mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 12:29:19 -08:00
69 lines
1.8 KiB
Nix
69 lines
1.8 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.modules) mkIf mkDefault mkAfter;
|
|
inherit (lib) versions;
|
|
cfg = config.services.postgresql;
|
|
in {
|
|
services.postgresql = {
|
|
enable = mkDefault true;
|
|
ensureDatabases = ["hass" "invidious" "dex" "keycloak" "vaultwarden"];
|
|
ensureUsers = [
|
|
{
|
|
name = "hass";
|
|
ensureDBOwnership = true;
|
|
authentication.int.allow = !config.services.home-assistant.enable;
|
|
}
|
|
{
|
|
name = "invidious";
|
|
ensureDBOwnership = true;
|
|
authentication.int.allow = !config.services.invidious.enable;
|
|
}
|
|
{
|
|
name = "dex";
|
|
ensureDBOwnership = true;
|
|
authentication.local.allow = true;
|
|
}
|
|
{
|
|
name = "keycloak";
|
|
ensureDBOwnership = true;
|
|
authentication.int.allow = !config.services.keycloak.enable;
|
|
}
|
|
{
|
|
name = "vaultwarden";
|
|
ensureDBOwnership = true;
|
|
authentication.int.allow = !config.services.vaultwarden.enable;
|
|
}
|
|
];
|
|
};
|
|
services.postgresqlBackup = {
|
|
enable = mkDefault cfg.enable;
|
|
compression = mkDefault "none";
|
|
location = mkDefault "/mnt/shared/postgresql/dump";
|
|
startAt = mkDefault "*-*-* 00:30:00";
|
|
databases = [
|
|
#"hass" # only used for recorder (entity state history) module, so just a useless large cache?
|
|
"invidious"
|
|
#"dex"
|
|
"keycloak"
|
|
"vaultwarden"
|
|
];
|
|
};
|
|
|
|
systemd = {
|
|
services.postgresql = mkIf cfg.enable {
|
|
gensokyo-zone.sharedMounts."postgresql/${versions.major cfg.package.version}".path = cfg.dataDir;
|
|
postStart = mkAfter ''
|
|
$PSQL -tAf ${config.sops.secrets.postgresql-init.path}
|
|
'';
|
|
};
|
|
};
|
|
|
|
sops.secrets.postgresql-init = {
|
|
sopsFile = mkDefault ./secrets/postgres.yaml;
|
|
owner = "postgres";
|
|
group = "postgres";
|
|
};
|
|
}
|