nixos-hypervisor/services/postgresql/default.nix

{ lib, config, pkgs, ... }:
let
  cfg = config.services.vm_postgresql;
in
{
  options.services.vm_postgresql = {
    enable = lib.mkEnableOption "Enable minimal config";
  };
  config = lib.mkIf cfg.enable {
    services.postgresql = {
      enable = true;
      package = pkgs.postgresql_16;
      enableTCPIP = true;
      settings.port = 5432;
      ensureDatabases = [
        "gitea"
        "nextcloud"
        "netbox"
        "authentik"
        "grafana"
      ];
      ensureUsers = [
        {
          name = "gitea";
          ensureDBOwnership = true;
        }
        {
          name = "nextcloud";
          ensureDBOwnership = true;
        }
      ];
      authentication = "
        host  nextcloud  nextcloud  192.168.1.44/32   md5
        host  gitea      gitea      192.168.1.14/32   md5
        host  netbox     netbox     192.168.1.45/32   md5
        host  authentik  authentik  192.168.1.125/32  md5
        host  grafana    grafana    192.168.1.27/32   md5
        ";
      # Not great, not in prod, cleartext pass
      # waiting for ensureUsers.*.passwordFile option
      # https://github.com/NixOS/nixpkgs/pull/326306
      initialScript = pkgs.writeText "init-sql-script" ''
        alter user gitea with password 'password';
        alter user nextcloud with password 'password';
      '';
    };
    networking.firewall.allowedTCPPorts = [ 5432 ];
  };
}
Add other services 2024-09-09 15:19:57 +02:00			`{ lib, config, pkgs, ... }:`
			`let`
			`cfg = config.services.vm_postgresql;`
			`in`
			`{`
			`options.services.vm_postgresql = {`
			`enable = lib.mkEnableOption "Enable minimal config";`
			`};`
			`config = lib.mkIf cfg.enable {`
			`services.postgresql = {`
			`enable = true;`
Use psql 16 2024-11-28 10:52:27 +01:00			`package = pkgs.postgresql_16;`
Add other services 2024-09-09 15:19:57 +02:00			`enableTCPIP = true;`
			`settings.port = 5432;`
Changes on postgresql role 2024-10-24 14:26:28 +02:00			`ensureDatabases = [`
			`"gitea"`
			`"nextcloud"`
			`"netbox"`
			`"authentik"`
			`"grafana"`
			`];`
Add other services 2024-09-09 15:19:57 +02:00			`ensureUsers = [`
			`{`
			`name = "gitea";`
			`ensureDBOwnership = true;`
			`}`
			`{`
			`name = "nextcloud";`
			`ensureDBOwnership = true;`
			`}`
			`];`
Changes on postgresql role 2024-10-24 14:26:28 +02:00			`authentication = "`
			`host nextcloud nextcloud 192.168.1.44/32 md5`
			`host gitea gitea 192.168.1.14/32 md5`
			`host netbox netbox 192.168.1.45/32 md5`
			`host authentik authentik 192.168.1.125/32 md5`
			`host grafana grafana 192.168.1.27/32 md5`
			`";`
			`# Not great, not in prod, cleartext pass`
			`# waiting for ensureUsers.*.passwordFile option`
			`# https://github.com/NixOS/nixpkgs/pull/326306`
Add other services 2024-09-09 15:19:57 +02:00			`initialScript = pkgs.writeText "init-sql-script" ''`
Changes on postgresql role 2024-10-24 14:26:28 +02:00			`alter user gitea with password 'password';`
			`alter user nextcloud with password 'password';`
Add other services 2024-09-09 15:19:57 +02:00			`'';`
			`};`
			`networking.firewall.allowedTCPPorts = [ 5432 ];`
			`};`
			`}`