Restructure DB config, add ssh keys

config/hosts/grondahl/services/postgres.nix

@@ -1,26 +1,55 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   services.postgresql = {
     enable = true;
     package = pkgs.postgresql_13;
+		extraPlugins = with config.services.postgresql.package.pkgs; [
+			postgis
+		];
+    ensureDatabases = [ 
+			"matrix-synapse"
+			"mobilizon"
+			"authentik"
+		];
+    ensureUsers = [
+    	{
+				name = "matrix-synapse";
+      	ensurePermissions."DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
+    	}
+			{
+				name = "mobilizon";
+      	ensurePermissions."DATABASE mobilizon" = "ALL PRIVILEGES";
+  		}
+			{ 
+				name = "authentik";
+				ensurePermissions."DATABASE authentik" = "ALL PRIVILEGES";
+			}
+    ];
     initialScript = pkgs.writeText "synapse-init.sql" ''
-                      CREATE ROLE synapse;
-                      CREATE DATABASE synapse WITH OWNER synapse
+                      CREATE ROLE matrix-synapse;
+                      CREATE DATABASE matrix-synapse WITH OWNER matrix-synapse
                           TEMPLATE template0
                           LC_COLLATE = "C"
                           LC_CTYPE = "C"
                           ENCODING = "UTF8";
     '';
-    authentication = pkgs.lib.mkOverride 10 ''
-        local all all trust
-        host all all ::1/128 trust
-    '';
+		settings = { password_encryption = "scram-sha-256"; };
+		authentication = pkgs.lib.mkForce ''
+			local all postgres peer
+			local all matrix-synapse peer
+			local all mobilizon scram-sha-256
+			local all authentik scram-sha-256
+		'';
   };
 
   services.postgresqlBackup = {
     enable = true;
     location = "/var/lib/postgresql/backup";
-    databases = [ "synapse" ];
+    databases = [ 
+			"matrix-synapse"
+			"mobilizon"
+			"authentik"
+		];
     startAt = "02:30";
     compression = "none";
   };