switch to cap based home configs

2026-01-20 16:57:10 +01:00 · 2026-01-20 16:57:10 +01:00 · 49b6f5bde0
commit 49b6f5bde0
parent 50ee9aac83
64 changed files with 2064 additions and 1779 deletions
--- a/fili/services/databases.nix
+++ b/fili/services/databases.nix
@ -1,79 +0,0 @@
-{ pkgs, ... }:
-{
-  services.postgresql = rec {
-    package = pkgs.postgresql_15;
-    enable = true;
-    enableTCPIP = true;
-    authentication = pkgs.lib.mkOverride 10 ''
-      # allow local logins
-      local all all               trust
-
-      # loopback (v4/v6)
-      host all all 127.0.0.1/32   trust
-      host all all ::1/128        trust
-
-      # and from podman
-      host all all 10.88.0.0/16   trust
-
-      # and from vms
-      host all all 10.0.0.0/24    trust
-
-      # and the local network
-      host all all 192.168.0.0/24 trust
-    '';
-    settings = {
-      listen_addresses = "*";
-    };
-
-    ensureUsers = [
-      {
-        name = "matrix";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "recipes";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "sleep";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "houses";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "dnote";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "forgejo";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "pocketid";
-        ensureDBOwnership = true;
-      }
-    ];
-    ensureDatabases = map (i: i.name) ensureUsers;
-  };
-
-  services.mysql = {
-    enable = true;
-    package = pkgs.mariadb;
-    settings = {
-      mysqld = {
-        bind-address = "0.0.0.0";
-      };
-    };
-  };
-
-  networking = {
-    firewall.allowedTCPPorts = [
-      # postgres
-      5432
-      # mariadb
-      3306
-    ];
-  };
-}