sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

postgres credentials and dbt profiles

This commit is contained in:
Sam 2024-06-13 12:30:21 +01:00
parent eda162a7ff
commit 2f3fec9e5c
3 changed files with 63 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
flake.lock
View File

@ -45,11 +45,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717637172, "lastModified": 1717770040,
"narHash": "sha256-geTO9YL1V9zYGxupuZvKFWxh6II9sH2bjI1dmEVhVYQ=", "narHash": "sha256-eq9gP060TqWqRf2k4WO5FrG49rVq5Jy3Ptusg0CFdds=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "713aa3df481782719aed4d8c20ad31a9effe3564", "rev": "398acc470f7c2d68621db01900f053e6000129c4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -333,11 +333,11 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1717760051, "lastModified": 1717864759,
"narHash": "sha256-4yXaR3PIOJGQwTxA3eVDEu1iBlsmuvXWv3Ed0NrJgtU=", "narHash": "sha256-DUtmDvpNyOZG+UDONTBfRiAdCaI7E1ngVhmUOAjj3wg=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "521163d7278e71f084497910fa756bedcbfe97eb", "rev": "81aff439158dc6bb21251dc3be672db671e4a519",
"revCount": 88, "revCount": 89,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },
@ -407,11 +407,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1717737457, "lastModified": 1717839683,
"narHash": "sha256-hqHp0W7ibfdu5DFc6EG3S3c+GSAbti7VUldFXSf/WiI=", "narHash": "sha256-kC0eyEsfpXbtQ2Ee5kgjmLFSVsLgnqpj10LjEi+fK+g=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bf3faad723ca984fc4ea95c1cee1d975a8ca2a28", "rev": "3f3a01219b4a1b6ee63039a3aa63948fbf37c0dd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -435,11 +435,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1717681257, "lastModified": 1717861394,
"narHash": "sha256-0PhFvfc4wDjba1cus2ALsfn0wVizeKkcuF+aqvDJivg=", "narHash": "sha256-U7E1Wg5PRKUYqfeL8H6KU/5VjFo8bkxbFzigN2grkQI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "36f2e51b28ee3389a67ed5e9ed5c4bd388b06918", "rev": "db32ebe205111af0b74d74684df64674ffcf3b36",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -450,11 +450,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1717749895, "lastModified": 1717864805,
"narHash": "sha256-E6fEND68P37NMIhPyvgZl0jD7KlSg2QKZ1zpsXpobfQ=", "narHash": "sha256-iu5gmYBncm1c+FSFmHiRkEvbcWpH/ZO/MQYe0r5ng7s=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "b93b6c0b706d78ad95d52104728fd6eed3460f80", "rev": "e212541138b753c7bc5215524215e2a07403df8d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -475,11 +475,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1717602370, "lastModified": 1717774136,
"narHash": "sha256-qS/7is9JbnnycR6QmndsuTQfifWzjhgxObnXw+iHdP8=", "narHash": "sha256-comOhXDFUrbVba47gPenVBKy2foM3m3qOqpcP8umWDA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "poetry2nix", "repo": "poetry2nix",
"rev": "81662ae1ad31491eae3bb1d976fb74c71853bc63", "rev": "370da3b6fefc6c11367463b68d010f9950aaa80c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -635,11 +635,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717182148, "lastModified": 1717278143,
"narHash": "sha256-Hi09/RoizxubRf3PHToT2Nm7TL8B/abSVa6q82uEgNI=", "narHash": "sha256-u10aDdYrpiGOLoxzY/mJ9llST9yO8Q7K/UlROoNxzDw=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "03b982b77df58d5974c61c6022085bafe780c1cf", "rev": "3eb96ca1ae9edf792a8e0963cc92fddfa5a87706",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
home/common/core/default.nix
View File

@ -20,6 +20,7 @@
btop btop
htop htop
postgresql postgresql
hugo
; ;
}; };
home.stateVersion = "23.11"; home.stateVersion = "23.11";

44
hosts/common/users/sam/default.nix
View File

@ -35,13 +35,15 @@ in
mode = "0644"; mode = "0644";
owner = "${username}"; owner = "${username}";
}; };
"passwords/postgres" = { }; "software/postgres/btc_models/password" = { };
"software/postgres/btc_models/ip" = { };
"software/postgres/btc_models/username" = { };
"software/zotero/username" = { }; "software/zotero/username" = { };
"software/zotero/password" = { }; "software/zotero/password" = { };
"software/zotero/guid" = { }; "software/zotero/guid" = { };
}; };
# Setup postgres connections for db_ui # Setup software specific templates for user
# Should be part of home-manager - waiting for templates functionality # Should be part of home-manager - waiting for templates functionality
# See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498 # See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498
# TODO migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix # TODO migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix
@ -52,14 +54,48 @@ in
content = '' content = ''
[ [
{ {
"url": "postgresql://postgres:${config.sops.placeholder."passwords/postgres"}@10.0.10.100/btc_models", "url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/btc_models",
"name": "btc_models" "name": "btc_models"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/dev_btc_models",
"name": "dev_btc_models"
} }
] ]
''; '';
}; };
# The containing folders are created as root and if this is the first entry when writing keys, sops.templates."dbt_profiles.yml" = {
path = "/home/${username}/.config/dbt/profiles.yml";
owner = "${username}";
mode = "0600";
content = ''
bitcoin:
target: dev
outputs:
dev:
dbname: dev_btc_models
host: ${config.sops.placeholder."software/postgres/btc_models/ip"}
pass: '${config.sops.placeholder."software/postgres/btc_models/password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/btc_models/username"}
prod:
dbname: btc_models
host: ${config.sops.placeholder."software/postgres/btc_models/ip"}
pass: '${config.sops.placeholder."software/postgres/btc_models/password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/btc_models/username"}
'';
};
# The containing folders are created as root and if this is the first entry when writing files,
# the ownership is busted and home-manager can't target because it can't write to these dirs... # the ownership is busted and home-manager can't target because it can't write to these dirs...
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
system.activationScripts.sopsSetOwnwership = system.activationScripts.sopsSetOwnwership =