mirror of
https://github.com/dump-dvb/nix-config.git
synced 2024-06-30 02:18:45 +02:00
fix grafana database user
This commit is contained in:
parent
22e49c29b5
commit
ebc0b3be6c
|
@ -8,11 +8,6 @@
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "grafana";
|
name = "grafana";
|
||||||
ensurePermissions = {
|
|
||||||
# TODO: make shure grafana can't read tokens...
|
|
||||||
"DATABASE dvbdump" = "CONNECT";
|
|
||||||
"ALL TABLES IN SCHEMA public" = "SELECT";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "dvbdump";
|
name = "dvbdump";
|
||||||
|
@ -26,6 +21,12 @@
|
||||||
environment.systemPackages = [ dump-dvb.packages.x86_64-linux.run-database-migration ];
|
environment.systemPackages = [ dump-dvb.packages.x86_64-linux.run-database-migration ];
|
||||||
|
|
||||||
systemd.services.postgresql.postStart = lib.mkAfter ''
|
systemd.services.postgresql.postStart = lib.mkAfter ''
|
||||||
|
# TODO: make shure grafana can't read tokens...
|
||||||
|
$PSQL -c "GRANT CONNECT ON DATABASE dvbdump TO grafana;"
|
||||||
|
$PSQL -c "GRANT SELECT ON ALL TABLES IN SCHEMA public TO grafana";
|
||||||
|
|
||||||
|
$PSQL -c "GRANT readonly to grafana;"
|
||||||
|
|
||||||
$PSQL -c "ALTER ROLE dvbdump WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password.path})';"
|
$PSQL -c "ALTER ROLE dvbdump WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password.path})';"
|
||||||
$PSQL -c "ALTER ROLE grafana WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password_grafana.path})';"
|
$PSQL -c "ALTER ROLE grafana WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password_grafana.path})';"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user