From 5d3d68d0baf3c07d2d0bdb3a52e6d6a12b047c19 Mon Sep 17 00:00:00 2001
From: Danilo Reyes <CaptainJawZ@protonmail.com>
Date: Thu, 18 Sep 2025 19:12:44 -0600
Subject: [PATCH] sonarqube setup

---
 hosts/server/configuration.nix          |  7 ++++--
 hosts/server/hardware-configuration.nix | 32 ++++++++++++++++++++++++-
 modules/servers/postgres.nix            |  3 +++
 3 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index e4ea956..874e9e8 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ pkgs, config, ... }:
 {
   imports = [
     ./hardware-configuration.nix
@@ -14,6 +14,7 @@
         9999 # stash
         8384 # syncthing
         5201 # vps speed test
+        3452 # sonarqube
         config.my.servers.audiobookshelf.port
         config.my.servers.bazarr.port
         config.my.servers.collabora.port
@@ -82,7 +83,9 @@
   users = {
     groups.nixremote.gid = 555;
     users = {
-      # jawz.packages = [ pkgs.stash ];
+      jawz.packages = builtins.attrValues {
+        inherit (pkgs) stash podman-compose;
+      };
       nixremote = {
         isNormalUser = true;
         createHome = true;
diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix
index 23f24c9..3ed1f60 100644
--- a/hosts/server/hardware-configuration.nix
+++ b/hosts/server/hardware-configuration.nix
@@ -5,6 +5,32 @@ in
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
   hardware.cpu.intel.updateMicrocode = lib.mkDefault true;
+  security.pam.loginLimits = [
+    {
+      domain = "*";
+      type = "hard";
+      item = "nofile";
+      value = "131072";
+    }
+    {
+      domain = "*";
+      type = "soft";
+      item = "nofile";
+      value = "131072";
+    }
+    {
+      domain = "*";
+      type = "hard";
+      item = "nproc";
+      value = "8192";
+    }
+    {
+      domain = "*";
+      type = "soft";
+      item = "nproc";
+      value = "8192";
+    }
+  ];
   boot = {
     loader = {
       efi = {
@@ -38,7 +64,11 @@ in
         };
     };
     kernelModules = [ "kvm-intel" ];
-    kernel.sysctl."vm.swappiness" = 80;
+    kernel.sysctl = {
+      "vm.swappiness" = 80;
+      "vm.max_map_count" = 524288;
+      "fs.file-max" = 131072;
+    };
     extraModulePackages = [ ];
     initrd = {
       availableKernelModules = [
diff --git a/modules/servers/postgres.nix b/modules/servers/postgres.nix
index 72cc91d..f863feb 100644
--- a/modules/servers/postgres.nix
+++ b/modules/servers/postgres.nix
@@ -36,6 +36,7 @@ let
     "firefly-iii"
     "matrix-synapse"
     "readeck"
+    "sonarqube"
   ];
 in
 {
@@ -44,6 +45,7 @@ in
     environment.systemPackages = [ upgrade-pg-cluster ];
     services.postgresql = {
       enable = true;
+      enableTCPIP = true;
       ensureDatabases = dbNames;
       package = pkgs.postgresql_17;
       ensureUsers = map (name: {
@@ -54,6 +56,7 @@ in
         local all all              trust
         host  all all ${config.my.localhost}/32 trust
         host  all all ::1/128      trust
+        host  all all 10.88.0.0/16 scram-sha-256
       '';
     };
   };