self-hosting/modules/postgresql.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.custom.services.postgresql;
in
{
  options.custom.services.postgresql = {
    enable = lib.mkEnableOption "postgresql";
  };

  config = lib.mkIf cfg.enable {
    services.postgresql = {
      enable = true;
      package = pkgs.postgresql_15;
      enableTCPIP = true;
      identMap = ''
        root_as_others         root                  postgres
        root_as_others         root                  synapse
        root_as_others         root                  nextcloud
        root_as_others         root                  roundcube
        root_as_others         root                  mastodon
        root_as_others         root                  dolibarr
        root_as_others         root                  odoo
      '';
      authentication = ''
        local  all     postgres               peer
        local  all     all                    peer map=root_as_others
        host   all     all     10.0.1.0/24    md5
      '';
    };

    sops.secrets = {
      synapseDbPassword = {
        owner = config.services.postgresql.superUser;
        key = "synapse/db_password";
        restartUnits = [ "postgresql-setup.service" ];
      };
      nextcloudDbPassword = {
        owner = config.services.postgresql.superUser;
        key = "nextcloud/db_password";
        restartUnits = [ "postgresql-setup.service" ];
      };
      roundcubeDbPassword = {
        owner = config.services.postgresql.superUser;
        key = "roundcube/db_password";
        restartUnits = [ "postgresql-setup.service" ];
      };
      mastodonDbPassword = {
        owner = config.services.postgresql.superUser;
        key = "mastodon/db_password";
        restartUnits = [ "postgresql-setup.service" ];
      };
      dolibarrDbPassword = {
        owner = config.services.postgresql.superUser;
        key = "dolibarr/db_password";
        restartUnits = [ "postgresql-setup.service" ];
      };
    };

    systemd.services.postgresql-setup =
      let
        pgsql = config.services.postgresql;
      in
      {
        after = [ "postgresql.service" ];
        bindsTo = [ "postgresql.service" ];
        wantedBy = [ "postgresql.service" ];
        path = [
          pgsql.package
          pkgs.util-linux
        ];
        script = ''
          set -u
          PSQL() {
              psql --port=${toString pgsql.settings.port} "$@"
          }

          PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"'
          PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"'
          PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
          PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "mastodon"'
          PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'dolibarr'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "dolibarr"'
          PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'odoo'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "odoo"'

          PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
          PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
          PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
          PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "mastodon" OWNER "mastodon"'
          PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'dolibarr'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "dolibarr" OWNER "dolibarr"'
          PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'odoo'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "odoo" OWNER "odoo"'

          PSQL -tAc  "ALTER ROLE synapse LOGIN"
          PSQL -tAc  "ALTER ROLE nextcloud LOGIN"
          PSQL -tAc  "ALTER ROLE roundcube LOGIN"
          PSQL -tAc  "ALTER ROLE mastodon LOGIN"
          PSQL -tAc  "ALTER ROLE dolibarr LOGIN"
          PSQL -tAc  "ALTER ROLE odoo LOGIN"

          synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"
          PSQL -tAc  "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"
          nextcloud_password="$(<'${config.sops.secrets.nextcloudDbPassword.path}')"
          PSQL -tAc  "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
          roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')"
          PSQL -tAc  "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
          mastodon_password="$(<'${config.sops.secrets.mastodonDbPassword.path}')"
          PSQL -tAc  "ALTER ROLE mastodon WITH PASSWORD '$mastodon_password'"
          dolibarr_password="$(<'${config.sops.secrets.dolibarrDbPassword.path}')"
          PSQL -tAc  "ALTER ROLE dolibarr WITH PASSWORD '$dolibarr_password'"
          PSQL -tAc  "ALTER ROLE odoo WITH PASSWORD 'odoo'"
        '';

