adyya-flake/services/postgres/postgres.mod.nix

{
  fructose.modules = [
    /*
    (
      { config, pkgs, lib, ... }:
      {
        systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce "infinity";
        services.postgresql = {
          enable = true;
          checkConfig = true;
          package = pkgs.postgresql_17;
          dataDir = "/var/services/postgres/";

          ensureDatabases = [
            "forgejo"
            "gts"
          ];
          ensureUsers = [
            {
              name = "forgejo";
              ensureDBOwnership = true;
              ensureClauses = {
                login = true;
              };
            }
            {
              name = "gts";
              ensureDBOwnership = true;
              ensureClauses = {
                login = true;
              };
            }
          ];
          settings = {
            # connection
            listen_addresses = lib.mkForce "127.0.0.1";
            port = 5432;
            unix_socket_directories = "/var/services/postgres/postgres.sock";

            # auth
            password_encryption = "scram-sha-256";

            # ssl
            ssl = false;

            #log
            log_connections = true;
            log_directory = "/var/services/postgres/log";
            logging_collector = true;
            log_disconnections = true;
          };
        };

        services.postgresqlBackup = {
          enable = true;
          location = "/var/services/postgresbackup/";
          compression = "gzip";
          backupAll = true;
          startAt = "*-*-* 3:20:00";
        };

      #  services.pgadmin = {
      #    enable = true;
      #    initialEmail = "pgadmin@collective-conciousness.monster";
      #    initialPasswordFile = "${config.sops.secrets.pgadmin_pass.path}";
      #    openFirewall = true;
      #    port = 5050;

      #    settings = {
      #      STRICT_TRANSPORT_SECURITY_ENABLED = true;
      #      ALLOWED_HOSTS = [
      #        "127.0.0.1"
      #        "10.24.1.225"
      #        "10.24.1.196"
      #      ];
      #    };
      #  };
      }
    )
    */
    #doesn't seem to work so i'm just gonna make a container for it at the moment.
    (
      {
        config,
        pkgs,
        lib,
        ...
      }: {
        virtualisation.oci-containers = {
          containers.postgres = {
            image = "postgres:17";
            ports = [
              "5432:5432"
            ];
            environmentFiles = [
              "${config.sops.templates."postgresdb.env.secrets.yaml".path}"
            ];
            volumes = [
              "/var/services/postgresdb/data:/var/lib/postgresql/data/"
            ];
          };
          containers.adminer = {
            image = "adminer:latest";
            ports = [
              "5433:8080"
              "5434:53"
            ];
            dependsOn = ["postgres"];
          };
        };
      }
    )
  ];
}