nix/container/Postgres.nix
2024-06-09 16:11:25 +03:00

59 lines
1.2 KiB
Nix

{ pkgs
, storage
, const
, host
, mkContainer
, mkContainerConfig
, ... } @args: let
path = "${storage}/postgres";
in {
systemd.tmpfiles.rules = map (
dirName: "d '${path}/${dirName}' 1777 root root - -"
) [ "data" ];
containers.postgres = mkContainer {
autoStart = true;
localAddress = "10.1.0.3";
privateNetwork = true;
bindMounts = {
"/var/lib/postgresql/data" = {
hostPath = "${path}/data";
isReadOnly = false;
};
};
config = { config, lib, pkgs, ... }: mkContainerConfig {
system.stateVersion = const.stateVersion;
users.users.root.password = "";
users.mutableUsers = false;
networking = {
useHostResolvConf = lib.mkForce false;
firewall.enable = false;
};
services.postgresql = let
databases = [
"privatebin"
];
in {
enable = true;
package = pkgs.postgresql_14;
dataDir = "/var/lib/postgresql/data/14";
enableTCPIP = true;
authentication = ''
host all all ${host}/32 trust
host privatebin privatebin 10.1.0.14/32 trust
'';
ensureDatabases = databases;
ensureUsers = map (name: {
inherit name;
ensureDBOwnership = true;
}) databases;
};
};
};
}