        serviceConfig = {
          User = pgsql.superUser;
          Type = "oneshot";
          RemainAfterExit = true;
        };
      };
  };
}
Add Dolibarr 2024-09-12 15:14:15 +02:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`let`
			`cfg = config.custom.services.postgresql;`
			`in`
			`{`
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`options.custom.services.postgresql = {`
			`enable = lib.mkEnableOption "postgresql";`
Split Nix config in modules 2021-07-15 17:09:32 +02:00			`};`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`config = lib.mkIf cfg.enable {`
			`services.postgresql = {`
			`enable = true;`
			`package = pkgs.postgresql_15;`
			`enableTCPIP = true;`
			`identMap = ''`
			`root_as_others root postgres`
			`root_as_others root synapse`
			`root_as_others root nextcloud`
			`root_as_others root roundcube`
			`root_as_others root mastodon`
Add Dolibarr 2024-09-12 15:14:15 +02:00			`root_as_others root dolibarr`
Add Odoo config 2024-09-20 03:55:11 +02:00			`root_as_others root odoo`
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`'';`
			`authentication = ''`
			`local all postgres peer`
			`local all all peer map=root_as_others`
			`host all all 10.0.1.0/24 md5`
			`'';`
Add Roundcube 2021-12-27 16:39:22 +01:00			`};`
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00
			`sops.secrets = {`
			`synapseDbPassword = {`
			`owner = config.services.postgresql.superUser;`
			`key = "synapse/db_password";`
			`restartUnits = [ "postgresql-setup.service" ];`
			`};`
			`nextcloudDbPassword = {`
			`owner = config.services.postgresql.superUser;`
			`key = "nextcloud/db_password";`
			`restartUnits = [ "postgresql-setup.service" ];`
			`};`
			`roundcubeDbPassword = {`
			`owner = config.services.postgresql.superUser;`
			`key = "roundcube/db_password";`
			`restartUnits = [ "postgresql-setup.service" ];`
			`};`
			`mastodonDbPassword = {`
			`owner = config.services.postgresql.superUser;`
			`key = "mastodon/db_password";`
			`restartUnits = [ "postgresql-setup.service" ];`
			`};`
Add Dolibarr 2024-09-12 15:14:15 +02:00			`dolibarrDbPassword = {`
			`owner = config.services.postgresql.superUser;`
			`key = "dolibarr/db_password";`
			`restartUnits = [ "postgresql-setup.service" ];`
			`};`
Setup Mastodon 2022-12-01 02:31:13 +01:00			`};`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00
Add Dolibarr 2024-09-12 15:14:15 +02:00			`systemd.services.postgresql-setup =`
			`let`
			`pgsql = config.services.postgresql;`
			`in`
			`{`
			`after = [ "postgresql.service" ];`
			`bindsTo = [ "postgresql.service" ];`
			`wantedBy = [ "postgresql.service" ];`
			`path = [`
			`pgsql.package`
			`pkgs.util-linux`
			`];`
			`script = ''`
			`set -u`
			`PSQL() {`
			`psql --port=${toString pgsql.settings.port} "$@"`
			`}`
Add test instance of wiki-js 2022-10-19 07:30:00 +02:00
Add Dolibarr 2024-09-12 15:14:15 +02:00			`PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" \| grep -q 1 \|\| PSQL -tAc 'CREATE ROLE "synapse"'`
			`PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" \| grep -q 1 \|\| PSQL -tAc 'CREATE ROLE "nextcloud"'`
			`PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" \| grep -q 1 \|\| PSQL -tAc 'CREATE ROLE "roundcube"'`
			`PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'mastodon'" \| grep -q 1 \|\| PSQL -tAc 'CREATE ROLE "mastodon"'`
			`PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'dolibarr'" \| grep -q 1 \|\| PSQL -tAc 'CREATE ROLE "dolibarr"'`
Add Odoo config 2024-09-20 03:55:11 +02:00			`PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'odoo'" \| grep -q 1 \|\| PSQL -tAc 'CREATE ROLE "odoo"'`
Add test instance of wiki-js 2022-10-19 07:30:00 +02:00
Add Dolibarr 2024-09-12 15:14:15 +02:00			`PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" \| grep -q 1 \|\| PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'`
			`PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" \| grep -q 1 \|\| PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'`
			`PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" \| grep -q 1 \|\| PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'`
			`PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'mastodon'" \| grep -q 1 \|\| PSQL -tAc 'CREATE DATABASE "mastodon" OWNER "mastodon"'`
			`PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'dolibarr'" \| grep -q 1 \|\| PSQL -tAc 'CREATE DATABASE "dolibarr" OWNER "dolibarr"'`
Add Odoo config 2024-09-20 03:55:11 +02:00			`PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'odoo'" \| grep -q 1 \|\| PSQL -tAc 'CREATE DATABASE "odoo" OWNER "odoo"'`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00
Add Dolibarr 2024-09-12 15:14:15 +02:00			`PSQL -tAc "ALTER ROLE synapse LOGIN"`
			`PSQL -tAc "ALTER ROLE nextcloud LOGIN"`
			`PSQL -tAc "ALTER ROLE roundcube LOGIN"`
			`PSQL -tAc "ALTER ROLE mastodon LOGIN"`
			`PSQL -tAc "ALTER ROLE dolibarr LOGIN"`
Add Odoo config 2024-09-20 03:55:11 +02:00			`PSQL -tAc "ALTER ROLE odoo LOGIN"`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00
Add Dolibarr 2024-09-12 15:14:15 +02:00			`synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"`
			`PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"`
			`nextcloud_password="$(<'${config.sops.secrets.nextcloudDbPassword.path}')"`
			`PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"`
			`roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')"`
			`PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"`
			`mastodon_password="$(<'${config.sops.secrets.mastodonDbPassword.path}')"`
			`PSQL -tAc "ALTER ROLE mastodon WITH PASSWORD '$mastodon_password'"`
			`dolibarr_password="$(<'${config.sops.secrets.dolibarrDbPassword.path}')"`
			`PSQL -tAc "ALTER ROLE dolibarr WITH PASSWORD '$dolibarr_password'"`
Add Odoo config 2024-09-20 03:55:11 +02:00			`PSQL -tAc "ALTER ROLE odoo WITH PASSWORD 'odoo'"`
Add Dolibarr 2024-09-12 15:14:15 +02:00			`'';`
Update PostgreSQL to 15 2023-09-30 02:31:28 +02:00
Add Dolibarr 2024-09-12 15:14:15 +02:00			`serviceConfig = {`
			`User = pgsql.superUser;`
			`Type = "oneshot";`
			`RemainAfterExit = true;`
			`};`
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`};`
Update PostgreSQL to 15 2023-09-30 02:31:28 +02:00			`};`
Reformat nix files 2021-07-15 17:33:31 +02:00			`}`