From 302735969562951024714fe2d5616eb20cb63cb5 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sat, 11 Apr 2026 11:55:45 +0200 Subject: (services databases): trust local connections from synapse_user to avoid sharing a password in matrix configuration --- deployment/services/databases.scm | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'deployment') diff --git a/deployment/services/databases.scm b/deployment/services/databases.scm index f49902e..5cd8a68 100644 --- a/deployment/services/databases.scm +++ b/deployment/services/databases.scm @@ -1,16 +1,34 @@ (define-module (deployment services databases) #:use-module (gnu services) #:use-module (gnu services databases) + #:use-module (guix gexp) #:use-module ((gnu packages databases) #:prefix gnu:packages:databases:) #:export (matrix-postgresql-service)) +(define postgres-hba + (mixed-text-file "pg_hba.conf" + "host synapse synapse_user 127.0.0.1/32 trust\n" + "host synapse synapse_user ::1/128 trust\n" + "local all all peer\n" + "host all all 127.0.0.1/32 md5\n" + "host all all ::1/128 md5\n")) + +(define config-file + (postgresql-config-file + (log-destination "syslog") + (hba-file postgres-hba) + (ident-file (@@ (gnu services databases) + %default-postgres-ident)) + (socket-directory "/var/run/postgresql") + (extra-config (list)))) + (define matrix-postgresql-service-configuration (postgresql-configuration (postgresql gnu:packages:databases:postgresql-17) (port 5432) (locale "pl_PL.utf8") - (config-file (postgresql-config-file)) + (config-file config-file) (log-directory "/var/log/postgresql") (data-directory "/var/lib/postgresql/data") (extension-packages (list)) -- cgit v1.3