arashi: init postgres + redis

hosts/arashi/default.nix

@@ -1,6 +1,7 @@
 {...}: {
   imports = [
     ./hardware-configuration.nix
+    ./services
     ../../modules
   ];
 

hosts/arashi/hardware-configuration.nix

@@ -1,7 +1,5 @@
 {
-  config,
   lib,
-  pkgs,
   modulesPath,
   ...
 }: {
@@ -19,6 +17,11 @@
     fsType = "ext4";
   };
 
+  fileSystems."/nas" = {
+    device = "192.168.1.71:/volume1/arashi";
+    fsType = "nfs";
+  };
+
   swapDevices = [
     {device = "/dev/disk/by-uuid/e9eb4b6a-e9a1-4616-8c82-349d2f38d140";}
   ];

hosts/arashi/services/default.nix

@@ -1,5 +1,5 @@
 _: {
   imports = [
-    ./traefik.nix
+    ./postgresql.nix
   ];
 }

hosts/arashi/services/postgresql.nix

@@ -0,0 +1,41 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  networking.firewall.allowedTCPPorts = [5432];
+  services.postgresql = {
+    enable = true;
+    enableTCPIP = true;
+    package = pkgs.postgresql_14;
+    port = 5432;
+    settings = {
+      listen_addresses = lib.mkForce "*";
+    };
+    authentication = ''
+      local all all trust
+      host replication all 127.0.0.1/32 trust
+      host all all all trust
+    '';
+    ensureUsers = [
+      {
+        name = "postgres";
+        ensurePermissions = {
+          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
+        };
+      }
+      {
+        name = "hedgedoc";
+        ensurePermissions."DATABASE hedgedoc" = "ALL PRIVILEGES";
+      }
+      {
+        name = "forgejo";
+        ensurePermissions."DATABASE forgejo" = "ALL PRIVILEGES";
+      }
+    ];
+    ensureDatabases = [
+      "forgejo"
+      "hedgedoc"
+    ];
+  };
+}