hosts/plover: modularize PostgreSQL service

2025-02-07 12:19:07 +00:00 · 2023-01-13 15:26:32 +08:00 · 2023-01-13 15:26:32 +08:00 · 02cfaaf362
commit 02cfaaf362
parent a3602f79e4
2 changed files with 52 additions and 44 deletions
--- a/hosts/plover/default.nix
+++ b/hosts/plover/default.nix
@ -20,6 +20,10 @@ in

    ./modules/services/nginx.nix

+    # The database of choice which is used by most self-managed services on
+    # this server.
+    ./modules/services/postgresql.nix
+
    # The application services for this server. They are modularized since
    # configuring it here will make it too big.
    ./modules/services/atuin.nix
@ -105,50 +109,6 @@ in
    type = "ed25519";
  }];

-  # The database service of choice. Most services can use this so far (thankfully).
-  services.postgresql = {
-    enable = true;
-    package = pkgs.postgresql_15;
-    enableTCPIP = true;
-
-    # Create per-user schema as documented from Usage Patterns. This is to make
-    # use of the secure schema usage pattern they encouraged to do.
-    #
-    # Now, you just have to keep in mind about applications making use of them.
-    # Most of them should have the setting to set the schema to be used. If
-    # not, then screw them (or just file an issue and politely ask for the
-    # feature).
-    initialScript =
-      let
-        # This will be run once anyways so it is acceptable to create users
-        # "forcibly".
-        perUserSchemas = lib.lists.map
-          (user: ''
-            CREATE USER ${user.name};
-            CREATE SCHEMA AUTHORIZATION ${user.name};
-          '')
-          config.services.postgresql.ensureUsers;
-      in
-      pkgs.writeText "plover-initial-postgresql-script" ''
-        ${lib.concatStringsSep "\n" perUserSchemas}
-      '';
-
-    settings = {
-      # Still doing the secure schema usage pattern.
-      search_path = "\"$user\"";
-    };
-  };
-
-  # With a database comes a dumping.
-  services.postgresqlBackup = {
-    enable = true;
-    compression = "zstd";
-    compressionLevel = 11;
-
-    # Start at every 3 days starting from the first day of the month.
-    startAt = "*-*-1/3";
-  };
-
  # Of course, what is a server without a backup? A professionally-handled
  # production system. However, we're not professionals so we do have backups.
  services.borgbackup.jobs =
--- a/hosts/plover/modules/services/postgresql.nix
+++ b/hosts/plover/modules/services/postgresql.nix
@ -0,0 +1,48 @@
+# The database service of choice. Most services can use this so far
+# (thankfully).
+{ config, lib, pkgs, ... }:
+
+{
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_15;
+    enableTCPIP = true;
+
+    # Create per-user schema as documented from Usage Patterns. This is to make
+    # use of the secure schema usage pattern they encouraged to do.
+    #
+    # Now, you just have to keep in mind about applications making use of them.
+    # Most of them should have the setting to set the schema to be used. If
+    # not, then screw them (or just file an issue and politely ask for the
+    # feature).
+    initialScript =
+      let
+        # This will be run once anyways so it is acceptable to create users
+        # "forcibly".
+        perUserSchemas = lib.lists.map
+          (user: ''
+            CREATE USER ${user.name};
+            CREATE SCHEMA AUTHORIZATION ${user.name};
+          '')
+          config.services.postgresql.ensureUsers;
+      in
+      pkgs.writeText "plover-initial-postgresql-script" ''
+        ${lib.concatStringsSep "\n" perUserSchemas}
+      '';
+
+    settings = {
+      # Still doing the secure schema usage pattern.
+      search_path = "\"$user\"";
+    };
+  };
+
+  # With a database comes a dumping.
+  services.postgresqlBackup = {
+    enable = true;
+    compression = "zstd";
+    compressionLevel = 11;
+
+    # Start at every 3 days starting from the first day of the month.
+    startAt = "*-*-1/3";
+  };
+}