nix/container/Postgres.nix

{ container, lib, pkgs, config, ... }: with lib; let
	cfg = config.container.module.postgres;
in {
	options = {
		container.module.postgres = {
			enable = mkEnableOption "Postgresql server.";
			address = mkOption {
				default = "10.1.0.3";
				type    = types.str;
			};
			port = mkOption {
				default = 5432;
				type    = types.int;
			};
			storage = mkOption {
				default = "${config.container.storage}/postgres";
				type    = types.str;
			};
		};
	};

	config = mkIf cfg.enable {
		systemd.tmpfiles.rules = container.mkContainerDir cfg [
			"data"
		];

		containers.postgres = container.mkContainer cfg {
			bindMounts = {
				"/var/lib/postgresql/data" = {
					hostPath   = "${cfg.storage}/data";
					isReadOnly = false;
				};
			};

			config = { ... }: container.mkContainerConfig cfg {
				services.postgresql = let
					# Populate with services here.
					configurations = with config.container.module; {
						gitea       = git;
						nextcloud   = cloud;
						privatebin  = paste;
						onlyoffice  = office;
						paperless   = paper;
						invidious   = yt;
					};

					access = configurations // {
						all = { address = config.container.host; };
					};

					authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" (
						mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access
					);

					ensureDatabases = [ "root" ] ++ mapAttrsToList (name: _: name) configurations;

					ensureUsers = map (name: {
						inherit name;
						ensureClauses = if name == "root" then {
							superuser  = true;
							createrole = true;
							createdb   = true;
						} else {};
						ensureDBOwnership = true;
					}) ensureDatabases;
				in {
					inherit authentication ensureDatabases ensureUsers;

					enable      = true;
					package     = pkgs.postgresql_14;
					dataDir     = "/var/lib/postgresql/data/14";
					enableTCPIP = true;
				};
			};
		};
	};
}