58 lines
1.4 KiB
Nix
58 lines
1.4 KiB
Nix
{ container, lib, ... } @args: let
|
|
cfg = container.config.postgres;
|
|
in {
|
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
|
"data"
|
|
];
|
|
|
|
containers.postgres = container.mkContainer cfg {
|
|
bindMounts = {
|
|
"/var/lib/postgresql/data" = {
|
|
hostPath = "${cfg.storage}/data";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config = { pkgs, ... }: container.mkContainerConfig cfg {
|
|
services.postgresql = let
|
|
# Populate with services here.
|
|
configurations = with container.config; {
|
|
gitea = git;
|
|
nextcloud = cloud;
|
|
privatebin = paste;
|
|
onlyoffice = office;
|
|
paperless = paper;
|
|
invidious = yt;
|
|
};
|
|
|
|
access = configurations // {
|
|
all = { address = container.host; };
|
|
};
|
|
|
|
authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" (
|
|
lib.mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access
|
|
);
|
|
|
|
ensureDatabases = [ "root" ] ++ lib.mapAttrsToList (name: _: name) configurations;
|
|
|
|
ensureUsers = map (name: {
|
|
inherit name;
|
|
ensureClauses = if name == "root" then {
|
|
superuser = true;
|
|
createrole = true;
|
|
createdb = true;
|
|
} else {};
|
|
ensureDBOwnership = true;
|
|
}) ensureDatabases;
|
|
in {
|
|
inherit authentication ensureDatabases ensureUsers;
|
|
|
|
enable = true;
|
|
package = pkgs.postgresql_14;
|
|
dataDir = "/var/lib/postgresql/data/14";
|
|
enableTCPIP = true;
|
|
};
|
|
};
|
|
};
|
|
}
|