nixos-config/modules/services/server/postgresql.nix

97 lines
2.6 KiB
Nix
Raw Normal View History

2022-12-10 11:16:50 +01:00
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.postgresql = {
enable = true;
package = pkgs.postgresql_14;
settings = {
max_connections = 200;
listen_addresses = "localhost";
password_encryption = "scram-sha-256";
shared_buffers = "512MB";
work_mem = "8MB";
2022-12-10 11:16:50 +01:00
autovacuum_work_mem = -1;
min_wal_size = "1GB";
max_wal_size = "4GB";
log_timezone = "Europe/Berlin";
timezone = "Europe/Berlin";
2022-12-10 11:16:50 +01:00
};
authentication = pkgs.lib.mkOverride 14 ''
#local all postgres peer
2022-12-10 11:16:50 +01:00
host giteadb gitea samehost scram-sha-256
host nextclouddb nextcloud samehost scram-sha-256
host synapsedb synapse samehost scram-sha-256
2022-12-10 11:16:50 +01:00
host whatsappdb mautrixwa samehost scram-sha-256
host telegramdb mautrixtele samehost scram-sha-256
host signaldb mautrixsignal samehost scram-sha-256
host keycloakdb keycloak samehost scram-sha-256
'';
2022-12-27 20:52:04 +01:00
initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
2022-12-10 11:16:50 +01:00
ensureDatabases = [
"giteadb"
"nextclouddb"
"synapsedb"
"whatsappdb"
"telegramdb"
"signaldb"
"keycloakdb"
2022-12-11 18:35:42 +01:00
];
2022-12-10 11:16:50 +01:00
ensureUsers = [
{
name = "gitea";
ensurePermissions = {
"DATABASE giteadb" = "ALL PRIVILEGES";
};
}
2022-12-10 11:16:50 +01:00
{
name = "nextcloud";
ensurePermissions = {
"DATABASE nextclouddb" = "ALL PRIVILEGES";
};
}
2022-12-10 11:16:50 +01:00
{
name = "synapse";
ensurePermissions = {
"DATABASE synapsedb" = "ALL PRIVILEGES";
};
}
2022-12-10 11:16:50 +01:00
{
name = "mautrixwa";
ensurePermissions = {
"DATABASE whatsappdb" = "ALL PRIVILEGES";
};
}
2022-12-10 11:16:50 +01:00
{
name = "mautrixtele";
ensurePermissions = {
"DATABASE telegramdb" = "ALL PRIVILEGES";
};
}
2022-12-10 11:16:50 +01:00
{
name = "mautrixsignal";
ensurePermissions = {
"DATABASE signaldb" = "ALL PRIVILEGES";
};
}
2022-12-10 11:16:50 +01:00
{
name = "keycloak";
ensurePermissions = {
"DATABASE keycloakdb" = "ALL PRIVILEGES";
};
}
2022-12-11 18:35:42 +01:00
];
2022-12-10 11:16:50 +01:00
};
services.postgresqlBackup.enable = true;
2022-12-10 11:16:50 +01:00
2022-12-27 20:52:04 +01:00
age.secrets."services/postgresql/initScript.sql" = {
file = ../../../secrets/services/postgresql/initScript.age;
owner = "postgres";
};
2022-12-10 11:16:50 +01:00
}