mirror of
https://github.com/dump-dvb/nix-config.git
synced 2024-06-19 14:16:01 +02:00
fix grafana database user
This commit is contained in:
parent
22e49c29b5
commit
ebc0b3be6c
|
@ -8,11 +8,6 @@
|
|||
ensureUsers = [
|
||||
{
|
||||
name = "grafana";
|
||||
ensurePermissions = {
|
||||
# TODO: make shure grafana can't read tokens...
|
||||
"DATABASE dvbdump" = "CONNECT";
|
||||
"ALL TABLES IN SCHEMA public" = "SELECT";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "dvbdump";
|
||||
|
@ -26,6 +21,12 @@
|
|||
environment.systemPackages = [ dump-dvb.packages.x86_64-linux.run-database-migration ];
|
||||
|
||||
systemd.services.postgresql.postStart = lib.mkAfter ''
|
||||
# TODO: make shure grafana can't read tokens...
|
||||
$PSQL -c "GRANT CONNECT ON DATABASE dvbdump TO grafana;"
|
||||
$PSQL -c "GRANT SELECT ON ALL TABLES IN SCHEMA public TO grafana";
|
||||
|
||||
$PSQL -c "GRANT readonly to grafana;"
|
||||
|
||||
$PSQL -c "ALTER ROLE dvbdump WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password.path})';"
|
||||
$PSQL -c "ALTER ROLE grafana WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password_grafana.path})';"
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user