soopy.moe / gensokyo
nixos config
fork atom

feat: finish postgresql configuration

Cassie Cheung 40a4d213 d1b3df42

options
unified split
Changed files
+37 -1
systems
koumakan
services
postgresql.nix
+37 -1
systems/koumakan/services/postgresql.nix 
···

       
1

       
1

       
 

       
{ pkgs, ... }:


     

       
2

       
2

       
 

       



     

       
3

       

       
-

       
{


     

       

       
3

       
+

       
let


     

       

       
4

       
+

       
  acmeRoot = "/var/lib/acme/phant.soopy.moe";


     

       

       
5

       
+

       
in {


     

       
4

       
6

       
 

       
  services.postgresql = {


     

       
5

       
7

       
 

       
    enable = true;


     

       
6

       
8

       
 

       



     

       
7

       
9

       
 

       
    package = pkgs.postgresql_15;


     

       
8

       
10

       
 

       
    dataDir = "/var/lib/postgresql/15";


     

       

       
11

       
+

       
    logLinePrefix = "%m [%p] %h ";  # bollocks to that


     

       

       
12

       
+

       



     

       

       
13

       
+

       
    authentication = ''


     

       

       
14

       
+

       
      # unix socket connection


     

       

       
15

       
+

       
      local   all             all                                     trust


     

       

       
16

       
+

       
      # local ipv4/6 tcp connection


     

       

       
17

       
+

       
      host    all             all             127.0.0.1/32            scram-sha-256


     

       

       
18

       
+

       
      host    all             all             ::1/128                 scram-sha-256


     

       

       
19

       
+

       
      # world (encrypted) tcp traffic


     

       

       
20

       
+

       
      hostssl all             all             all                     scram-sha-256


     

       

       
21

       
+

       
    '';


     

       

       
22

       
+

       



     

       

       
23

       
+

       
    settings = {


     

       

       
24

       
+

       
      listen_addresses = pkgs.lib.mkForce "*";


     

       

       
25

       
+

       
      max_connections = 200;


     

       

       
26

       
+

       
      password_encryption = "scram-sha-256";


     

       

       
27

       
+

       



     

       

       
28

       
+

       
      ssl = "on";


     

       

       
29

       
+

       
      ssl_cert_file = "${acmeRoot}/cert.pem";


     

       

       
30

       
+

       
      ssl_key_file = "${acmeRoot}/key.pem";


     

       

       
31

       
+

       



     

       

       
32

       
+

       
      log_hostname = true;


     

       

       
33

       
+

       
      datestyle = "iso, dmy";


     

       

       
34

       
+

       
      log_timezone = "Asia/Hong_Kong";


     

       

       
35

       
+

       
      timezone = "Asia/Hong_Kong";


     

       

       
36

       
+

       
      lc_messages = "en_US.UTF-8";


     

       

       
37

       
+

       
      lc_monetary = "en_US.UTF-8";


     

       

       
38

       
+

       
      lc_numeric = "en_US.UTF-8";


     

       

       
39

       
+

       
      lc_time = "en_HK.UTF-8";


     

       

       
40

       
+

       
      default_text_search_config = "pc_catalog.english";


     

       

       
41

       
+

       



     

       

       
42

       
+

       
      max_wal_size = "2G";


     

       

       
43

       
+

       
      min_wal_size = "80MB";


     

       

       
44

       
+

       
    };


     

       
9

       
45

       
 

       
  };


     

       
10

       
46

       
 

       
}