initial commit. after fucking it up once

2024-11-03 19:50:18 +02:00 · 2024-11-03 19:50:18 +02:00 · b7cea98e99
commit b7cea98e99
48 changed files with 3437 additions and 0 deletions
--- a/services/postgres/postgres.mod.nix
+++ b/services/postgres/postgres.mod.nix
@ -0,0 +1,116 @@
+{
+  fructose.modules = [
+    /*
+      (
+        { config, pkgs, lib, ... }:
+        {
+          systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce "infinity";
+          services.postgresql = {
+            enable = true;
+            checkConfig = true;
+            package = pkgs.postgresql_17;
+            dataDir = "/var/services/postgres/";
+
+            ensureDatabases = [
+              "forgejo"
+              "gts"
+            ];
+            ensureUsers = [
+              {
+                name = "forgejo";
+                ensureDBOwnership = true;
+                ensureClauses = {
+                  login = true;
+                };
+              }
+              {
+                name = "gts";
+                ensureDBOwnership = true;
+                ensureClauses = {
+                  login = true;
+                };
+              }
+            ];
+            settings = {
+              # connection
+              listen_addresses = lib.mkForce "127.0.0.1";
+              port = 5432;
+              unix_socket_directories = "/var/services/postgres/postgres.sock";
+
+              # auth
+              password_encryption = "scram-sha-256";
+
+              # ssl
+              ssl = false;
+
+              #log
+              log_connections = true;
+              log_directory = "/var/services/postgres/log";
+              logging_collector = true;
+              log_disconnections = true;
+            };
+          };
+
+          services.postgresqlBackup = {
+            enable = true;
+            location = "/var/services/postgresbackup/";
+            compression = "gzip";
+            backupAll = true;
+            startAt = "*-*-* 3:20:00";
+          };
+
+        #  services.pgadmin = {
+        #    enable = true;
+        #    initialEmail = "pgadmin@collective-conciousness.monster";
+        #    initialPasswordFile = "${config.sops.secrets.pgadmin_pass.path}";
+        #    openFirewall = true;
+        #    port = 5050;
+
+        #    settings = {
+        #      STRICT_TRANSPORT_SECURITY_ENABLED = true;
+        #      ALLOWED_HOSTS = [
+        #        "127.0.0.1"
+        #        "10.24.1.225"
+        #        "10.24.1.196"
+        #      ];
+        #    };
+        #  };
+        }
+      )
+    */
+    #doesn't seem to work so i'm just gonna make a container for it at the moment.
+    (
+      {
+        config,
+        pkgs,
+        lib,
+        ...
+      }:
+      {
+        virtualisation.oci-containers = {
+          containers.postgres = {
+            image = "postgres:17";
+            ports = [
+              "5432:5432"
+            ];
+            environmentFiles = [
+              "${config.sops.templates."postgresdb.env.secrets.yaml".path}"
+            ];
+            volumes = [
+              "/var/services/postgresdb/data:/var/lib/postgresql/data/"
+            ];
+          };
+          containers.adminer = {
+            image = "adminer:latest";
+            ports = [
+              "5433:8080"
+              "5434:53"
+            ];
+            dependsOn = [ "postgres" ];
+          };
+        };
+      }
+    )
+
+  ];
+}