qenya/nixfiles
1
0
Fork 0
Code Issues 5 Pull requests Actions Activity

orm: install postgres

Browse source
This commit is contained in:
Katherina Walshe-Grey 2025-03-07 22:02:34 +00:00
parent 9760d4d3bc
commit 789324923b
1 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
hosts/orm/default.nix
View file

@ -25,6 +25,7 @@
randomcat.services.zfs.datasets = { randomcat.services.zfs.datasets = {
"rpool_orm/state" = { mountpoint = "none"; }; "rpool_orm/state" = { mountpoint = "none"; };
"rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; }; "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; };
"rpool_orm/state/postgresql" = { mountpoint = "/var/lib/postgresql"; };
}; };
services.sanoid.datasets."rpool_orm/state" = { services.sanoid.datasets."rpool_orm/state" = {
@ -33,6 +34,27 @@
process_children_only = true; process_children_only = true;
}; };
services.postgresql = {
enable = true;
package = pkgs.postgresql_17;
dataDir = "/var/lib/postgresql/17";
# managing imperatively instead of using ensureDatabases/ensureUsers
enableTCPIP = true;
settings = {
port = 5432;
ssl = true;
};
# only allow remote connections from within birdsong vpn
# TODO: don't hardcode the IP addresses
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
host sameuser all 10.127.0.0/16 scram-sha-256
host sameuser all fd70:81ca:f8f::/48 scram-sha-256
'';
};
networking.firewall.interfaces."wg-birdsong".allowedTCPPorts = [ 5432 ];
qenya.services.actual.enable = true; qenya.services.actual.enable = true;
system.stateVersion = "23.11"; system.stateVersion = "23.11";