systems/koumakan/services/databases/postgresql.nix at refactor/move-global-system-config · soopy.moe/gensokyo

soopy.moe / gensokyo

nixos config

gensokyo / systems / koumakan / services / databases / postgresql.nix

at refactor/move-global-system-config 1.2 kB view raw

 1{pkgs, ...}: {
 2  services.postgresql = {
 3    enable = true;
 4
 5    package = pkgs.postgresql_15;
 6    dataDir = "/var/lib/postgresql/15";
 7    logLinePrefix = "%m [%p] %h ";
 8
 9    authentication = ''
10      # unix socket connection
11      local   all             all                                     peer
12      # local ipv4/6 tcp connection
13      host    all             all             127.0.0.1/32            scram-sha-256
14      host    all             all             ::1/128                 scram-sha-256
15      # world (encrypted) tcp traffic
16      hostssl all             all             all                     scram-sha-256
17    '';
18
19    settings = let
20      credsDir = "/run/credentials/postgresql.service";
21    in {
22      listen_addresses = pkgs.lib.mkForce "*";
23      max_connections = 200;
24      password_encryption = "scram-sha-256";
25
26      ssl = "on";
27      ssl_cert_file = "${credsDir}/cert.pem";
28      ssl_key_file = "${credsDir}/key.pem";
29
30      log_hostname = true;
31      datestyle = "iso, dmy";
32      log_timezone = "Asia/Hong_Kong";
33      timezone = "Asia/Hong_Kong";
34      default_text_search_config = "pc_catalog.english";
35
36      max_wal_size = "2GB";
37      min_wal_size = "80MB";
38    };
39  };
40}