postgres credentials and dbt profiles

This commit is contained in:
Sam 2024-06-13 12:30:21 +01:00
parent eda162a7ff
commit 2f3fec9e5c
3 changed files with 63 additions and 26 deletions

View File

@ -45,11 +45,11 @@
]
},
"locked": {
"lastModified": 1717637172,
"narHash": "sha256-geTO9YL1V9zYGxupuZvKFWxh6II9sH2bjI1dmEVhVYQ=",
"lastModified": 1717770040,
"narHash": "sha256-eq9gP060TqWqRf2k4WO5FrG49rVq5Jy3Ptusg0CFdds=",
"owner": "nix-community",
"repo": "disko",
"rev": "713aa3df481782719aed4d8c20ad31a9effe3564",
"rev": "398acc470f7c2d68621db01900f053e6000129c4",
"type": "github"
},
"original": {
@ -333,11 +333,11 @@
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1717760051,
"narHash": "sha256-4yXaR3PIOJGQwTxA3eVDEu1iBlsmuvXWv3Ed0NrJgtU=",
"lastModified": 1717864759,
"narHash": "sha256-DUtmDvpNyOZG+UDONTBfRiAdCaI7E1ngVhmUOAjj3wg=",
"ref": "refs/heads/master",
"rev": "521163d7278e71f084497910fa756bedcbfe97eb",
"revCount": 88,
"rev": "81aff439158dc6bb21251dc3be672db671e4a519",
"revCount": 89,
"type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
},
@ -407,11 +407,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1717737457,
"narHash": "sha256-hqHp0W7ibfdu5DFc6EG3S3c+GSAbti7VUldFXSf/WiI=",
"lastModified": 1717839683,
"narHash": "sha256-kC0eyEsfpXbtQ2Ee5kgjmLFSVsLgnqpj10LjEi+fK+g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bf3faad723ca984fc4ea95c1cee1d975a8ca2a28",
"rev": "3f3a01219b4a1b6ee63039a3aa63948fbf37c0dd",
"type": "github"
},
"original": {
@ -435,11 +435,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1717681257,
"narHash": "sha256-0PhFvfc4wDjba1cus2ALsfn0wVizeKkcuF+aqvDJivg=",
"lastModified": 1717861394,
"narHash": "sha256-U7E1Wg5PRKUYqfeL8H6KU/5VjFo8bkxbFzigN2grkQI=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "36f2e51b28ee3389a67ed5e9ed5c4bd388b06918",
"rev": "db32ebe205111af0b74d74684df64674ffcf3b36",
"type": "github"
},
"original": {
@ -450,11 +450,11 @@
},
"nur": {
"locked": {
"lastModified": 1717749895,
"narHash": "sha256-E6fEND68P37NMIhPyvgZl0jD7KlSg2QKZ1zpsXpobfQ=",
"lastModified": 1717864805,
"narHash": "sha256-iu5gmYBncm1c+FSFmHiRkEvbcWpH/ZO/MQYe0r5ng7s=",
"owner": "nix-community",
"repo": "NUR",
"rev": "b93b6c0b706d78ad95d52104728fd6eed3460f80",
"rev": "e212541138b753c7bc5215524215e2a07403df8d",
"type": "github"
},
"original": {
@ -475,11 +475,11 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1717602370,
"narHash": "sha256-qS/7is9JbnnycR6QmndsuTQfifWzjhgxObnXw+iHdP8=",
"lastModified": 1717774136,
"narHash": "sha256-comOhXDFUrbVba47gPenVBKy2foM3m3qOqpcP8umWDA=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "81662ae1ad31491eae3bb1d976fb74c71853bc63",
"rev": "370da3b6fefc6c11367463b68d010f9950aaa80c",
"type": "github"
},
"original": {
@ -635,11 +635,11 @@
]
},
"locked": {
"lastModified": 1717182148,
"narHash": "sha256-Hi09/RoizxubRf3PHToT2Nm7TL8B/abSVa6q82uEgNI=",
"lastModified": 1717278143,
"narHash": "sha256-u10aDdYrpiGOLoxzY/mJ9llST9yO8Q7K/UlROoNxzDw=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "03b982b77df58d5974c61c6022085bafe780c1cf",
"rev": "3eb96ca1ae9edf792a8e0963cc92fddfa5a87706",
"type": "github"
},
"original": {

View File

@ -20,6 +20,7 @@
btop
htop
postgresql
hugo
;
};
home.stateVersion = "23.11";

View File

@ -35,13 +35,15 @@ in
mode = "0644";
owner = "${username}";
};
"passwords/postgres" = { };
"software/postgres/btc_models/password" = { };
"software/postgres/btc_models/ip" = { };
"software/postgres/btc_models/username" = { };
"software/zotero/username" = { };
"software/zotero/password" = { };
"software/zotero/guid" = { };
};
# Setup postgres connections for db_ui
# Setup software specific templates for user
# Should be part of home-manager - waiting for templates functionality
# See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498
# TODO migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix
@ -52,14 +54,48 @@ in
content = ''
[
{
"url": "postgresql://postgres:${config.sops.placeholder."passwords/postgres"}@10.0.10.100/btc_models",
"url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/btc_models",
"name": "btc_models"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/dev_btc_models",
"name": "dev_btc_models"
}
]
'';
};
# The containing folders are created as root and if this is the first entry when writing keys,
sops.templates."dbt_profiles.yml" = {
path = "/home/${username}/.config/dbt/profiles.yml";
owner = "${username}";
mode = "0600";
content = ''
bitcoin:
target: dev
outputs:
dev:
dbname: dev_btc_models
host: ${config.sops.placeholder."software/postgres/btc_models/ip"}
pass: '${config.sops.placeholder."software/postgres/btc_models/password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/btc_models/username"}
prod:
dbname: btc_models
host: ${config.sops.placeholder."software/postgres/btc_models/ip"}
pass: '${config.sops.placeholder."software/postgres/btc_models/password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/btc_models/username"}
'';
};
# The containing folders are created as root and if this is the first entry when writing files,
# the ownership is busted and home-manager can't target because it can't write to these dirs...
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
system.activationScripts.sopsSetOwnwership =