nixos-hypervisor/services/postgresql/default.nix

{ lib, config, pkgs, ... }:
let
  cfg = config.services.vm_postgresql;
in
{
  options.services.vm_postgresql = {
    enable = lib.mkEnableOption "Enable minimal config";
  };
  config = lib.mkIf cfg.enable {
    services.postgresql = {
      enable = true;
      enableTCPIP = true;
      settings.port = 5432;
      ensureDatabases = [ "gitea" "nextcloud" ];
      ensureUsers = [
        {
          name = "gitea";
          ensureDBOwnership = true;
        }
        {
          name = "nextcloud";
          ensureDBOwnership = true;
        }
      ];
      authentication = pkgs.lib.mkOverride 10 ''
        #type database   user        origin-address    auth-method
        # IPv4 local connections:
        local all        all                           trust
        host  gitea      gitea       192.168.122.3/24  trust
        host  nextcloud  nextcloud   192.168.122.7/24  trust
      '';
      initialScript = pkgs.writeText "init-sql-script" ''
        alter user gitea with password 'gitea';
        alter user nextcloud with password 'nextcloud';
      '';
    };
    networking.firewall.allowedTCPPorts = [ 5432 ];
  };
}