nix/container/Postgres.nix

58 lines
1.4 KiB
Nix

{ container, lib, ... } @args: let
cfg = container.config.postgres;
in {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.postgres = container.mkContainer cfg {
bindMounts = {
"/var/lib/postgresql/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { pkgs, ... }: container.mkContainerConfig cfg {
services.postgresql = let
# Populate with services here.
configurations = with container.config; {
gitea = git;
nextcloud = cloud;
privatebin = paste;
onlyoffice = office;
paperless = paper;
invidious = yt;
};
access = configurations // {
all = { address = container.host; };
};
authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" (
lib.mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access
);
ensureDatabases = [ "root" ] ++ lib.mapAttrsToList (name: _: name) configurations;
ensureUsers = map (name: {
inherit name;
ensureClauses = if name == "root" then {
superuser = true;
createrole = true;
createdb = true;
} else {};
ensureDBOwnership = true;
}) ensureDatabases;
in {
inherit authentication ensureDatabases ensureUsers;
enable = true;
package = pkgs.postgresql_14;
dataDir = "/var/lib/postgresql/data/14";
enableTCPIP = true;
};
};
};
}