#
# System notifications
#

{ config, lib, pkgs, ... }:

{
  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_14;
    settings = {
        max_connections = 200;
        listen_addresses = "localhost";
        password_encryption = "scram-sha-256";
        shared_buffers = "512MB";
        work_mem = "8MB";
        autovacuum_work_mem = -1;
        min_wal_size = "1GB";
        max_wal_size = "4GB";
        log_timezone = "Europe/Berlin";
        timezone = "Europe/Berlin";
    };
    authentication = pkgs.lib.mkOverride 14 ''
        local all        postgres                  peer
        host  giteadb     gitea           samehost scram-sha-256
        host  nextclouddb nextcloud       samehost scram-sha-256
        host  synapsedb   synapse_user    samehost scram-sha-256
        host  whatsappdb  mautrixwa       samehost scram-sha-256
        host  telegramdb  mautrixtele     samehost scram-sha-256
        host  signaldb    mautrixsignal   samehost scram-sha-256
        #host  facebookdb  mautrixfacebook samehost scram-sha-256
        #host  xmppdb      ejabberd        samehost scram-sha-256
        #host  prosodydb   prosody         samehost scram-sha-256
        host  keycloakdb  keycloak        samehost scram-sha-256
    '';
    ensureDatabases = [
        "giteadb"
        "nextclouddb"
        "synapsedb"
        "whatsappdb"
        "telegramdb"
        "signaldb"
        "keycloakdb"
    ];
    ensureUsers = [
        {
            name = "gitea";
            ensurePermissions = {
                "DATABASE giteadb" = "ALL PRIVILEGES";
            };
        }
        {
            name = "nextcloud";
            ensurePermissions = {
                "DATABASE nextclouddb" = "ALL PRIVILEGES";
            };
        }
        {
            name = "synapse";
            ensurePermissions = {
                "DATABASE synapsedb" = "ALL PRIVILEGES";
            };
        }
        {
            name = "mautrixwa";
            ensurePermissions = {
                "DATABASE whatsappdb" = "ALL PRIVILEGES";
            };
        }
        {
            name = "mautrixtele";
            ensurePermissions = {
                "DATABASE telegramdb" = "ALL PRIVILEGES";
            };
        }
        {
            name = "mautrixsignal";
            ensurePermissions = {
                "DATABASE signaldb" = "ALL PRIVILEGES";
            };
        }
        {
            name = "keycloak";
            ensurePermissions = {
                "DATABASE keycloakdb" = "ALL PRIVILEGES";
            };
        }
    ];
  };

  services.postgresqlBackup.enable = true;

}