{ config, pkgs, lib, ... }:
let
cfg = config.services.postgrest;
postgrestConfig = ''
db-uri = "${cfg.connectionString}"
db-schema = "${cfg.schemaName}"
db-anon-role = "${cfg.anonRole}"
jwt-secret = "${cfg.jwtSecret}"
secret-is-base64 = true
'';
configFileLocation = pkgs.writeText "postgrest.cfg" postgrestConfig;
in
{
options = {
services.postgrest = with lib; {
enable = mkOption {
default = false;
type = types.bool;
description = "Enable PostgREST service";
};
connectionString = mkOption {
type = types.str;
description = "Postgresql connection string";
example = "postgres://pg_username:pg_password@192.168.1.11:5432/db_name";
};
schemaName = mkOption {
type = types.str;
description = "Postgresql schema the database is in";
default = "public";
};
anonRole = mkOption {
type = types.str;
description = "Postgresql role that will be used for unauthenticated access.";
example = "anonymous";
};
jwtSecret = mkOption {
type = types.str;
description = "base64 encoded jwt secret (see postgrest quick start documentation)";
};
user = mkOption {
type = types.str;
default = "postgrest";
description = "User the PostgREST server will run as";
};
group = mkOption {
type = types.str;
default = "postgrest";
description = "Group the PostgREST server will run as";
};
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
haskellPackages.postgrest
];
systemd.services.postgrest = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
#Restart = "on-failure";
ExecStart = "${pkgs.haskellPackages.postgrest}/bin/postgrest ${configFileLocation}";
KillSignal = "SIGTERM";
};
};
users.groups = {
${cfg.group} = {};
};
users.extraUsers.${cfg.user} = {
group = cfg.group;
isSystemUser = true;
};
};
}