forest/roles/postgres.nix

45 lines
1.4 KiB
Nix
Raw Normal View History

2024-05-26 12:51:51 +00:00
{ config, pkgs, ... }: {
services.postgresql = {
enable = true;
2024-06-04 10:58:25 +00:00
package = pkgs.postgresql_14;
settings = {
max_connections = 200;
shared_buffers = "768MB";
effective_cache_size = "2304MB";
maintenance_work_mem = "192MB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 4;
effective_io_concurrency = 2;
work_mem = "1966kB";
huge_pages = false;
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 4;
max_parallel_workers_per_gather = 2;
max_parallel_workers = 4;
max_parallel_maintenance_workers = 2;
};
2024-05-26 12:51:51 +00:00
ensureDatabases = [ "shorks-gay" ];
enableTCPIP = true;
dataDir = pkgs.lib.mkIf (config.networking.hostName == "lea") "/data/postgresql/${config.services.postgresql.package.psqlSchema}";
2024-05-26 12:51:51 +00:00
authentication = pkgs.lib.mkOverride 10 ''
2024-06-04 10:58:25 +00:00
#type database DBuser auth-method
local all all peer
#type database DBuser origin-address auth-method
2024-05-26 12:51:51 +00:00
# ipv4
2024-06-04 10:58:25 +00:00
host all all 127.0.0.1/32 scram-sha-256
host all all 100.64.0.0/10 scram-sha-256
2024-07-07 23:11:06 +00:00
host all all 10.0.0.0/8 scram-sha-256
2024-05-26 12:51:51 +00:00
# ipv6
2024-06-04 10:58:25 +00:00
host all all ::1/128 scram-sha-256
2024-05-26 12:51:51 +00:00
'';
};
services.prometheus.exporters.postgres = {
enable = true;
runAsLocalSuperUser = true;
};
2024-05-26 12:51:51 +00:00
}