waffentrager: prepare auth service

2024-04-02 19:43:49 +02:00 · 2024-04-02 19:43:49 +02:00 · b485f8a228
parent 47c8d1c4ea
commit b485f8a228
2 changed files with 29 additions and 0 deletions
--- a/configurations/host/waffentrager/services/auth.nix
+++ b/configurations/host/waffentrager/services/auth.nix
@ -0,0 +1,27 @@
+{ materusArg, config, lib, pkgs, ... }:
+{
+  options.waffentragerService.auth.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable auth";
+
+  config =
+    let
+      cfg = config.auth.postgresql;
+    in
+    lib.mkIf cfg.enable {
+      waffentragerService.elements.enable = true;
+      waffentragerService.nginx.enable = true;
+
+      services.postgresql.enable = true;
+      services.postgresql.package = pkgs."postgresql_${cfg.version}";
+      services.postgresql.dataDir = "${config.waffentragerService.elements.postgresqlDir}/${cfg.version}";
+      services.postgresql.enableJIT = true;
+      services.postgresql.authentication = pkgs.lib.mkOverride 10 ''
+        local all all trust
+        host all all 127.0.0.1/32 scram-sha-256
+      '';
+      systemd.services.postgresql = {
+        partOf = [ "elements-mount.service" ];
+        requires = [ "elements-mount.service" ];
+        after = [ "elements-mount.service" ];
+      };
+    };
+}
--- a/configurations/host/waffentrager/services/default.nix
+++ b/configurations/host/waffentrager/services/default.nix
@ -8,6 +8,7 @@
      ./gitea.nix
      ./nginx.nix
      ./nextcloud.nix
+      ./auth.nix
    ];
  waffentragerService.elements.enable = true;
  waffentragerService.postgresql.enable = true;
@ -15,4 +16,5 @@
  waffentragerService.gitea.enable = true;
  waffentragerService.nginx.enable = true;
  waffentragerService.nextcloud.enable = true;
+  waffentragerService.auth.enable = true;
 }