diff --git a/flake.lock b/flake.lock index 94696f5..c734ad5 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1649887911, - "narHash": "sha256-Af0Ppb1RZ7HWuxUvF0/O7h3cy8tqU2eKFyVwyA1ZD+w=", + "lastModified": 1650841545, + "narHash": "sha256-AF3fk+p/mHbdtyrI3kpms+MoMVOdGIBGJ+7LT7WWdaU=", "owner": "nix-community", "repo": "home-manager", - "rev": "7244c6715cb8f741f3b3e1220a9279e97b2ed8f5", + "rev": "236c6ec21420e44c38ec76de4fc3335bec1859b5", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1650647313, - "narHash": "sha256-6ghnNPXDlG6/tXeIFdbP0cGnik6TGNwc615hhG9dpl4=", + "lastModified": 1650830814, + "narHash": "sha256-P7vGsHdS19eHVUJt4BeQA4JfauL2nOpEcnYKIbX76YM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a318a09a96a38382fe61a7f85d03ea6e25c46c56", + "rev": "c254b8c915ac912ae9ee9dc74eac555ccbf33795", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1650701402, - "narHash": "sha256-XKfstdtqDg+O+gNBx1yGVKWIhLgfEDg/e2lvJSsp9vU=", + "lastModified": 1650831523, + "narHash": "sha256-6pDZ08SAXsUx5rOP391x+TG39ENP/XA8VMa1tQvgEjc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bc41b01dd7a9fdffd32d9b03806798797532a5fe", + "rev": "87d34a6b8982e901b8e50096b8e79ebc0e66cda0", "type": "github" }, "original": { diff --git a/home/ssh/default.nix b/home/ssh/default.nix index 1f95528..4159f59 100644 --- a/home/ssh/default.nix +++ b/home/ssh/default.nix @@ -11,12 +11,12 @@ # We have to do this as text to gaurantee it's part of the last Host * block userKnownHostsFile = "~/.ssh/known_hosts ${./extra_known_hosts}"; extraConfig = '' - KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 - MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com - Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr - VerifyHostKeyDNS ask - VisualHostKey yes - UpdateHostKeys ask + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + VerifyHostKeyDNS ask + VisualHostKey yes + UpdateHostKeys ask ''; # Most hosts are set in private diff --git a/system/starlight/default.nix b/system/starlight/default.nix index 3bd4307..9eb6fd1 100644 --- a/system/starlight/default.nix +++ b/system/starlight/default.nix @@ -5,6 +5,7 @@ ./boot-config.nix ./hardware-configuration.nix ./scripts.nix + ./postgres.nix ../../sets/builder.nix ../../sets/cpu/amd.nix ../../sets/fpga.nix diff --git a/system/starlight/postgres.nix b/system/starlight/postgres.nix new file mode 100644 index 0000000..0cf74ba --- /dev/null +++ b/system/starlight/postgres.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + services.postgresql = { + enable = true; + package = pkgs.postgresql_14; + extraPlugins = with config.services.postgresql.package.pkgs; [ postgis ]; + + ensureDatabases = [ "osm" ]; + ensureUsers = [{ + name = "artemis"; + ensurePermissions = { + "DATABASE osm" = "ALL PRIVILEGES"; + }; + }]; + }; +}