feat(ops/nevsky): run postgresql server r/9157

All the postgres-dependent services are going to migrate here. Change-Id: Ie2a25395f6fe6e3c9f7a45f21cf90c635e208cdd Reviewed-on: https://cl.tvl.fyi/c/depot/+/13070 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
author: Vincent Ambo <mail@tazj.in> 2025-02-01T20·08+0300
committer: tazjin <mail@tazj.in> 2025-02-02T14·18+0000
commit: cf919a02b23733f7c831907bb301f416936b19aa (patch)
tree: d6dee1aa09837b4a6add5400238aee83efae0d30
parent: 234a324bb64cbfcf5e5085eade5f5b01f3250af8 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/ops/machines/nevsky/default.nix b/ops/machines/nevsky/default.nix
index 5be3b809dff6..099f7e02b35e 100644
--- a/ops/machines/nevsky/default.nix
+++ b/ops/machines/nevsky/default.nix
@@ -217,6 +217,29 @@ in
 
   services.fwupd.enable = true;
 
+  services.postgresql = {
+    enable = true;
+    enableTCPIP = true;
+    package = pkgs.postgresql_16;
+
+    authentication = lib.mkForce ''
+      local all all trust
+      host all all 127.0.0.1/32 password
+      host all all ::1/128 password
+      hostnossl all all 127.0.0.1/32 password
+      hostnossl all all ::1/128  password
+    '';
+
+    ensureDatabases = [
+      "panettone"
+    ];
+
+    ensureUsers = [{
+      name = "panettone";
+      ensureDBOwnership = true;
+    }];
+  };
+
   # Join TVL Tailscale network at net.tvl.fyi
   services.tailscale = {
     enable = true;
author	Vincent Ambo <mail@tazj.in>	2025-02-01T20·08+0300
committer	tazjin <mail@tazj.in>	2025-02-02T14·18+0000
commit	cf919a02b23733f7c831907bb301f416936b19aa (patch)
tree	d6dee1aa09837b4a6add5400238aee83efae0d30
parent	234a324bb64cbfcf5e5085eade5f5b01f3250af8 (diff)