setting up postgres

.vscode/settings.json

@@ -74,6 +74,7 @@
     "hwloc",
     "hyprland",
     "hyprwm",
+    "INITDB",
     "iperf",
     "jmgilman",
     "jnoortheen",

systems/jeeves/configuration.nix

@@ -143,5 +143,10 @@
     };
   };
 
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets."zfs/postgres_key".owner = "root";
+  };
+
   system.stateVersion = "23.11";
 }

systems/jeeves/docker/postgresql.nix

@@ -0,0 +1,34 @@
+{ config, ... }:
+{
+  users = {
+    users.postgres = {
+      isSystemUser = true;
+      group = "postgres";
+      uid = 999;
+    };
+    groups.postgres = {
+      gid = 999;
+    };
+  };
+
+  virtualisation.oci-containers.containers = {
+    postgres = {
+      image = "postgres:16";
+      ports = [ "5432:5432" ];
+      volumes = [ "/ZFS/Media/databases/postgres:/var/lib/postgresql/data" ];
+      environment = {
+        POSTGRES_USER = "admin";
+        POSTGRES_DB = "archive";
+        POSTGRES_INITDB_ARGS = "--auth-host=scram-sha-256";
+      };
+      environmentFiles = [ config.sops.secrets."postgres".path ];
+      autoStart = true;
+      user = "postgres:postgres";
+    };
+  };
+
+  sops = {
+    defaultSopsFile = ../secrets.yaml;
+    secrets."postgres".owner = "postgres";
+  };
+}

systems/jeeves/secrets.yaml

@@ -1,4 +1,6 @@
-hello: ENC[AES256_GCM,data:y98ZcYZQSYP8GBFysKvD292lU1EPa0o/wV7EHPLelIIHl8bWE5Lz27KUsCnzNQ==,iv:zU9zBeNyAyiLs30ftxrATG/X/U7Z7euLqjDKmg0Lh7Y=,tag:MG61sKRBEvE7T/oWO3rGpA==,type:str]
+postgres: ENC[AES256_GCM,data:RStMRfC1uWGUEQRxjP/pBGSJDGzkg1w3dA0ATW7qu6LYeQAgLP5zzgi6Qu/HVfMVbGuMpIPvhw==,iv:SdPkaXngQxM3ZnYuNypYvUCxJQ8qZfWs018o+yaC0go=,tag:V6yOCHA+6jRb4/m/r3Gtjw==,type:str]
+zfs:
+    postgres_key: ENC[AES256_GCM,data:mLa0A6pJXZ7BX9bYat9mQ30Dx/KWU9KHjiApuapBUbRtH+gtAJRGwLeXJPyMTOirFwuWWTdOts8dTMESWp7eOg==,iv:MFyo2LbdsYeoUyhWEv0EWKXNFhxoLjNs5M7ar6dlrjw=,tag:KpaatId8TdVzAEelD1tlzQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +16,8 @@ sops:
             bVhXamJyMWMvODUvajk2aDZnQ1k1blEKoNIYxUA+k+DA+1WYq5BSa0iXuQ2Lctuy
             9W7OO2m+QGzjdLLM0uS7WWGXWP2cDDgUGcqozTqM0Oqi2/OY0Bo3Jg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-29T20:01:04Z"
+    lastmodified: "2024-06-19T15:19:01Z"
-    mac: ENC[AES256_GCM,data:9tUmPHyKY42lT1EfbDK7Es9MIdiR5A0rs/ST89baJMANGIN+oKQzkzDujG2WM8hxvgApl/GuIdy5ZBNZlUM0iYxFUd2a0UBDyjw+xTzWIuQr2/TuI8/cOgp04Kk+M9wNlLzE/dJAXsaqBo0EaHpfwKo/3/J53UfiIZrOtAZv+Qg=,iv:E79aJdvhkG2PfsO06QQa2Pzs3yiSHDARpZtM+uxiZJE=,tag:UwEcwBm22Ep2U2mhDgpQ0w==,type:str]
+    mac: ENC[AES256_GCM,data:700rnqbOKpnSSsBr28e9w7fn+LWN/TmPZVRJAhfzeZYr/s8ybQ4PzeLN0BAo3WQzOjHRK3CFtMSQ6+7AD9jkVw9601VgNjj9ydHtRYnWJ1ucfHfsLZclwldl0yx0doQ87rjvP+C4n+KmkQPHmghxHhM5HDYOVr0KEwyQYGwq5Qw=,iv:2vrSbTmsZRZ0xhNKcgpw9FSf1MnUr4HTw7f4gKX+Nm8=,tag:HPbEZKbHUyWOZ3nnvk+R6Q==,type:str]
     pgp:
         - created_at: "2024-03-02T20:52:17Z"
           enc: |-

users/richie/home/gui/vscode/settings.json

@@ -28,21 +28,12 @@
   },
 
   // formatters
-  "[jsonc]": {
+  "[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
-    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  "[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
-  },
+  "[markdown]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
-  "[markdown]": {
+  "[nix]": { "editor.defaultFormatter": "jnoortheen.nix-ide" },
-    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  "[python]": { "editor.defaultFormatter": "charliermarsh.ruff" },
-  },
+  "[yaml]": { "editor.defaultFormatter": "redhat.vscode-yaml" },
-  "[yaml]": {
-    "editor.defaultFormatter": "redhat.vscode-yaml"
-  },
-  "[python]": {
-    "editor.defaultFormatter": "charliermarsh.ruff"
-  },
-  "[nix]": {
-    "editor.defaultFormatter": "jnoortheen.nix-ide"
-  },
 
   // spell check
   "cSpell.enabled": true,