remove postgresql passwords where they are unneeded

modules/hedgedoc.nix

@@ -23,7 +23,7 @@ in
         port = 3002;
         domain = "${domain}";
         protocolUseSSL = true;
-        dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@localhost:5432/hedgedoc";
+        dbURL = "postgres://hedgedoc@%2Frun%2Fpostgresql/hedgedoc";
         sessionSecret = "\${SESSION_SECRET}";
         csp = {
           enable = true;
@@ -76,7 +76,6 @@ in
       user = config.systemd.services.hedgedoc.serviceConfig.User;
     in
     {
-      postgres_hedgedoc.owner = user;
       hedgedoc_session_secret.owner = user;
       hedgedoc_ldap_search = {
         key = "portunus/search-password";
@@ -85,21 +84,7 @@ in
     };
 
   systemd.services.hedgedoc.preStart = lib.mkBefore ''
-    export DB_PASSWORD="$(cat ${config.sops.secrets.postgres_hedgedoc.path})"
     export SESSION_SECRET="$(cat ${config.sops.secrets.hedgedoc_session_secret.path})"
     export LDAP_CREDENTIALS="$(cat ${config.sops.secrets.hedgedoc_ldap_search.path})"
   '';
-  systemd.services.hedgedoc.after = [ "hedgedoc-pgsetup.service" ];
-
-  systemd.services.hedgedoc-pgsetup = {
-    description = "Prepare HedgeDoc postgres database";
-    wantedBy = [ "multi-user.target" ];
-    after = [ "networking.target" "postgresql.service" ];
-    serviceConfig.Type = "oneshot";
-
-    path = [ pkgs.sudo config.services.postgresql.package ];
-    script = ''
-      sudo -u ${config.services.postgresql.superUser} psql -c "ALTER ROLE hedgedoc WITH PASSWORD '$(cat ${config.sops.secrets.postgres_hedgedoc.path})'"
-    '';
-  };
 }