cyper-rpi/hosts/cyper-pi-1/postgres.nix

{
  pkgs,
  ...
}:

{
  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_15;
    enableTCPIP = true;

    # Initial database setup
    initialScript = pkgs.writeText "backend-init-script" ''
      CREATE USER postgres WITH SUPERUSER PASSWORD 'postgres';
    '';

    # Raspberry Pi 4 optimized settings (2GB RAM assumed)
    settings = {
      # Should match firewall
      port = 5432;

      # Memory settings (RPi 4 has limited RAM)
      shared_buffers = "128MB";
      effective_cache_size = "512MB";
      maintenance_work_mem = "32MB";
      work_mem = "2MB";
      wal_buffers = "4MB";

      # Connection settings
      max_connections = 20;

      # Performance tuning for ARM/RPi
      random_page_cost = 2.0;
      effective_io_concurrency = 100;

      # WAL settings (conservative for SD card)
      wal_level = "replica";
      checkpoint_timeout = "15min";
      checkpoint_completion_target = 0.7;
      min_wal_size = "1GB";
      max_wal_size = "4GB";

      # Query planning
      default_statistics_target = 50;

      # Logging
      log_min_duration_statement = 1000;
      log_duration = false;

      # ARM/RPi specific
      cpu_index_tuple_cost = 0.1;
      cpu_operator_cost = 0.05;
    };

    authentication = ''
      local	all			all								trust
      host	all			all			127.0.0.1/32		md5
      host	all			all			::1/128				md5
      host	all			all			192.168.2.0/24		md5
    '';
  };

  # Enable the PostgreSQL service to start on boot
  systemd.services = {
    postgresql.wantedBy = [ "multi-user.target" ];

    postgrest = {
      description = "PostgREST - PostgreSQL REST API";
      after = [
        "postgresql.service"
        "network.target"
      ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        Type = "simple";
        ExecStart = "${pkgs.postgrest}/bin/postgrest /etc/postgrest/postgrest.conf";
        User = "postgrest";
        Restart = "on-failure";
        RestartSec = 5;
      };
    };
  };

  users = {
    users.postgrest = {
      isSystemUser = true;
      group = "postgrest";
    };
    groups.postgrest = { };
  };

  # PostgREST configuration file
  environment = {
    etc."postgrest/postgrest.conf".text = ''
      db-uri = "postgres://postgres:postgres@localhost:5432/postgres"
      db-schema = "public"
      db-anon-role = "web_anon"
      server-host = "0.0.0.0"
      server-port = 3000
      jwt-secret = "no7WwM0xJa/Yzn5o4IZHG4oBNSShl4JRPZOcmhvnqFw="
    '';

    systemPackages = with pkgs; [ postgrest ];
  };
  networking.firewall.allowedTCPPorts = [
    5432
    3000
  ];

  # Create mount point for external USB storage (optional, for better performance)
  # Uncomment if using the USB 3 storage we configured earlier
  # systemd.tmpfiles.rules = [
  #   "d /mnt/nix-storage/postgresql 0700 postgres postgres"
  # ];

  # environment.etc."postgresql/postgresql.conf".text = ''
  #   data_directory = '/mnt/nix-storage/postgresql'
  # '';
}