dump-dvb/nix-config
dump-dvb/nix-config
3
0
Fork 0
mirror of https://github.com/dump-dvb/nix-config.git synced 2024-06-19 14:16:01 +02:00
Code Issues Projects Releases Wiki Activity

fix grafana database user

Browse Source
This commit is contained in:
Markus Schmidl 2022-09-03 23:01:33 +02:00
parent 22e49c29b5
commit ebc0b3be6c
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/data-hoarder/postgres.nix
View File

@ -8,11 +8,6 @@
ensureUsers = [
{
name = "grafana";
ensurePermissions = {
# TODO: make shure grafana can't read tokens...
"DATABASE dvbdump" = "CONNECT";
"ALL TABLES IN SCHEMA public" = "SELECT";
};
}
{
name = "dvbdump";
@ -26,6 +21,12 @@
environment.systemPackages = [ dump-dvb.packages.x86_64-linux.run-database-migration ];
systemd.services.postgresql.postStart = lib.mkAfter ''
# TODO: make shure grafana can't read tokens...
$PSQL -c "GRANT CONNECT ON DATABASE dvbdump TO grafana;"
$PSQL -c "GRANT SELECT ON ALL TABLES IN SCHEMA public TO grafana";
$PSQL -c "GRANT readonly to grafana;"
$PSQL -c "ALTER ROLE dvbdump WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password.path})';"
$PSQL -c "ALTER ROLE grafana WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password_grafana.path})';"