RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-27 10:07:44 +00:00
Code Issues Activity

feat: move postgres to shared modules

Browse source
This commit is contained in:
RGBCube 2025-02-27 23:40:34 +03:00
parent cb7ba948d9
commit dd4fa3b28d
Signed by: RGBCube
SSH key fingerprint: SHA256:CzqbPcfwt+GxFYNnFVCqoN5Itn4YFrshg1TrnACpA5M
7 changed files with 197 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

66
hosts/best/postgresql.nix Normal file
View file

@ -0,0 +1,66 @@
{ self, ... }: {
imports = [(self + /modules/postgresql.nix)];
# Generated by <https://pgconfigurator.cybertec.at/>
services.postgresql.settings = {
# Connectivity
max_connections = 100;
superuser_reserved_connections = 3;
# Memory Settings
shared_buffers = "10240 MB";
work_mem = "64 MB";
maintenance_work_mem = "620 MB";
huge_pages = "try"; # TODO: Tune kernel: <https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES>
effective_cache_size = "45 GB";
effective_io_concurrency = 100;
random_page_cost = 1.25;
# Monitoring
shared_preload_libraries = "pg_stat_statements";
track_io_timing = "on";
track_functions = "pl";
# Replication
wal_level = "replica";
max_wal_senders = 10;
synchronous_commit = "on";
# Checkpointing:
checkpoint_timeout = "15 min";
checkpoint_completion_target = 0.9;
max_wal_size = "1024 MB";
min_wal_size = "512 MB";
# WAL writing
wal_compression = "on";
wal_buffers = -1;
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
wal_keep_size = "3650 MB";
# Background writer
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
# Parallel queries:
max_worker_processes = 20;
max_parallel_workers_per_gather = 10;
max_parallel_maintenance_workers = 10;
max_parallel_workers = 20;
parallel_leader_participation = "on";
# Advanced features
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
max_slot_wal_keep_size = "1000 MB";
track_wal_io_timing = "on";
maintenance_io_concurrency = 100;
wal_recycle = "on";
};
}

5
hosts/cube/forgejo/default.nix
View file

@ -5,7 +5,10 @@
fqdn = "git.${domain}"; fqdn = "git.${domain}";
port = 8001; port = 8001;
in { in {
imports = [(self + /modules/nginx.nix)]; imports = [
(self + /modules/nginx.nix)
(self + /modules/postgresql.nix)
];
secrets.forgejoPasswordRunner = { secrets.forgejoPasswordRunner = {
file = ./password.runner.age; file = ./password.runner.age;

5
hosts/cube/grafana/default.nix
View file

@ -5,7 +5,10 @@
fqdn = "metrics.${domain}"; fqdn = "metrics.${domain}";
port = 8000; port = 8000;
in { in {
imports = [(self + /modules/nginx.nix)]; imports = [
(self + /modules/nginx.nix)
(self + /modules/postgresql.nix)
];
secrets.grafanaPassword = { secrets.grafanaPassword = {
file = ./password.age; file = ./password.age;

7
hosts/cube/matrix/default.nix
View file

@ -23,13 +23,18 @@
}; };
}; };
in { in {
imports = [(self + /modules/nginx.nix)]; imports = [
(self + /modules/nginx.nix)
(self + /modules/postgresql.nix)
];
secrets.matrixSecret = { secrets.matrixSecret = {
file = ./password.secret.age; file = ./password.secret.age;
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
services.postgresql.ensure = [ "matrix-synapse" ];
services.restic.backups = genAttrs config.services.restic.hosts <| const { services.restic.backups = genAttrs config.services.restic.hosts <| const {
paths = [ "/var/lib/matrix-synapse" ]; paths = [ "/var/lib/matrix-synapse" ];
}; };

5
hosts/cube/nextcloud/default.nix
View file

@ -6,7 +6,10 @@
packageNextcloud = pkgs.nextcloud30; packageNextcloud = pkgs.nextcloud30;
in { in {
imports = [(self + /modules/nginx.nix)]; imports = [
(self + /modules/nginx.nix)
(self + /modules/postgresql.nix)
];
secrets.nextcloudPassword = { secrets.nextcloudPassword = {
file = ./password.age; file = ./password.age;

