+ # Cannot use eldiron: psql complains too much rights on the key, and
+ # setfacl cannot work properly because of acme prestart script
+ security.acme.certs."postgresql" = config.services.myCertificates.certConfig // {
+ user = "postgres";
+ group = "postgres";
+ plugins = [ "fullchain.pem" "key.pem" "account_key.json" ];
+ domain = "db-1.immae.eu";
+ postRun = ''
+ systemctl reload postgresql.service
+ '';
+ };
+
+ system.activationScripts.postgresql = ''
+ install -m 0755 -o postgres -g postgres -d /run/postgresql
+ '';
+