# # System notifications # { config, lib, pkgs, ... }: { services.postgresql = { enable = true; package = pkgs.postgresql_14; settings = { max_connections = 200; listen_addresses = "localhost"; password_encryption = "scram-sha-256"; shared_buffers = "512MB"; work_mem = "8MB"; autovacuum_work_mem = -1; min_wal_size = "1GB"; max_wal_size = "4GB"; log_timezone = "Europe/Berlin"; timezone = "Europe/Berlin"; }; authentication = pkgs.lib.mkOverride 14 '' local all postgres peer local giteadb gitea scram-sha-256 local nextclouddb nextcloud scram-sha-256 local synapsedb synapse scram-sha-256 local whatsappdb mautrixwa scram-sha-256 local telegramdb mautrixtele scram-sha-256 local signaldb mautrixsignal scram-sha-256 local keycloakdb keycloak scram-sha-256 ''; initialScript = config.age.secrets."services/postgresql/initScript.sql".path; ensureDatabases = [ "giteadb" "nextclouddb" "synapsedb" "whatsappdb" "telegramdb" "signaldb" "keycloakdb" ]; ensureUsers = [ { name = "gitea"; ensurePermissions = { "DATABASE giteadb" = "ALL PRIVILEGES"; }; } { name = "nextcloud"; ensurePermissions = { "DATABASE nextclouddb" = "ALL PRIVILEGES"; }; } { name = "synapse"; ensurePermissions = { "DATABASE synapsedb" = "ALL PRIVILEGES"; }; } { name = "mautrixwa"; ensurePermissions = { "DATABASE whatsappdb" = "ALL PRIVILEGES"; }; } { name = "mautrixtele"; ensurePermissions = { "DATABASE telegramdb" = "ALL PRIVILEGES"; }; } { name = "mautrixsignal"; ensurePermissions = { "DATABASE signaldb" = "ALL PRIVILEGES"; }; } { name = "keycloak"; ensurePermissions = { "DATABASE keycloakdb" = "ALL PRIVILEGES"; }; } ]; }; services.postgresqlBackup.enable = true; age.secrets."services/postgresql/initScript.sql" = { file = ../../../secrets/services/postgresql/initScript.age; owner = "postgres"; }; }