From 690aee634bd01b17ff24df137bf137df3a39a3d5 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Tue, 27 Jan 2026 20:40:43 +0900
Subject: [PATCH] bicep/postgres: gate remaining config behind `cfg.enable`

---
 hosts/bicep/services/postgres.nix | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/hosts/bicep/services/postgres.nix b/hosts/bicep/services/postgres.nix
index e2bad28..1df8ab4 100644
--- a/hosts/bicep/services/postgres.nix
+++ b/hosts/bicep/services/postgres.nix
@@ -1,4 +1,7 @@
-{ config, pkgs, values, ... }:
+{ config, lib, pkgs, values, ... }:
+let
+  cfg = config.services.postgresql;
+in
 {
   services.postgresql = {
     enable = true;
@@ -74,13 +77,13 @@
     };
   };
 
-  systemd.tmpfiles.settings."10-postgresql"."/data/postgresql".d = {
+  systemd.tmpfiles.settings."10-postgresql"."/data/postgresql".d = lib.mkIf cfg.enable {
     user = config.systemd.services.postgresql.serviceConfig.User;
     group = config.systemd.services.postgresql.serviceConfig.Group;
     mode = "0700";
   };
 
-  systemd.services.postgresql-setup = {
+  systemd.services.postgresql-setup = lib.mkIf cfg.enable {
     after = [
       "systemd-tmpfiles-setup.service"
       "systemd-tmpfiles-resetup.service"
@@ -95,7 +98,7 @@
     };
   };
 
-  systemd.services.postgresql = {
+  systemd.services.postgresql = lib.mkIf cfg.enable {
     after = [
       "systemd-tmpfiles-setup.service"
       "systemd-tmpfiles-resetup.service"
@@ -110,22 +113,22 @@
     };
   };
 
-  environment.snakeoil-certs."/etc/certs/postgres" = {
+  environment.snakeoil-certs."/etc/certs/postgres" = lib.mkIf cfg.enable {
     owner = "postgres";
     group = "postgres";
     subject = "/C=NO/O=Programvareverkstedet/CN=postgres.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no";
   };
 
-  networking.firewall.allowedTCPPorts = [ 5432 ];
-  networking.firewall.allowedUDPPorts = [ 5432 ];
+  networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ 5432 ];
+  networking.firewall.allowedUDPPorts = lib.mkIf cfg.enable [ 5432 ];
 
-  services.postgresqlBackup = {
+  services.postgresqlBackup = lib.mkIf cfg.enable {
     enable = true;
     location = "/var/lib/postgres-backups";
     backupAll = true;
   };
 
-  services.rsync-pull-targets = {
+  services.rsync-pull-targets = lib.mkIf cfg.enable {
     enable = true;
     locations.${config.services.postgresqlBackup.location} = {
       user = "root";