🔧 update postgres permissions

2023-11-27 12:14:54 -05:00 · 2023-11-27 12:14:54 -05:00 · 4c3c44f052
commit 4c3c44f052
parent c39bbfd5fc
3 changed files with 36 additions and 27 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1698429334,
-        "narHash": "sha256-Gq3+QabboczSu7RMpcy79RSLMSqnySO3wsnHQk4DfbE=",
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "afe83cbc2e673b1f08d32dd0f70df599678ff1e7",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
        "type": "github"
      },
      "original": {
@ -216,11 +216,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1699025595,
-        "narHash": "sha256-e+o4PoSu2Z6Ww8y/AVUmMU200rNZoRK+p2opQ7Db8Rg=",
+        "lastModified": 1701071203,
+        "narHash": "sha256-lQywA7QU/vzTdZ1apI0PfgCWNyQobXUYghVrR5zuIeM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "8765d4e38aa0be53cdeee26f7386173e6c65618d",
+        "rev": "db1878f013b52ba5e4034db7c1b63e8d04173a86",
        "type": "github"
      },
      "original": {
@ -267,11 +267,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1699044561,
-        "narHash": "sha256-3uHmbq74CicpBPP40a6NHp830S7Rvh33uFgfIIC+7nw=",
+        "lastModified": 1701020860,
+        "narHash": "sha256-NwnRn04C8s+hH+KdVtGmVB1FFNIG7DtPJmQSCBDaET4=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "87f8403371fa74d9ad21ed677403cc235f37b96c",
+        "rev": "b006ec52fce23b1d57f6ab4a42d7400732e9a0a2",
        "type": "github"
      },
      "original": {
@ -283,11 +283,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1697456312,
-        "narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=",
+        "lastModified": 1700794826,
+        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ca012a02bf8327be9e488546faecae5e05d7d749",
+        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
        "type": "github"
      },
      "original": {
@ -315,11 +315,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1698544399,
-        "narHash": "sha256-vhRmPyEyoPkrXF2iykBsWHA05MIaOSmMRLMF7Hul6+s=",
+        "lastModified": 1700905716,
+        "narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d87c5d8c41c9b3b39592563242f3a448b5cc4bc9",
+        "rev": "dfb95385d21475da10b63da74ae96d89ab352431",
        "type": "github"
      },
      "original": {
@ -331,11 +331,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1699094435,
-        "narHash": "sha256-YLZ5/KKZ1PyLrm2MO8UxRe4H3M0/oaYqNhSlq6FDeeA=",
+        "lastModified": 1701040486,
+        "narHash": "sha256-vawYwoHA5CwvjfqaT3A5CT9V36Eq43gxdwpux32Qkjw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9d5d25bbfe8c0297ebe85324addcb5020ed1a454",
+        "rev": "45827faa2132b8eade424f6bdd48d8828754341a",
        "type": "github"
      },
      "original": {
@ -356,11 +356,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1698852633,
-        "narHash": "sha256-Hsc/cCHud8ZXLvmm8pxrXpuaPEeNaaUttaCvtdX/Wug=",
+        "lastModified": 1700922917,
+        "narHash": "sha256-ej2fch/T584b5K9sk1UhmZF7W6wEfDHuoUYpFN8dtvM=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "dec10399e5b56aa95fcd530e0338be72ad6462a0",
+        "rev": "e5ee5c5f3844550c01d2131096c7271cec5e9b78",
        "type": "github"
      },
      "original": {
@ -393,11 +393,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1699021419,
-        "narHash": "sha256-oy2j2OHXYcckifASMeZzpmbDLSvobMGt0V/RvoDotF4=",
+        "lastModified": 1700967639,
+        "narHash": "sha256-uuUwD/O1QcVk+TWPZFwl4ioUkC8iACj0jEXSyE/wGPI=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "275b28593ef3a1b9d05b6eeda3ddce2f45f5c06f",
+        "rev": "4be58d802693d7def8622ff34d36714f8db40371",
        "type": "github"
      },
      "original": {
--- a/modules/drone/default.nix
+++ b/modules/drone/default.nix
@ -9,9 +9,7 @@
      ensureUsers = [
        {
          name = "drone";
-          ensurePermissions = {
-            "DATABASE drone" = "ALL PRIVILEGES";
-          };
+          ensureDBOwnership = true;
        }
      ];
    };
--- a/modules/gitea/default.nix
+++ b/modules/gitea/default.nix
@ -37,10 +37,21 @@ in
      dump.enable = false;

      database = {
+        createDatabase = false;
        type = "postgres";
+        name = "gitea";
+        socket = "/run/postgresql";
        user = "git";
      };
    };
+    postgresql = {
+      ensureDatabases = [ "gitea" ];
+      ensureUsers = [
+        {
+          name = "git";
+        }
+      ];
+    };
    postgresqlBackup.databases = [ "gitea" ];
  };
 }