WIP: rewrite config #618
2 changed files with 44 additions and 0 deletions
30
services/postgresql/default.nix
Normal file
30
services/postgresql/default.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
./pgbouncer.nix
|
||||
];
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
enableJIT = true;
|
||||
enableTCPIP = true;
|
||||
package = pkgs.postgresql_17_jit;
|
||||
authentication = lib.mkForce ''
|
||||
local all all trust
|
||||
host all all 127.0.0.1 scram-sha-256
|
||||
'';
|
||||
};
|
||||
services.postgresqlBackup = {
|
||||
compression = "zstd";
|
||||
compressionLevel = 19;
|
||||
enable = true;
|
||||
};
|
||||
environment.persistence."/persistent".directories = [
|
||||
"${config.postgresql.dataDir}"
|
||||
"${config.postgresqlLocation.location}"
|
||||
];
|
||||
}
|
14
services/postgresql/pgbouncer.nix
Normal file
14
services/postgresql/pgbouncer.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.pgbouncer = {
|
||||
enable = true;
|
||||
settings = {
|
||||
pgbouncer = {
|
||||
listen_addr = "localhost";
|
||||
auth_type = "scram-sha-256";
|
||||
auth_file = config.sops.secrets."services/pgbouncer/settings/pgbouncer/auth".path;
|
||||
};
|
||||
};
|
||||
};
|
||||
sops.secrets."services/pgbouncer/settings/pgbouncer/auth".sopsFile = ./${config.networking.hostName}.yaml;
|
||||
}
|
Loading…
Reference in a new issue