66 lines
1.7 KiB
Nix
66 lines
1.7 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.my.servers.postgres;
|
|
# upgrade here first, then below.
|
|
upgrade-pg-cluster =
|
|
let
|
|
newPostgres = pkgs.postgresql_17.withPackages (_pp: [ ]);
|
|
in
|
|
pkgs.writeScriptBin "upgrade-pg-cluster" ''
|
|
set -eux
|
|
systemctl stop postgresql
|
|
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
|
|
export NEWBIN="${newPostgres}/bin"
|
|
export OLDDATA="${config.services.postgresql.dataDir}"
|
|
export OLDBIN="${config.services.postgresql.package}/bin"
|
|
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
|
|
cd "$NEWDATA"
|
|
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
|
|
sudo -u postgres $NEWBIN/pg_upgrade \
|
|
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
|
|
--old-bindir $OLDBIN --new-bindir $NEWBIN \
|
|
"$@"
|
|
'';
|
|
dbNames = [
|
|
"jawz"
|
|
"paperless"
|
|
"nextcloud"
|
|
"ryot"
|
|
"vaultwarden"
|
|
"shiori"
|
|
"mealie"
|
|
"firefly-iii"
|
|
"matrix-synapse"
|
|
"readeck"
|
|
"sonarqube"
|
|
"gitea"
|
|
];
|
|
in
|
|
{
|
|
options.my.servers.postgres.enable = lib.mkEnableOption "PostgreSQL database server";
|
|
config = lib.mkIf cfg.enable {
|
|
environment.systemPackages = [ upgrade-pg-cluster ];
|
|
services.postgresql = {
|
|
inherit (cfg) enable;
|
|
enableTCPIP = true;
|
|
ensureDatabases = dbNames;
|
|
package = pkgs.postgresql_17;
|
|
ensureUsers = map (name: {
|
|
inherit name;
|
|
ensureDBOwnership = true;
|
|
}) dbNames;
|
|
authentication = pkgs.lib.mkOverride 10 ''
|
|
local all all trust
|
|
host all all ${config.my.localhost}/32 trust
|
|
host all all ::1/128 trust
|
|
host all all 10.88.0.0/16 scram-sha-256
|
|
'';
|
|
};
|
|
};
|
|
}
|