type = types.attrsOf types.lines;
|
|
default = {};
|
|
description = ''
|
|
A list of databases to which this user should have access.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
grantDatabaseAccess = username: database: ''
|
|
GRANT CONNECT ON DATABASE ${database} TO USER ${username};
|
|
GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA ${database} TO USER ${username};
|
|
'';
|
|
|
|
createUserSql = username: userOpts: ''
|
|
CREATE ROLE ${username} ENCRYPTED PASSWORD ${userOpts.passwd};
|
|
${catLines (map (grantDatabaseAccess username) userOpts.databases)}
|
|
'';
|
|
|
|
createDatabaseSql = database: dbOpts: ''
|
|
CREATE DATABASE ${database};
|
|
USE ${database};
|
|
'';
|
|
|
|
dataPath = /srv + ("/" + config.networking.hostName);
|
|
|
|
in {
|
|
|
|
options = {
|
|
fudo.postgresql = {
|
|
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to enable the PostgreSQL server for Fudo services.
|
|
'';
|
|
};
|
|
|
|
databases = mkOption {
|
|
type = types.attrsOf types.lines;
|
|
default = {};
|
|
description = ''
|
|
A map of database_name => database_defn.
|
|
'';
|
|
};
|
|
|
|
users = mkOption {
|
|
type = with types; attrsOf (submodule userOpts);
|
|
default = {};
|
|
description = ''
|
|
A map of user_name => { user_attributes }.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|