felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-04 09:10:01 +01:00
Code Issues Projects Releases Wiki Activity

bicep/postgres: gate remaining config behind cfg.enable

Browse Source
This commit is contained in:
h7x4
2026-01-27 20:40:43 +09:00
parent 2ed1c83858
commit 690aee634b
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
hosts/bicep/services/postgres.nix
View File

@@ -1,4 +1,7 @@
{ config, pkgs, values, ... }: { config, lib, pkgs, values, ... }:
let
cfg = config.services.postgresql;
in
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@@ -74,13 +77,13 @@
}; };
}; };
systemd.tmpfiles.settings."10-postgresql"."/data/postgresql".d = { systemd.tmpfiles.settings."10-postgresql"."/data/postgresql".d = lib.mkIf cfg.enable {
user = config.systemd.services.postgresql.serviceConfig.User; user = config.systemd.services.postgresql.serviceConfig.User;
group = config.systemd.services.postgresql.serviceConfig.Group; group = config.systemd.services.postgresql.serviceConfig.Group;
mode = "0700"; mode = "0700";
}; };
systemd.services.postgresql-setup = { systemd.services.postgresql-setup = lib.mkIf cfg.enable {
after = [ after = [
"systemd-tmpfiles-setup.service" "systemd-tmpfiles-setup.service"
"systemd-tmpfiles-resetup.service" "systemd-tmpfiles-resetup.service"
@@ -95,7 +98,7 @@
}; };
}; };
systemd.services.postgresql = { systemd.services.postgresql = lib.mkIf cfg.enable {
after = [ after = [
"systemd-tmpfiles-setup.service" "systemd-tmpfiles-setup.service"
"systemd-tmpfiles-resetup.service" "systemd-tmpfiles-resetup.service"
@@ -110,22 +113,22 @@
}; };
}; };
environment.snakeoil-certs."/etc/certs/postgres" = { environment.snakeoil-certs."/etc/certs/postgres" = lib.mkIf cfg.enable {
owner = "postgres"; owner = "postgres";
group = "postgres"; group = "postgres";
subject = "/C=NO/O=Programvareverkstedet/CN=postgres.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no"; subject = "/C=NO/O=Programvareverkstedet/CN=postgres.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no";
}; };
networking.firewall.allowedTCPPorts = [ 5432 ]; networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ 5432 ];
networking.firewall.allowedUDPPorts = [ 5432 ]; networking.firewall.allowedUDPPorts = lib.mkIf cfg.enable [ 5432 ];
services.postgresqlBackup = { services.postgresqlBackup = lib.mkIf cfg.enable {
enable = true; enable = true;
location = "/var/lib/postgres-backups"; location = "/var/lib/postgres-backups";
backupAll = true; backupAll = true;
}; };
services.rsync-pull-targets = { services.rsync-pull-targets = lib.mkIf cfg.enable {
enable = true; enable = true;
locations.${config.services.postgresqlBackup.location} = { locations.${config.services.postgresqlBackup.location} = {
user = "root"; user = "root";