61 lines
1.2 KiB
Nix
61 lines
1.2 KiB
Nix
{ pkgs
|
|
, storage
|
|
, const
|
|
, domain
|
|
, host
|
|
, util
|
|
, mkContainer
|
|
, mkContainerConfig
|
|
, ... } @args: let
|
|
path = "${storage}/postgres";
|
|
in {
|
|
systemd.tmpfiles.rules = map (
|
|
dirName: "d '${path}/${dirName}' 1777 root root - -"
|
|
) [ "data" ];
|
|
|
|
containers.postgres = mkContainer {
|
|
autoStart = true;
|
|
localAddress = "10.1.0.3";
|
|
privateNetwork = true;
|
|
|
|
bindMounts = {
|
|
"/var/lib/postgresql/data" = {
|
|
hostPath = "${path}/data";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config = { config, lib, pkgs, ... }: mkContainerConfig {
|
|
system.stateVersion = const.stateVersion;
|
|
|
|
users.users.root.password = "";
|
|
users.mutableUsers = false;
|
|
|
|
networking = {
|
|
useHostResolvConf = lib.mkForce false;
|
|
firewall.enable = false;
|
|
};
|
|
|
|
services.postgresql = let
|
|
databases = [
|
|
"privatebin"
|
|
];
|
|
in {
|
|
enable = true;
|
|
package = pkgs.postgresql_14;
|
|
dataDir = "/var/lib/postgresql/data/14";
|
|
enableTCPIP = true;
|
|
authentication = ''
|
|
host all all ${host}/32 trust
|
|
host privatebin privatebin 10.1.0.14/32 trust
|
|
'';
|
|
ensureDatabases = databases;
|
|
ensureUsers = map (name: {
|
|
inherit name;
|
|
ensureDBOwnership = true;
|
|
}) databases;
|
|
};
|
|
};
|
|
};
|
|
}
|