cyper-rpi/hosts/cyper-pi-1/postgrest.nix

{
  pkgs,
  ...
}:

{
  # PostgREST service
  systemd.services.postgrest = {
    description = "PostgREST - PostgreSQL REST API";
    after = [
      "postgresql.service"
      "network.target"
    ];
    wantedBy = [ "multi-user.target" ];

    serviceConfig = {
      Type = "simple";
      ExecStart = "${pkgs.postgrest}/bin/postgrest /etc/postgrest/postgrest.conf";
      User = "postgrest";
      Restart = "on-failure";
      RestartSec = 5;
    };
  };

  # Create postgrest user
  users.users.postgrest = {
    isSystemUser = true;
    group = "postgrest";
  };

  users.groups.postgrest = { };

  # PostgREST configuration file
  environment.etc."postgrest/postgrest.conf".text = ''
    db-uri = "postgres://postgres:postgres@127.0.0.1:5432/postgres"
    db-schema = "public"
    db-anon-role = "web_anon"
    server-host = "0.0.0.0"
    server-port = 3000
    jwt-secret = "no7WwM0xJa/Yzn5o4IZHG4oBNSShl4JRPZOcmhvnqFw="
  '';

  # Open firewall port for PostgREST
  networking.firewall.allowedTCPPorts = [ 3000 ];

  # Include postgrest in system packages
  environment.systemPackages = with pkgs; [
    postgrest
  ];
}