feat: init

nixos/modules/services/postgresql.nix

@@ -0,0 +1,37 @@
+{flake, ...}: let
+  inherit (flake.config.service.instance.postgresql) name paths ports;
+  inherit (flake.config.system.device) server;
+in {
+  services = {
+    postgresqlBackup = {
+      enable = true;
+      location = paths.path0;
+      databases = ["mastodon" "nextcloud" "peertube" "forgejo"];
+    };
+    postgresql = {
+      enable = true;
+    };
+  };
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        ports.port0
+      ];
+    };
+  };
+
+  fileSystems."/var/lib/postgresql" = {
+    device = paths.path0;
+    fsType = "none";
+    options = ["bind"];
+    depends = [server.storage0.mount];
+  };
+
+  systemd.tmpfiles.rules = ["Z ${paths.path0} 700 ${name} ${name} -"];
+
+  users.users.${name}.extraGroups = ["nextcloud" "mastodon" "forgejo"];
+
+  system.activationScripts.postgresCommands = ''
+    chown -R ${name}:${name} ${paths.path0}
+  '';
+}