systems/koumakan/certificates/postgresql.nix at refactor/move-global-system-config · soopy.moe/gensokyo

soopy.moe / gensokyo

nixos config

gensokyo / systems / koumakan / certificates / postgresql.nix

at refactor/move-global-system-config 555 B view raw

 1{config, ...}: {
 2  # PostgreSQL only certificate
 3  security.acme.certs."phant.soopy.moe" = {
 4    group = "postgres";
 5    postRun = ''
 6      systemctl restart postgresql
 7    '';
 8  };
 9
10  # https://nixos.org/manual/nixos/stable/#module-security-acme-root-owned
11  systemd.services.postgresql = {
12    requires = ["acme-finished-phant.soopy.moe.target"];
13    serviceConfig.LoadCredential = let
14      certDir = config.security.acme.certs."phant.soopy.moe".directory;
15    in [
16      "cert.pem:${certDir}/cert.pem"
17      "key.pem:${certDir}/key.pem"
18    ];
19  };
20}