feat: move postgres to shared modules

2025-07-27 10:07:44 +00:00 · 2025-02-27 23:40:34 +03:00 · 2025-02-27 23:40:34 +03:00 · dd4fa3b28d
commit dd4fa3b28d
parent cb7ba948d9
7 changed files with 197 additions and 115 deletions
--- a/modules/postgresql.nix
+++ b/modules/postgresql.nix
@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }: let
+  inherit (lib) const enabled flip genAttrs mkForce mkOverride mkValue;
+in {
+  config.services.prometheus.exporters.postgres = enabled {
+    listenAddress       = "[::]";
+    runAsLocalSuperUser = true;
+  };
+
+  config.services.restic.backups = genAttrs config.services.restic.hosts <| const {
+    paths = [ "/tmp/postgresql-dump.sql.gz" ];
+
+    backupPrepareCommand = /* sh */ ''
+      ${config.services.postgresql.package}/bin/pg_dumpall --clean \
+      | ${lib.getExe pkgs.gzip} --rsyncable \
+      > /tmp/postgresql-dump.sql.gz
+    '';
+
+    backupCleanupCommand = /* sh */ ''
+      rm /tmp/postgresql-dump.sql.gz
+    '';
+  };
+
+  config.environment.systemPackages = [
+    config.services.postgresql.package
+  ];
+
+  options.services.postgresql.ensure = mkValue [];
+
+  config.services.postgresql = enabled {
+    package = pkgs.postgresql_17;
+
+    enableJIT   = true;
+    enableTCPIP = true; # We override it, but might as well.
+
+    settings.listen_addresses = mkForce "::";
+    authentication            = mkOverride 10 /* ini */ ''
+      #     DATABASE USER        AUTHENTICATION
+      local all      all         peer
+
+      #     DATABASE USER ADDRESS AUTHENTICATION
+      host  all      all  ::/0    md5
+    '';
+
+    ensure = [ "postgres" "root" ];
+
+    initdbArgs      = [ "--locale=C" "--encoding=UTF8" ];
+    ensureDatabases = config.services.postgresql.ensure;
+
+    ensureUsers = flip map config.services.postgresql.ensure (name: {
+      inherit name;
+
+      ensureDBOwnership = true;
+
+      ensureClauses = {
+        login       = true;
+        superuser   = name == "postgres" || name == "root";
+      };
+    });
+  };
+}
+