mirror of
https://github.com/kmein/niveum
synced 2026-03-16 18:21:07 +01:00
Kierán Meinhardt
d03c6bb0de
feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo
59 lines
1.2 KiB
Nix
59 lines
1.2 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
inherit (import ../../lib) tmpfilesConfig;
|
|
in {
|
|
services.postgresql = {
|
|
enable = true;
|
|
dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
|
|
ensureDatabases = ["atuin"];
|
|
ensureUsers = [
|
|
{
|
|
name = "atuin";
|
|
ensurePermissions."DATABASE atuin" = "ALL PRIVILEGES";
|
|
}
|
|
];
|
|
};
|
|
|
|
services.postgresqlBackup = {
|
|
enable = true;
|
|
databases = ["atuin"];
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
(tmpfilesConfig {
|
|
type = "d";
|
|
path = "/var/state/postgresql";
|
|
mode = "0700";
|
|
user = "postgres";
|
|
group = "postgres";
|
|
})
|
|
];
|
|
|
|
users.groups.atuin = {};
|
|
users.users.atuin = {
|
|
isSystemUser = true;
|
|
group = "atuin";
|
|
home = "/run/atuin";
|
|
createHome = true;
|
|
};
|
|
|
|
systemd.services.atuin = {
|
|
wantedBy = ["multi-user.target"];
|
|
environment = {
|
|
ATUIN_HOST = "0.0.0.0";
|
|
ATUIN_PORT = "8888";
|
|
ATUIN_OPEN_REGISTRATION = "true";
|
|
ATUIN_DB_URI = "postgres:///atuin";
|
|
};
|
|
serviceConfig = {
|
|
User = "atuin";
|
|
ExecStart = "${pkgs.atuin}/bin/atuin server start";
|
|
Restart = "on-failure";
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [8888];
|
|
}
|