This commit is contained in:
Philip Peterson 2026-06-25 00:29:34 -08:00
commit 1989e54626

View file

@ -246,6 +246,29 @@ in {
}; };
}; };
systemd.services.coldairnetworks-postgres-ssl-init = {
description = "Generate self-signed SSL cert for coldairnetworks PostgreSQL";
wantedBy = [ "podman-coldairnetworks-postgres.service" ];
before = [ "podman-coldairnetworks-postgres.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
path = [ pkgs.openssl ];
script = ''
SSL_DIR=/var/coldairnetworks-db/ssl
if [ ! -f "$SSL_DIR/server.crt" ]; then
openssl req -new -x509 -days 3650 -nodes \
-subj "/CN=mainframe.philippeterson.com" \
-keyout "$SSL_DIR/server.key" \
-out "$SSL_DIR/server.crt"
chmod 640 "$SSL_DIR/server.key"
chmod 644 "$SSL_DIR/server.crt"
chown 999:999 "$SSL_DIR/server.key" "$SSL_DIR/server.crt"
fi
'';
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /home/ironmagma/.config 0755 ${username} users" "d /home/ironmagma/.config 0755 ${username} users"
"d /root/.config 0755 ${username} users" "d /root/.config 0755 ${username} users"
@ -263,6 +286,7 @@ in {
"d /var/lib/gitea-runner/ubuntu 0755 gitea-runner gitea-runner" "d /var/lib/gitea-runner/ubuntu 0755 gitea-runner gitea-runner"
"d /var/coldairnetworks-db/postgres 0755 root root" "d /var/coldairnetworks-db/postgres 0755 root root"
"d /var/coldairnetworks-db/pgadmin 0700 5050 5050" "d /var/coldairnetworks-db/pgadmin 0700 5050 5050"
"d /var/coldairnetworks-db/ssl 0755 root root"
]; ];
networking.hostName = "${hostname}"; networking.hostName = "${hostname}";
@ -317,8 +341,17 @@ in {
autoStart = true; autoStart = true;
image = "postgres:16"; image = "postgres:16";
ports = [ "5432:5432" ]; ports = [ "5432:5432" ];
volumes = [ "/var/coldairnetworks-db/postgres:/var/lib/postgresql/data" ]; volumes = [
"/var/coldairnetworks-db/postgres:/var/lib/postgresql/data"
"/var/coldairnetworks-db/ssl:/run/ssl:ro"
];
environmentFiles = [ config.age.secrets.coldairnetworks-db-postgres.path ]; environmentFiles = [ config.age.secrets.coldairnetworks-db-postgres.path ];
cmd = [
"postgres"
"-c" "ssl=on"
"-c" "ssl_cert_file=/run/ssl/server.crt"
"-c" "ssl_key_file=/run/ssl/server.key"
];
}; };
"coldairnetworks-pgadmin" = { "coldairnetworks-pgadmin" = {