Commit fdeba4891de4
Changed files (1)
systems
rhea
systems/rhea/extra.nix
@@ -336,6 +336,14 @@
group = "users";
mediaLocation = "/neo/pictures/photos";
};
+ postgresql = {
+ ensureDatabases = [ "immich" ];
+ ensureUsers = [
+ {
+ name = "vincent";
+ }
+ ];
+ };
jellyfin = {
enable = true;
user = "vincent";
@@ -461,6 +469,21 @@
defaults.email = "vincent@sbr.pm";
};
+ # Grant vincent ownership of the immich database and schemas
+ systemd.services.postgresql.postStart = lib.mkAfter ''
+ $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'vincent'" | grep -q 1 || $PSQL -tAc "CREATE ROLE vincent WITH LOGIN"
+ $PSQL -tAc "ALTER DATABASE immich OWNER TO vincent"
+ $PSQL immich -tAc "ALTER SCHEMA public OWNER TO vincent"
+ $PSQL immich -tAc "ALTER SCHEMA vectors OWNER TO vincent" || true
+ $PSQL immich -tAc "GRANT ALL PRIVILEGES ON SCHEMA public TO vincent"
+ $PSQL immich -tAc "GRANT ALL PRIVILEGES ON SCHEMA vectors TO vincent" || true
+ $PSQL immich -tAc "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO vincent"
+ $PSQL immich -tAc "GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO vincent"
+ $PSQL immich -tAc "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO vincent" || true
+ $PSQL immich -tAc "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO vincent"
+ $PSQL immich -tAc "ALTER DEFAULT PRIVILEGES IN SCHEMA vectors GRANT ALL ON TABLES TO vincent" || true
+ '';
+
networking.useDHCP = lib.mkDefault true;
# Open firewall for Traefik