nixos/roles/dbserver-postgresql.nix

# Module: roles/dbserver-postgresql
# Enables a database server running PostgreSQL
{
  config,
  lib,
  pkgs,
  ...
}:

with lib;

let
  cfg = config.dbserver-postgresql;
  defaultPostgresPackage = pkgs.postgresql;
  defaultPsycopg2Package = pkgs.python313Packages.psycopg2;
in
{
  options.dbserver-postgresql = {
    enable = mkEnableOption "Enables dbserver-postgresql role";

    dbPackage = mkOption {
      type = types.package;
      default = defaultPostgresPackage;
      description = "Package to use for the database server";
      example = postgresql;
    };

    ansibleLibPackage = mkOption {
      type = types.package;
      default = defaultPsycopg2Package;
      description = "Python library to use for Ansible interfacing";
      example = pkgs.python313Packages.psycopg2;
    };
  };

  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      cfg.dbPackage
      cfg.ansibleLibPackage
      (python3.withPackages (ps: with ps; [ psycopg2 ]))
    ];

    services.postgresql = {
      enable = true;
      package = cfg.dbPackage;

      settings = {
        ssl = "off";
        listen_addresses = mkForce "0.0.0.0";
      };

      authentication = pkgs.lib.mkOverride 10 ''
        local   replication     all     trust
        local   all     all     peer
        local   all     all     scram-sha-256
        host    all     all     all     scram-sha-256
      '';
    };

    networking.firewall.allowedTCPPorts = [ 5432 ];
  };
}