65
hosts/cube/postgresql.nix
View file

@ -1,66 +1,8 @@
{ config, lib, pkgs, ... }: let { self, ... }: {
inherit (lib) const enabled flip genAttrs mkForce mkOverride mkValue; imports = [(self + /modules/postgresql.nix)];
in {
config.services.prometheus.exporters.postgres = enabled {
listenAddress = "[::]";
runAsLocalSuperUser = true;
};
config.services.restic.backups = genAttrs config.services.restic.hosts <| const {
paths = [ "/tmp/postgresql-dump.sql.gz" ];
backupPrepareCommand = /* sh */ ''
${config.services.postgresql.package}/bin/pg_dumpall --clean \
| ${lib.getExe pkgs.gzip} --rsyncable \
> /tmp/postgresql-dump.sql.gz
'';
backupCleanupCommand = /* sh */ ''
rm /tmp/postgresql-dump.sql.gz
'';
};
options.services.postgresql.ensure = mkValue [];
config.environment.systemPackages = [
config.services.postgresql.package
];
config.services.postgresql = enabled {
package = pkgs.postgresql_17;
enableJIT = true;
initdbArgs = [ "--locale=C" "--encoding=UTF8" ];
authentication = mkOverride 10 /* ini */ ''
# DATABASE USER AUTHENTICATION
local all all peer
# DATABASE USER ADDRESS AUTHENTICATION
host all all ::/0 md5
'';
ensure = [ "postgres" "root" ];
ensureDatabases = config.services.postgresql.ensure;
ensureUsers = flip map config.services.postgresql.ensure (name: {
inherit name;
ensureDBOwnership = true;
ensureClauses = {
login = true;
superuser = name == "postgres" || name == "root";
};
});
settings = {
listen_addresses = mkForce "::";
# Generated by <https://pgconfigurator.cybertec.at/> # Generated by <https://pgconfigurator.cybertec.at/>
services.postgresql.settings = {
# Connectivity # Connectivity
max_connections = 20; max_connections = 20;
superuser_reserved_connections = 3; superuser_reserved_connections = 3;
@ -118,5 +60,4 @@ in {
maintenance_io_concurrency = 1; maintenance_io_concurrency = 1;
wal_recycle = "on"; wal_recycle = "on";
}; };
};
} }

61
modules/postgresql.nix Normal file
View file

@ -0,0 +1,61 @@
{ config, lib, pkgs, ... }: let
inherit (lib) const enabled flip genAttrs mkForce mkOverride mkValue;
in {
config.services.prometheus.exporters.postgres = enabled {
listenAddress = "[::]";
runAsLocalSuperUser = true;
};
config.services.restic.backups = genAttrs config.services.restic.hosts <| const {
paths = [ "/tmp/postgresql-dump.sql.gz" ];
backupPrepareCommand = /* sh */ ''
${config.services.postgresql.package}/bin/pg_dumpall --clean \
| ${lib.getExe pkgs.gzip} --rsyncable \
> /tmp/postgresql-dump.sql.gz
'';
backupCleanupCommand = /* sh */ ''
rm /tmp/postgresql-dump.sql.gz
'';
};
config.environment.systemPackages = [
config.services.postgresql.package
];
options.services.postgresql.ensure = mkValue [];
config.services.postgresql = enabled {
package = pkgs.postgresql_17;
enableJIT = true;
enableTCPIP = true; # We override it, but might as well.
settings.listen_addresses = mkForce "::";
authentication = mkOverride 10 /* ini */ ''
# DATABASE USER AUTHENTICATION
local all all peer
# DATABASE USER ADDRESS AUTHENTICATION
host all all ::/0 md5
'';
ensure = [ "postgres" "root" ];
initdbArgs = [ "--locale=C" "--encoding=UTF8" ];
ensureDatabases = config.services.postgresql.ensure;
ensureUsers = flip map config.services.postgresql.ensure (name: {
inherit name;
ensureDBOwnership = true;
ensureClauses = {
login = true;
superuser = name == "postgres" || name == "root";
};
});
};
}