81 lines
2.1 KiB
Nix
81 lines
2.1 KiB
Nix
{ config, pkgs, lib, ... }: let
|
|
cfg = config.services.postgresql;
|
|
in {
|
|
services.postgresql = {
|
|
enable = true;
|
|
enableTCPIP = true;
|
|
authentication = pkgs.lib.mkOverride 10 ''
|
|
local all all trust
|
|
local hydra all ident map=hydra-users
|
|
host all all 127.0.0.1/32 trust
|
|
host all all ::1/128 trust
|
|
'';
|
|
settings = {
|
|
# Source: https://pgtune.leopard.in.ua/
|
|
# DB Version: 15
|
|
# OS Type: linux
|
|
# DB Type: mixed
|
|
# Total Memory (RAM): 12 GB
|
|
# CPUs num: 12
|
|
# Connections num: 150
|
|
# Data Storage: hdd
|
|
|
|
max_connections = 150;
|
|
shared_buffers = "3GB";
|
|
effective_cache_size = "9GB";
|
|
maintenance_work_mem = "768MB";
|
|
checkpoint_completion_target = 0.9;
|
|
wal_buffers = "16MB";
|
|
default_statistics_target = 100;
|
|
random_page_cost = 4;
|
|
effective_io_concurrency = 2;
|
|
work_mem = "2621kB";
|
|
min_wal_size = "1GB";
|
|
max_wal_size = "4GB";
|
|
max_worker_processes = 12;
|
|
max_parallel_workers_per_gather = 4;
|
|
max_parallel_workers = 12;
|
|
max_parallel_maintenance_workers = 4;
|
|
};
|
|
};
|
|
|
|
services.postgresqlBackup = {
|
|
enable = true;
|
|
location = "/data/backup/postgres";
|
|
backupAll = true;
|
|
};
|
|
|
|
systemd.services.postgresqlBackup = {
|
|
requires = [ "postgresql.service" ];
|
|
};
|
|
|
|
systemd.services.postgresql = {
|
|
serviceConfig = {
|
|
Restart = "always";
|
|
RestartSec = 3;
|
|
ReadWritePaths = [ cfg.dataDir ];
|
|
NoNewPrivileges = true;
|
|
PrivateDevices = true;
|
|
ProtectClock = true;
|
|
ProtectKernelLogs = true;
|
|
ProtectKernelModules = true;
|
|
# PrivateMounts = true;
|
|
RestrictSUIDSGID = true;
|
|
ProtectHostname = true;
|
|
LockPersonality = true;
|
|
ProtectKernelTunables = true;
|
|
ProtectSystem = "strict";
|
|
ProtectProc = "invisible";
|
|
ProtectHome = true;
|
|
# PrivateNetwork = true;
|
|
PrivateUsers = true;
|
|
PrivateTmp = true;
|
|
UMask = "0077";
|
|
# RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
|
|
SystemCallArchitectures = "native";
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = [ config.services.postgresql.package ];
|
|
}
|