From 5b4f1110443d01a3a0f4b73e01c1b44be7560276 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 6 Jun 2026 18:45:28 +0200
Subject: pw.bouncy.email

---
 hosts/surtr/postgresql/default.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'hosts/surtr/postgresql/default.nix')

diff --git a/hosts/surtr/postgresql/default.nix b/hosts/surtr/postgresql/default.nix
index 3786ea7c..c43d5983 100644
--- a/hosts/surtr/postgresql/default.nix
+++ b/hosts/surtr/postgresql/default.nix
@@ -338,6 +338,27 @@ in {
           );
 
           COMMIT;
+
+          BEGIN;
+          SELECT _v.register_patch('017-password_admin', ARRAY['000-base'], null);
+
+          CREATE TABLE password_admin (
+            id uuid PRIMARY KEY NOT NULL DEFAULT gen_random_uuid(),
+            mailbox uuid REFERENCES mailbox(id)
+          );
+          CREATE USER "email-password-server";
+          GRANT CONNECT ON DATABASE "email" TO "email-password-server";
+          ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO "email-password-server";
+          GRANT SELECT ON ALL TABLES IN SCHEMA public TO "email-password-server";
+
+          COMMIT;
+
+          BEGIN;
+          SELECT _v.register_patch('018-password_admin', ARRAY['000-base', '017-password_admin'], null);
+
+          GRANT UPDATE ON mailbox TO "email-password-server";
+
+          COMMIT;
         ''}
 
         psql etebase postgres -eXf ${pkgs.writeText "etebase.sql" ''
-- 
cgit v1.2.3