Added: Routes for learnlytics

2026-02-25 11:54:11 +01:00
parent 6c842d4793
commit b204c1d133
4 changed files with 150 additions and 43 deletions
--- a/hosts/cyper-pi-1/postgres.nix
+++ b/hosts/cyper-pi-1/postgres.nix
@@ -2,84 +2,62 @@
  pkgs,
  ...
 }:
-
 {
  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_15;
    enableTCPIP = true;

-    # Initial database setup
-    initialScript = pkgs.writeText "backend-init-script" ''
-      CREATE USER postgres WITH SUPERUSER PASSWORD 'postgres';
+    extraPlugins = with pkgs.postgresql15Packages; [
+      pgjwt
+    ];

-      -- Create web_anon role for PostgREST
-      CREATE ROLE web_anon NOLOGIN;
-      GRANT USAGE ON SCHEMA public TO web_anon;
-      GRANT SELECT ON ALL TABLES IN SCHEMA public TO web_anon;
+    initialScript = /etc/learnlytics/init.sql;

-      -- Create example users table
-      CREATE TABLE IF NOT EXISTS users (
-        id SERIAL PRIMARY KEY,
-        name VARCHAR(255),
-        email VARCHAR(255),
-        created_at TIMESTAMP DEFAULT NOW()
-      );
-
-      -- Grant permissions
-      GRANT SELECT, INSERT, UPDATE, DELETE ON users TO web_anon;
-      GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO web_anon;
-    '';
-
-    # Raspberry Pi 4 optimized settings (2GB RAM assumed)
    settings = {
-      # Should match firewall
      port = 5432;
-
-      # Memory settings (RPi 4 has limited RAM)
      shared_buffers = "128MB";
      effective_cache_size = "512MB";
      maintenance_work_mem = "32MB";
      work_mem = "2MB";
      wal_buffers = "4MB";
-
-      # Connection settings
      max_connections = 20;
-
-      # Performance tuning for ARM/RPi
      random_page_cost = 2.0;
      effective_io_concurrency = 100;
-
-      # WAL settings (conservative for SD card)
      wal_level = "replica";
      checkpoint_timeout = "15min";
      checkpoint_completion_target = 0.7;
      min_wal_size = "1GB";
      max_wal_size = "4GB";
-
-      # Query planning
      default_statistics_target = 50;
-
-      # Logging
      log_min_duration_statement = 1000;
      log_duration = false;
-
-      # ARM/RPi specific
      cpu_index_tuple_cost = 0.1;
      cpu_operator_cost = 0.05;
    };

    authentication = ''
-      local	all			all								trust
-      host	all			all			127.0.0.1/32		md5
-      host	all			all			::1/128				md5
-      host	all			all			192.168.2.0/24		md5
+      local all all                     trust
+      host  all all 127.0.0.1/32        md5
+      host  all all ::1/128             md5
+      host  all all 192.168.2.0/24      md5
    '';
  };

-  # Enable the PostgreSQL service to start on boot
  systemd.services.postgresql.wantedBy = [ "multi-user.target" ];

-  # Open firewall port for PostgreSQL
+  systemd.services.learnlytics-auth-migration = {
+    description = "Learnlytics auth schema migration";
+    after = [ "postgresql.service" ];
+    wants = [ "postgresql.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      User = "postgres";
+      ExecStart = "${pkgs.postgresql_15}/bin/psql -U postgres -f /etc/learnlytics/auth-migration.sql";
+    };
+  };
+
  networking.firewall.allowedTCPPorts = [ 5432 ];
 }