systems/koumakan/certificates/postgresql.nix at main · soopy.moe/gensokyo

soopy.moe / gensokyo

nixos config

gensokyo / systems / koumakan / certificates / postgresql.nix

at main 614 B view raw

 1# WARN: unused. see default.nix
 2
 3{ config, ... }:
 4{
 5  # PostgreSQL only certificate
 6  security.acme.certs."phant.soopy.moe" = {
 7    group = "postgres";
 8    postRun = ''
 9      systemctl restart postgresql
10    '';
11  };
12
13  # https://nixos.org/manual/nixos/stable/#module-security-acme-root-owned
14  systemd.services.postgresql = {
15    requires = [ "acme-finished-phant.soopy.moe.target" ];
16    serviceConfig.LoadCredential =
17      let
18        certDir = config.security.acme.certs."phant.soopy.moe".directory;
19      in
20      [
21        "cert.pem:${certDir}/cert.pem"
22        "key.pem:${certDir}/key.pem"
23      ];
24  };
25}