refactor: postgresql

nixos/home-assistant.nix

@@ -1,12 +1,10 @@
 {
-  pkgs,
   config,
   lib,
   ...
 }: let
   cfg = config.services.home-assistant;
-  inherit (lib.modules) mkDefault;
-  inherit (lib.lists) optional;
+  inherit (lib.modules) mkIf mkDefault;
 in {
   sops.secrets = {
     ha-integration = {
@@ -49,6 +47,7 @@ in {
         use_webhook = true;
       };
       recorder = {
+        db_url = mkIf (!config.services.postgresql.enable) "!secret db_url";
         auto_purge = true;
         purge_keep_days = 14;
         commit_interval = 1;

nixos/postgres.nix

@@ -1,17 +1,31 @@
 {
   config,
-  pkgs,
+  lib,
   ...
-}: {
+}: let
+  inherit (lib.modules) mkIf mkDefault mkAfter;
+  cfg = config.services.postgresql;
+in {
   services.postgresql = {
-    enable = true;
-    package = pkgs.postgresql_14;
+    enable = mkDefault true;
     ensureDatabases = ["hass"];
     ensureUsers = [
       {
         name = "hass";
         ensureDBOwnership = true;
+        tailscale.allow = !config.services.home-assistant.enable;
       }
     ];
   };
+
+  systemd.services.postgresql = mkIf cfg.enable {
+    postStart = mkAfter ''
+      $PSQL -tAf ${config.sops.secrets.postgresql-init.path}
+    '';
+  };
+
+  sops.secrets.postgresql-init = {
+    owner = "postgres";
+    group = "postgres";
+  };
 }