From d8cd7b6b69255de7285053756e0dd7c0031dbdb6 Mon Sep 17 00:00:00 2001
From: DerGrumpf <p.keier@beyerstedt-it.de>
Date: Thu, 19 Feb 2026 18:43:36 +0100
Subject: [PATCH] Added: Postgrest

---
 hosts/cyper-pi-1/k3s-master.nix |  1 +
 hosts/cyper-pi-1/postgres.nix   | 47 +++++++++++++++++++++++++++++++--
 2 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/hosts/cyper-pi-1/k3s-master.nix b/hosts/cyper-pi-1/k3s-master.nix
index bdf7be0..8305829 100644
--- a/hosts/cyper-pi-1/k3s-master.nix
+++ b/hosts/cyper-pi-1/k3s-master.nix
@@ -34,5 +34,6 @@
 
   environment.systemPackages = with pkgs; [
     kubectl
+    kubernetes-helm
   ];
 }
diff --git a/hosts/cyper-pi-1/postgres.nix b/hosts/cyper-pi-1/postgres.nix
index 83711f4..973fd24 100644
--- a/hosts/cyper-pi-1/postgres.nix
+++ b/hosts/cyper-pi-1/postgres.nix
@@ -61,9 +61,52 @@
   };
 
   # Enable the PostgreSQL service to start on boot
-  systemd.services.postgresql.wantedBy = [ "multi-user.target" ];
+  systemd.services = {
+    postgresql.wantedBy = [ "multi-user.target" ];
 
-  networking.firewall.allowedTCPPorts = [ 5432 ];
+    postgrest = {
+      description = "PostgREST - PostgreSQL REST API";
+      after = [
+        "postgresql.service"
+        "network.target"
+      ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.postgrest}/bin/postgrest /etc/postgrest/postgrest.conf";
+        User = "postgrest";
+        Restart = "on-failure";
+        RestartSec = 5;
+      };
+    };
+  };
+
+  users = {
+    users.postgrest = {
+      isSystemUser = true;
+      group = "postgrest";
+    };
+    groups.postgrest = { };
+  };
+
+  # PostgREST configuration file
+  environment = {
+    etc."postgrest/postgrest.conf".text = ''
+      db-uri = "postgres://postgres:postgres@localhost:5432/postgres"
+      db-schema = "public"
+      db-anon-role = "web_anon"
+      server-host = "0.0.0.0"
+      server-port = 3000
+      jwt-secret = "no7WwM0xJa/Yzn5o4IZHG4oBNSShl4JRPZOcmhvnqFw="
+    '';
+
+    systemPackages = with pkgs; [ postgrest ];
+  };
+  networking.firewall.allowedTCPPorts = [
+    5432
+    3000
+  ];
 
   # Create mount point for external USB storage (optional, for better performance)
   # Uncomment if using the USB 3 storage we configured earlier