nix/container/Postgres.nix

{
	config,
	container,
	lib,
	pkgs,
	...
}: let
	cfg = config.container.module.postgres;
in {
	options.container.module.postgres = {
		enable = lib.mkEnableOption "the PostgreSQL server.";
		address = lib.mkOption {
			default = "10.1.0.3";
			type    = lib.types.str;
		};
		port = lib.mkOption {
			default = 5432;
			type    = lib.types.int;
		};
		storage = lib.mkOption {
			default = "${config.container.storage}/postgres";
			type    = lib.types.str;
		};
	};

	config = lib.mkIf cfg.enable {
		systemd.tmpfiles.rules = container.mkContainerDir cfg [
			"data"
		];

		containers.postgres = container.mkContainer cfg {
			bindMounts = {
				"/var/lib/postgresql/data" = {
					hostPath   = "${cfg.storage}/data";
					isReadOnly = false;
				};
			};

			config = { ... }: container.mkContainerConfig cfg {
				services.postgresql = let
					# Populate with services here.
					configurations = with config.container.module; {
						forgejo    = git;
						invidious  = yt;
						mattermost = chat;
						nextcloud  = cloud;
						onlyoffice = office;
						paperless  = paper;
						privatebin = paste;
					};

					access = configurations // {
						all.address = config.container.host;
					};

					authentication = let
						rules = lib.mapAttrsToList (db: cfg:
							"host ${db} ${db} ${cfg.address}/32 trust"
						) access;
					in builtins.foldl' (acc: item: acc + "${item}\n") "" rules;

					ensureDatabases = [
						"root"
					] ++ lib.mapAttrsToList (name: _: name) configurations;

					ensureUsers = map (name: {
						inherit name;
						ensureDBOwnership = true;
						ensureClauses = if name == "root" then {
							createdb   = true;
							createrole = true;
							superuser  = true;
						} else { };
					}) ensureDatabases;
				in {
					inherit authentication ensureDatabases ensureUsers;

					enable = true;
					dataDir     = "/var/lib/postgresql/data/14";
					enableTCPIP = true;
					package     = pkgs.postgresql_14;

					# NOTE: Debug mode.
					# settings = {
					#   log_connections    = true;
					#   log_destination    = lib.mkForce "syslog";
					#   log_disconnections = true;
					#   log_statement      = "all";
					#   logging_collector  = true;
					# };
				};
			};
		};
	};
}
Switch to using nixfmt & indent with spaces cause no tab support... 2024-10-11 23:27:07 +03:00			`{`
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`config,`
			`container,`
			`lib,`
			`pkgs,`
			`...`
			`}: let`
			`cfg = config.container.module.postgres;`
			`in {`
			`options.container.module.postgres = {`
			`enable = lib.mkEnableOption "the PostgreSQL server.";`
			`address = lib.mkOption {`
			`default = "10.1.0.3";`
			`type = lib.types.str;`
			`};`
			`port = lib.mkOption {`
			`default = 5432;`
			`type = lib.types.int;`
			`};`
			`storage = lib.mkOption {`
			`default = "${config.container.storage}/postgres";`
			`type = lib.types.str;`
			`};`
			`};`
WIP : Migrate Docker to NixOS containers. 2024-06-01 10:37:49 +03:00
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`config = lib.mkIf cfg.enable {`
			`systemd.tmpfiles.rules = container.mkContainerDir cfg [`
			`"data"`
			`];`
Huge containers update 2024-06-09 23:35:53 +03:00
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`containers.postgres = container.mkContainer cfg {`
			`bindMounts = {`
			`"/var/lib/postgresql/data" = {`
			`hostPath = "${cfg.storage}/data";`
			`isReadOnly = false;`
			`};`
			`};`
Rewrite modules to options. 2024-06-25 04:04:39 +03:00
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`config = { ... }: container.mkContainerConfig cfg {`
			`services.postgresql = let`
			`# Populate with services here.`
			`configurations = with config.container.module; {`
			`forgejo = git;`
			`invidious = yt;`
			`mattermost = chat;`
			`nextcloud = cloud;`
			`onlyoffice = office;`
			`paperless = paper;`
			`privatebin = paste;`
			`};`
Huge containers update 2024-06-09 23:35:53 +03:00
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`access = configurations // {`
			`all.address = config.container.host;`
			`};`
Rewrite modules to options. 2024-06-25 04:04:39 +03:00
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`authentication = let`
			`rules = lib.mapAttrsToList (db: cfg:`
			`"host ${db} ${db} ${cfg.address}/32 trust"`
			`) access;`
			`in builtins.foldl' (acc: item: acc + "${item}\n") "" rules;`
Rewrite modules to options. 2024-06-25 04:04:39 +03:00
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`ensureDatabases = [`
			`"root"`
			`] ++ lib.mapAttrsToList (name: _: name) configurations;`
Rewrite modules to options. 2024-06-25 04:04:39 +03:00
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`ensureUsers = map (name: {`
			`inherit name;`
			`ensureDBOwnership = true;`
			`ensureClauses = if name == "root" then {`
			`createdb = true;`
			`createrole = true;`
			`superuser = true;`
			`} else { };`
			`}) ensureDatabases;`
			`in {`
			`inherit authentication ensureDatabases ensureUsers;`
Rewrite modules to options. 2024-06-25 04:04:39 +03:00
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`enable = true;`
			`dataDir = "/var/lib/postgresql/data/14";`
			`enableTCPIP = true;`
			`package = pkgs.postgresql_14;`
Postgres : Add debug note. 2024-06-26 20:56:44 +03:00
Purge nixfmt! 2024-11-04 04:37:29 +03:00			`# NOTE: Debug mode.`
			`# settings = {`
			`# log_connections = true;`
			`# log_destination = lib.mkForce "syslog";`
			`# log_disconnections = true;`
			`# log_statement = "all";`
			`# logging_collector = true;`
			`# };`
			`};`
			`};`
			`};`
			`};`
WIP : Migrate Docker to NixOS containers. 2024-06-01 10:37:49 +03:00			`}`