DerGrumpf/cyper-rpi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
cyper-rpi/hosts/cyper-pi-1/postgres.nix

86 lines
2.2 KiB
Nix
Raw Permalink Blame History

{
pkgs,
...
}:
{
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
enableTCPIP = true;
# Initial database setup
initialScript = pkgs.writeText "backend-init-script" ''
CREATE USER postgres WITH SUPERUSER PASSWORD 'postgres';
-- Create web_anon role for PostgREST
CREATE ROLE web_anon NOLOGIN;
GRANT USAGE ON SCHEMA public TO web_anon;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO web_anon;
-- Create example users table
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
name VARCHAR(255),
email VARCHAR(255),
created_at TIMESTAMP DEFAULT NOW()
);
-- Grant permissions
GRANT SELECT, INSERT, UPDATE, DELETE ON users TO web_anon;
GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO web_anon;
'';
# Raspberry Pi 4 optimized settings (2GB RAM assumed)
settings = {
# Should match firewall
port = 5432;
# Memory settings (RPi 4 has limited RAM)
shared_buffers = "128MB";
effective_cache_size = "512MB";
maintenance_work_mem = "32MB";
work_mem = "2MB";
wal_buffers = "4MB";
# Connection settings
max_connections = 20;
# Performance tuning for ARM/RPi
random_page_cost = 2.0;
effective_io_concurrency = 100;
# WAL settings (conservative for SD card)
wal_level = "replica";
checkpoint_timeout = "15min";
checkpoint_completion_target = 0.7;
min_wal_size = "1GB";
max_wal_size = "4GB";
# Query planning
default_statistics_target = 50;
# Logging
log_min_duration_statement = 1000;
log_duration = false;
# ARM/RPi specific
cpu_index_tuple_cost = 0.1;
cpu_operator_cost = 0.05;
};
authentication = ''
local all all trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
host all all 192.168.2.0/24 md5
'';
};
# Enable the PostgreSQL service to start on boot
systemd.services.postgresql.wantedBy = [ "multi-user.target" ];
# Open firewall port for PostgreSQL
networking.firewall.allowedTCPPorts = [ 5432 ];
}
Reference in New Issue View Git Blame Copy Permalink