forked from the-distro/infra
49 lines
1.3 KiB
Nix
49 lines
1.3 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
||
|
let
|
||
|
cfg = config.bagel.services.postgres;
|
||
|
|
||
|
dataDir = "/var/db/postgresql/16";
|
||
|
in {
|
||
|
options.bagel.services.postgres = with lib; {
|
||
|
enable = mkEnableOption "PostgreSQL server";
|
||
|
};
|
||
|
|
||
|
config = lib.mkIf cfg.enable {
|
||
|
systemd.tmpfiles.rules = [
|
||
|
"d /var/db 0755 root root - -"
|
||
|
"d /var/db/postgresql 0770 postgres postgres - -"
|
||
|
"d ${dataDir} 0770 postgres postgres - -"
|
||
|
];
|
||
|
|
||
|
services.postgresql = {
|
||
|
enable = true;
|
||
|
package = pkgs.postgresql_16;
|
||
|
dataDir = dataDir;
|
||
|
|
||
|
# TODO: Where to put this to properly couple things? It doesn't belong
|
||
|
# here, but using it in services/hydra would require running on
|
||
|
# localhost. Probably needs to be replaced with some different way of
|
||
|
# ensuring the DB/user exist.
|
||
|
ensureDatabases = [ "hydra" ];
|
||
|
ensureUsers = [
|
||
|
{
|
||
|
name = "hydra";
|
||
|
ensureDBOwnership = true;
|
||
|
}
|
||
|
];
|
||
|
identMap = ''
|
||
|
hydra-users hydra hydra
|
||
|
hydra-users hydra-queue-runner hydra
|
||
|
hydra-users hydra-www hydra
|
||
|
hydra-users root hydra
|
||
|
# The postgres user is used to create the pg_trgm extension for the hydra database
|
||
|
hydra-users postgres postgres
|
||
|
'';
|
||
|
authentication = ''
|
||
|
local hydra all ident map=hydra-users
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
}
|