Merge pull request #199 from NuschtOS/configurePostgres

Add more configurePostgres options

Author: SuperSandro2000

modules/grafana.nix

@@ -12,6 +12,13 @@ in
         description = "Whether to configure Nginx.";
       };
 
+      configurePostgres = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        example = true;
+        description = "Whether to configure and create a local PostgreSQL database.";
+      };
+
       oauth = {
         enable = lib.mkEnableOption "login only via OAuth2";
         enableViewerRole = lib.mkOption {
@@ -79,6 +86,14 @@ in
         };
       })
 
+      (lib.mkIf (cfg.enable && cfg.configurePostgres) {
+        database = {
+          host = "/run/postgresql";
+          type = "postgres";
+          user = "grafana";
+        };
+      })
+
       (lib.mkIf (cfg.enable && cfg.oauth.enable) {
         "auth.generic_oauth" = let
           inherit (config.services.dex.settings) issuer;
@@ -138,6 +153,14 @@ in
     };
   };
 
+  config.services.postgresql = lib.mkIf cfg.configurePostgres {
+    ensureDatabases = [ "grafana" ];
+    ensureUsers = [ {
+      name = "grafana";
+      ensureDBOwnership = true;
+    } ];
+  };
+
   config.users.users = lib.mkIf (cfg.enable && cfg.configureNginx) {
     grafana.extraGroups = [ "nginx" ];
   };

modules/home-assistant.nix

@@ -7,6 +7,13 @@ in
 {
   options = {
     services.home-assistant = {
+      configurePostgres = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        example = true;
+        description = "Whether to configure and create a local PostgreSQL database.";
+      };
+
       ldap = {
         enable = lib.mkEnableOption ''login only via LDAP
 
@@ -147,6 +154,10 @@ in
         meta = true;
       }];
     })
+
+    (lib.mkIf cfg.configurePostgres {
+      config.recorder.db_url = "postgresql://@/hass";
+    })
   ];
 
   config.services.portunus.seedSettings.groups = lib.optional (cfg.ldap.userGroup != null) {
@@ -159,6 +170,14 @@ in
     permissions = { };
   };
 
+  config.services.postgresql = lib.mkIf cfg.configurePostgres {
+    ensureDatabases = [ "hass" ];
+    ensureUsers = [ {
+      name = "hass";
+      ensureDBOwnership = true;
+    } ];
+  };
+
   config.systemd.tmpfiles.rules = lib.mkIf (cfg.enable && cfg.recommendedDefaults) [
     "f ${cfg.configDir}/automations.yaml 0444 hass hass"
     "f ${cfg.configDir}/scenes.yaml 0444 hass hass"

modules/hydra.nix

@@ -1,30 +1,41 @@
 { config, lib, libS, ... }:
 
 let
-  cfg = config.services.hydra.ldap;
+  cfg = config.services.hydra;
+  cfgl = cfg.ldap;
   inherit (config.security) ldap;
 in
 {
   options = {
-    services.hydra.ldap = {
-      enable = lib.mkEnableOption ''
-        login only via LDAP.
-        The bind user password must be placed at `/var/lib/hydra/ldap-password.conf` in the format `bindpw = "PASSWORD"
-        It is recommended to use a password without special characters because the perl config parser has weird escaping rule like that comment characters `#` must be escape with backslash
-      '';
-
-      roleMappings = lib.mkOption {
-        type = with lib.types; listOf (attrsOf str);
-        example = [{ hydra-admins = "admins"; }];
-        default = [ ];
-        description = "Map LDAP groups to hydra permissions. See upstream doc, especially role_mapping.";
+    services.hydra = {
+      configurePostgres = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        example = true;
+        description = "Whether to configure and create a local PostgreSQL database.";
       };
 
