felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2025-12-22 17:27:14 +01:00
Code Issues Projects Releases Wiki Activity

bicep/postgres: bindmount datadir

Browse Source
This commit is contained in:
h7x4
2025-12-22 13:18:10 +09:00
parent a619125dcb
commit b0a49f87d5
1 changed files with 33 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
hosts/bicep/services/postgres.nix
View File

@@ -5,8 +5,6 @@
package = pkgs.postgresql_15;
enableTCPIP = true;
dataDir = "/data/postgresql";
authentication = ''
host all all ${values.ipv4-space} md5
host all all ${values.ipv6-space} md5
@@ -76,11 +74,40 @@
};
};
systemd.services.postgresql.serviceConfig = {
systemd.tmpfiles.settings."10-postgresql"."/data/postgresql".d = {
user = config.systemd.services.postgresql.serviceConfig.User;
group = config.systemd.services.postgresql.serviceConfig.Group;
mode = "0700";
};
systemd.services.postgresql-setup = {
after = [
"systemd-tmpfiles-setup.service"
"systemd-tmpfiles-resetup.service"
];
serviceConfig = {
LoadCredential = [
"cert:/etc/certs/postgres.crt"
"key:/etc/certs/postgres.key"
];
BindPaths = [ "/data/postgresql:/var/lib/postgresql" ];
};
};
systemd.services.postgresql = {
after = [
"systemd-tmpfiles-setup.service"
"systemd-tmpfiles-resetup.service"
];
serviceConfig = {
LoadCredential = [
"cert:/etc/certs/postgres.crt"
"key:/etc/certs/postgres.key"
];
BindPaths = [ "/data/postgresql:/var/lib/postgresql" ];
};
};
environment.snakeoil-certs."/etc/certs/postgres" = {