security.acme.certs."postgresql" = config.myServices.databasesCerts // {
user = "postgres";
group = "postgres";
- plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ];
domain = "db-1.immae.eu";
postRun = ''
systemctl reload postgresql.service
security.pam.services = let
pam_ldap = "${pkgs.pam_ldap}/lib/security/pam_ldap.so";
- in [
- {
- name = "postgresql";
+ in {
+ postgresql = {
text = ''
auth required ${pam_ldap} config=${config.secrets.location}/postgresql/pam
account required ${pam_ldap} config=${config.secrets.location}/postgresql/pam
'';
- }
- {
- name = "postgresql_replication";
+ };
+ postgresql_replication = {
text = ''
auth required ${pam_ldap} config=${config.secrets.location}/postgresql/pam_replication
account required ${pam_ldap} config=${config.secrets.location}/postgresql/pam_replication
'';
- }
- ];
+ };
+ };
};
}