56 lines
1.1 KiB
Nix
56 lines
1.1 KiB
Nix
{ storage
|
|
, const
|
|
, host
|
|
, mkContainer
|
|
, mkContainerConfig
|
|
, mkContainerDir
|
|
, ... } @args: let
|
|
address = "10.1.0.3";
|
|
path = "${storage}/postgres";
|
|
in {
|
|
systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [
|
|
"data"
|
|
];
|
|
|
|
containers.postgres = mkContainer address {
|
|
bindMounts = {
|
|
"/var/lib/postgresql/data" = {
|
|
hostPath = "${path}/data";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config = { lib, pkgs, ... }: mkContainerConfig {
|
|
system.stateVersion = const.stateVersion;
|
|
|
|
users.users.root.password = "";
|
|
users.mutableUsers = false;
|
|
|
|
networking = {
|
|
useHostResolvConf = lib.mkForce false;
|
|
firewall.enable = false;
|
|
};
|
|
|
|
services.postgresql = let
|
|
databases = [
|
|
"privatebin"
|
|
];
|
|
in {
|
|
enable = true;
|
|
package = pkgs.postgresql_14;
|
|
dataDir = "/var/lib/postgresql/data/14";
|
|
enableTCPIP = true;
|
|
authentication = ''
|
|
host all all ${host}/32 trust
|
|
host privatebin privatebin 10.1.0.14/32 trust
|
|
'';
|
|
ensureDatabases = databases;
|
|
ensureUsers = map (name: {
|
|
inherit name;
|
|
ensureDBOwnership = true;
|
|
}) databases;
|
|
};
|
|
};
|
|
};
|
|
}
|