-      userGroup = libS.ldap.mkUserGroupOption;
+      ldap = {
+        enable = lib.mkEnableOption ''
+          login only via LDAP.
+          The bind user password must be placed at `/var/lib/hydra/ldap-password.conf` in the format `bindpw = "PASSWORD"
+          It is recommended to use a password without special characters because the perl config parser has weird escaping rule
+          like that comment characters `#` must be escape with backslash
+        '';
+
+        roleMappings = lib.mkOption {
+          type = with lib.types; listOf (attrsOf str);
+          example = [{ hydra-admins = "admins"; }];
+          default = [ ];
+          description = "Map LDAP groups to hydra permissions. See upstream doc, especially role_mapping.";
+        };
+
+        userGroup = libS.ldap.mkUserGroupOption;
+      };
     };
   };
 
-  config.services.hydra.extraConfig = lib.mkIf cfg.enable /* xml */ ''
+  config.services.hydra.extraConfig = lib.mkIf cfgl.enable /* xml */ ''
     # https://hydra.nixos.org/build/196107287/download/1/hydra/configuration.html#using-ldap-as-authentication-backend-optional
     <ldap>
       <config>
@@ -48,7 +59,7 @@ in
             sslversion = tlsv1_3
           </start_tls_options>
           user_basedn = "${ldap.userBaseDN}"
-          user_filter = "${ldap.searchFilterWithGroupFilter cfg.userGroup (ldap.userFilter "%s")}"
+          user_filter = "${ldap.searchFilterWithGroupFilter cfgl.userGroup (ldap.userFilter "%s")}"
           user_scope = one
           user_field = ${ldap.userField}
           <user_search_options>
@@ -72,15 +83,15 @@ in
         # Allow all users in the dev group to restart jobs and cancel builds
         # dev = restart-jobs
         # dev = cancel-build
-        ${lib.concatStringsSep "\n" (lib.concatMap (lib.mapAttrsToList (name: value: "${name} = ${value}")) cfg.roleMappings)}
+        ${lib.concatStringsSep "\n" (lib.concatMap (lib.mapAttrsToList (name: value: "${name} = ${value}")) cfgl.roleMappings)}
       </role_mapping>
     </ldap>
   '';
 
   config.services.portunus.seedSettings.groups = [
-    (lib.mkIf (cfg.userGroup != null) {
+    (lib.mkIf (cfgl.userGroup != null) {
       long_name = "Hydra Users";
-      name = cfg.userGroup;
+      name = cfgl.userGroup;
       permissions = { };
     })
   ] ++ lib.flatten (map lib.attrValues (map
@@ -89,5 +100,13 @@ in
       name = ldapGroup;
       permissions = { };
     }))
-    cfg.roleMappings));
+    cfgl.roleMappings));
+
+  config.services.postgresql = lib.mkIf cfg.configurePostgres {
+    ensureDatabases = [ "hydra" ];
+    ensureUsers = [ {
+      name = "hydra";
+      ensureDBOwnership = true;
+    } ];
+  };
 }

modules/matrix.nix

@@ -11,6 +11,13 @@ in
     services.matrix-synapse = {
       addAdditionalOembedProvider = libS.mkOpinionatedOption "add additional oembed providers from oembed.com";
 
+      configurePostgres = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        example = true;
+        description = "Whether to configure and create a local PostgreSQL database.";
+      };
+
       domain = lib.mkOption {
         type = lib.types.str;
         example = "matrix.example.com";
@@ -198,12 +205,24 @@ in
       ];
     };
 
+    services.postgresql = lib.mkIf cfg.configurePostgres {
+      databases = [ "matrix-synapse" ]; # some parts of nixos-modules read this field to know all databases
+    };
+
     services.portunus.seedSettings.groups = lib.mkIf (cfgl.userGroup != null) [ {
       long_name = "Matrix Users";
       name = cfgl.userGroup;
       permissions = { };
     } ];
 
+    systemd.services = lib.mkIf cfg.configurePostgres {
+      # https://element-hq.github.io/synapse/latest/postgres.html#set-up-database
+      # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/databases/postgresql.nix#L655
+      postgresql.postStart = ''
+        $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'matrix-synapse'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "matrix-synapse" ENCODING="UTF8" LOCALE="C" TEMPLATE="template0" OWNER="matrix-synapse"'
+      '';
+    };
+
     users.users = lib.mkIf cfg.listenOnSocket {
       nginx.extraGroups = [ "matrix-synapse" ];
     };