{ config, container, lib, pkgs, ... }: let cfg = config.container.module.postgres; in { options.container.module.postgres = { enable = lib.mkEnableOption "the PostgreSQL server."; address = lib.mkOption { default = "10.1.0.3"; type = lib.types.str; }; port = lib.mkOption { default = 5432; type = lib.types.int; }; storage = lib.mkOption { default = "${config.container.storage}/postgres"; type = lib.types.str; }; }; config = lib.mkIf cfg.enable { systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; containers.postgres = container.mkContainer cfg { bindMounts = { "/var/lib/postgresql/data" = { hostPath = "${cfg.storage}/data"; isReadOnly = false; }; }; config = { ... }: container.mkContainerConfig cfg { services.postgresql = let # Populate with services here. configurations = with config.container.module; { forgejo = git; invidious = yt; mattermost = chat; nextcloud = cloud; onlyoffice = office; paperless = paper; privatebin = paste; }; access = configurations // { all.address = config.container.host; }; authentication = let rules = lib.mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust" ) access; in builtins.foldl' (acc: item: acc + "${item}\n") "" rules; ensureDatabases = [ "root" ] ++ lib.mapAttrsToList (name: _: name) configurations; ensureUsers = map (name: { inherit name; ensureDBOwnership = true; ensureClauses = if name == "root" then { createdb = true; createrole = true; superuser = true; } else { }; }) ensureDatabases; in { inherit authentication ensureDatabases ensureUsers; enable = true; dataDir = "/var/lib/postgresql/data/14"; enableTCPIP = true; package = pkgs.postgresql_14; # NOTE: Debug mode. # settings = { # log_connections = true; # log_destination = lib.mkForce "syslog"; # log_disconnections = true; # log_statement = "all"; # logging_collector = true; # }; }; }; }; }; }