X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fprivate%2Fdatabases%2Fpostgresql.nix;fp=nixops%2Fmodules%2Fdatabases%2Fpostgresql.nix;h=26242a8e02a2a25b00c321f3dae922ea5c7d0159;hb=182ae57f53731be220075bc87aff4d47a35563b8;hp=de0820f238ef1559145c3e64ad0e14858a318ca2;hpb=6c97d2d715620a1cdc3b8a785174590ec0dafb98;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/databases/postgresql.nix b/modules/private/databases/postgresql.nix
similarity index 68%
rename from nixops/modules/databases/postgresql.nix
rename to modules/private/databases/postgresql.nix
index de0820f..26242a8 100644
--- a/nixops/modules/databases/postgresql.nix
+++ b/modules/private/databases/postgresql.nix
@@ -1,8 +1,8 @@
 { lib, pkgs, config, myconfig,  ... }:
 let
-    cfg = config.services.myDatabases;
+    cfg = config.myServices.databases.postgresql;
 in {
-  options.services.myDatabases = {
+  options.myServices.databases = {
     postgresql = {
       enable = lib.mkOption {
         default = cfg.enable;
@@ -10,6 +10,25 @@ in {
         description = "Whether to enable postgresql database";
         type = lib.types.bool;
       };
+      # Output variables
+      socketsDir = lib.mkOption {
+        type = lib.types.path;
+        default = "/run/postgresql";
+        description = ''
+          The directory where Postgresql puts sockets.
+          '';
+        readOnly = true;
+      };
+      systemdRuntimeDirectory = lib.mkOption {
+        type = lib.types.str;
+        # Use ReadWritePaths= instead if socketsDir is outside of /run
+        default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
+          lib.strings.removePrefix "/run/" cfg.socketsDir;
+        description = ''
+        Adjusted Postgresql sockets directory for systemd
+        '';
+        readOnly = true;
+      };
     };
   };
 
@@ -20,7 +39,7 @@ in {
 
     networking.firewall.allowedTCPPorts = [ 5432 ];
 
-    security.acme.certs."postgresql" = config.services.myCertificates.certConfig // {
+    security.acme.certs."postgresql" = config.myServices.databasesCerts // {
       user = "postgres";
       group = "postgres";
       plugins = [ "fullchain.pem" "key.pem" "account_key.json" ];
@@ -30,10 +49,12 @@ in {
       '';
     };
 
-    systemd.services.postgresql.serviceConfig.SupplementaryGroups = "keys";
-    systemd.services.postgresql.serviceConfig.RuntimeDirectory = "postgresql";
+    systemd.services.postgresql.serviceConfig = {
+      SupplementaryGroups = "keys";
+      RuntimeDirectory = cfg.systemdRuntimeDirectory;
+    };
     services.postgresql = rec {
-      enable = cfg.postgresql.enable;
+      enable = true;
       package = pkgs.postgresql;
       enableTCPIP = true;
       extraConfig = ''
@@ -103,15 +124,15 @@ in {
       {
         name = "postgresql";
         text = ''
-          auth    required ${pam_ldap} config=/var/secrets/postgresql/pam
-          account required ${pam_ldap} config=/var/secrets/postgresql/pam
+          auth    required ${pam_ldap} config=${config.secrets.location}/postgresql/pam
+          account required ${pam_ldap} config=${config.secrets.location}/postgresql/pam
           '';
       }
       {
         name = "postgresql_replication";
         text = ''
-          auth    required ${pam_ldap} config=/var/secrets/postgresql/pam_replication
-          account required ${pam_ldap} config=/var/secrets/postgresql/pam_replication
+          auth    required ${pam_ldap} config=${config.secrets.location}/postgresql/pam_replication
+          account required ${pam_ldap} config=${config.secrets.location}/postgresql/pam_replication
           '';
       }
     ];