switch to cap based home configs

2026-01-20 16:57:10 +01:00 · 2026-01-20 16:57:10 +01:00 · 49b6f5bde0
commit 49b6f5bde0
parent 50ee9aac83
64 changed files with 2064 additions and 1779 deletions
--- a/hosts/fili/services/databases.nix
+++ b/hosts/fili/services/databases.nix
@ -0,0 +1,79 @@
+{ pkgs, ... }:
+{
+  services.postgresql = rec {
+    package = pkgs.postgresql_15;
+    enable = true;
+    enableTCPIP = true;
+    authentication = pkgs.lib.mkOverride 10 ''
+      # allow local logins
+      local all all               trust
+
+      # loopback (v4/v6)
+      host all all 127.0.0.1/32   trust
+      host all all ::1/128        trust
+
+      # and from podman
+      host all all 10.88.0.0/16   trust
+
+      # and from vms
+      host all all 10.0.0.0/24    trust
+
+      # and the local network
+      host all all 192.168.0.0/24 trust
+    '';
+    settings = {
+      listen_addresses = "*";
+    };
+
+    ensureUsers = [
+      {
+        name = "matrix";
+        ensureDBOwnership = true;
+      }
+      {
+        name = "recipes";
+        ensureDBOwnership = true;
+      }
+      {
+        name = "sleep";
+        ensureDBOwnership = true;
+      }
+      {
+        name = "houses";
+        ensureDBOwnership = true;
+      }
+      {
+        name = "dnote";
+        ensureDBOwnership = true;
+      }
+      {
+        name = "forgejo";
+        ensureDBOwnership = true;
+      }
+      {
+        name = "pocketid";
+        ensureDBOwnership = true;
+      }
+    ];
+    ensureDatabases = map (i: i.name) ensureUsers;
+  };
+
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+    settings = {
+      mysqld = {
+        bind-address = "0.0.0.0";
+      };
+    };
+  };
+
+  networking = {
+    firewall.allowedTCPPorts = [
+      # postgres
+      5432
+      # mariadb
+      3306
+    ];
+  };
+}