# # System notifications # { config, lib, pkgs, ... }: { services.postgresql = { enable = true; package = pkgs.postgresql_14; settings = { max_connections = 200; listen_addresses = "localhost"; password_encryption = "scram-sha-256"; shared_buffers = "512MB"; work_mem = "8MB"; autovacuum_work_mem = -1; min_wal_size = "1GB"; max_wal_size = "4GB"; log_timezone = "Europe/Berlin"; timezone = "Europe/Berlin"; }; authentication = pkgs.lib.mkOverride 14 '' #local all postgres peer host giteadb gitea samehost scram-sha-256 host nextclouddb nextcloud samehost scram-sha-256 host synapsedb synapse samehost scram-sha-256 host whatsappdb mautrixwa samehost scram-sha-256 host telegramdb mautrixtele samehost scram-sha-256 host signaldb mautrixsignal samehost scram-sha-256 host keycloakdb keycloak samehost scram-sha-256 ''; initialScript = config.age.secrets."services/postgresql/initScript.sql".path; ensureDatabases = [ "giteadb" "nextclouddb" "synapsedb" "whatsappdb" "telegramdb" "signaldb" "keycloakdb" ]; ensureUsers = [ { name = "gitea"; ensurePermissions = { "DATABASE giteadb" = "ALL PRIVILEGES"; }; } { name = "nextcloud"; ensurePermissions = { "DATABASE nextclouddb" = "ALL PRIVILEGES"; }; } { name = "synapse"; ensurePermissions = { "DATABASE synapsedb" = "ALL PRIVILEGES"; }; } { name = "mautrixwa"; ensurePermissions = { "DATABASE whatsappdb" = "ALL PRIVILEGES"; }; } { name = "mautrixtele"; ensurePermissions = { "DATABASE telegramdb" = "ALL PRIVILEGES"; }; } { name = "mautrixsignal"; ensurePermissions = { "DATABASE signaldb" = "ALL PRIVILEGES"; }; } { name = "keycloak"; ensurePermissions = { "DATABASE keycloakdb" = "ALL PRIVILEGES"; }; } ]; }; services.postgresqlBackup.enable = true; age.secrets."services/postgresql/initScript.sql" = { file = ../../../secrets/services/postgresql/initScript.age; owner = "postgres"; }; }