server: tweak postgresql to more caching

disko/nas_luks.nix

@@ -0,0 +1,47 @@
+{
+  disko.devices = {
+    disk = {
+      sda = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "NAS-RAID";
+                askPassword = true;
+                # disable settings.keyFile if you want to use interactive password entry
+                #passwordFile = "/tmp/secret.key"; # Interactive
+                settings = {
+                  allowDiscards = true;
+                };
+                content = {
+                  type = "btrfs";
+                  extraArgs = [ "-f -L NAS-RAID" ];
+                  subvolumes = {
+                    "@" = {
+                      mountpoint = "/mnt/Pluto";
+                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
+                    };
+                    "@/Backups";
+                    "@/Media";
+                    "@/Games";
+                    "@/IT";
+                    "@/Rest";
+                    "@snapshots" = {
+                      mountpoint = "/mnt";
+                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

modules/services/server/default.nix

@@ -17,7 +17,7 @@
   ./nextcloud.nix
   ./matrix.nix
   ./coturn.nix
-  ./jitsi.nix
+  #./jitsi.nix
 ]
 
 # picom, polybar and sxhkd are pulled from desktop module

modules/services/server/gitea_runner.nix

@@ -5,6 +5,8 @@
       podman ={
         enable = true;
         autoPrune.enable = true;
+        dockerCompat = true;
+        #defaultNetwork.settings.dns_enabled = true;
       };
     };
 

modules/services/server/nextcloud.nix

@@ -46,7 +46,7 @@
     services.onlyoffice = {
         enable = true;
         hostname = "localhost";
-        postgresName = "onlyofficedb";
+        postgresName = "onlyoffice";
         postgresHost = "localhost";
         postgresUser = "onlyoffice";
         postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
@@ -91,4 +91,9 @@
         requires = ["postgresql.service"];
         after = ["postgresql.service"];
     };
+
+    security.acme.defaults.email = "webmaster@kabtop.de";
+    security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
+    security.acme.acceptTerms = true;
+
 }

modules/services/server/postgresql.nix

@@ -12,8 +12,9 @@
         max_connections = 200;
         listen_addresses = "localhost";
         password_encryption = "scram-sha-256";
-        shared_buffers = "512MB";
-        work_mem = "8MB";
+        shared_buffers = "2GB";
+        work_mem = "1GB";
+        maintence_work_mem = "500MB"
         autovacuum_work_mem = -1;
         min_wal_size = "1GB";
         max_wal_size = "4GB";
@@ -29,7 +30,8 @@
         host   whatsappdb  mautrixwa      localhost scram-sha-256
         host   telegramdb  mautrixtele    localhost scram-sha-256
         host   signaldb    mautrixsignal  localhost scram-sha-256
-        host  onlyofficedb onlyoffice     localhost scram-sha-256
+        host   onlyoffice  onlyoffice     localhost scram-sha-256
+        local  onlyoffice  onlyoffice     peer
     '';
     initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
   };