Enable postgresql on minideck

1 files changed, 38 insertions, 22 deletions

diff --git a/machines/minideck.nix b/machines/minideck.nix
index 1c09585..b4bb8f6 100644
--- a/machines/minideck.nix
+++ b/machines/minideck.nix
@@ -11,12 +11,22 @@ with lib;
   services.xserver.enable = mkForce false;
   services.xserver.displayManager.lightdm.enable = mkForce false;
 
+  # For bridge development.
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "bridge_latest" ];
+    ensureUsers = [{
+      name = "orbekk";
+      ensurePermissions."DATABASE bridge_latest" = "ALL PRIVILEGES";
+    }];
+  };
+
   # Fake pipewire socket activation.
   services.pipewire.socketActivation = false;
   systemd.user.services.pipewire-setup = {
     description = "Link pipewire socket";
-    after = ["paths.target"];
-    wantedBy = ["default.target"];
+    after = [ "paths.target" ];
+    wantedBy = [ "default.target" ];
     serviceConfig = {
       ExecStart = "${pkgs.coreutils}/bin/ln -s /tmp/pipewire-0 %t/pipewire-0";
       Type = "oneshot";
@@ -28,15 +38,14 @@ with lib;
 
   nix.gc.persistent = false;
 
-  boot.cleanTmpDir = mkForce false;  # Don't delete bind mounts in /tmp.
+  boot.cleanTmpDir = mkForce false; # Don't delete bind mounts in /tmp.
   boot.isContainer = true;
-  boot.postBootCommands =
-  ''
+  boot.postBootCommands = ''
     # After booting, register the contents of the Nix store in the Nix
     # database.
     if [ -f /nix-path-registration ]; then
-      ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
-      rm /nix-path-registration
+    ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
+    rm /nix-path-registration
     fi
     # nixos-rebuild also requires a "system" profile
     ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
@@ -50,26 +59,33 @@ with lib;
 
   networking.hostName = "minideck";
   networking.interfaces.host0 = {
-    ipv4.addresses = [ { address = "172.20.199.2"; prefixLength = 24; } ];
-    ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 0; via = "172.20.199.1"; } ];
+    ipv4.addresses = [{
+      address = "172.20.199.2";
+      prefixLength = 24;
+    }];
+    ipv4.routes = [{
+      address = "0.0.0.0";
+      prefixLength = 0;
+      via = "172.20.199.1";
+    }];
   };
 
   users.users.root.initialHashedPassword = mkOverride 150 "";
- 
+
   system.activationScripts.installInitScript = mkForce ''
-   ln -fs $systemConfig/init /sbin/init
- '';
- environment.shellInit = ''
-   source /.host-profile
- '';
- services.openssh.enable = mkDefault true;
- services.openssh.startWhenNeeded = mkDefault true;
-   system.stateVersion = "22.05";
+    ln -fs $systemConfig/init /sbin/init
+  '';
+  environment.shellInit = ''
+    source /.host-profile
+  '';
+  services.openssh.enable = mkDefault true;
+  services.openssh.startWhenNeeded = mkDefault true;
+  system.stateVersion = "22.05";
 
-   systemd.tmpfiles.rules = [
-     # Don't remove the X11 socket.
-     "d /tmp/.X11-unix 1777 root root"
-   ];
+  systemd.tmpfiles.rules = [
+    # Don't remove the X11 socket.
+    "d /tmp/.X11-unix 1777 root root"
+  ];
   systemd.suppressedSystemUnits = [
     "systemd-udev-trigger.service"
     "systemd-udevd.service"