clan-core/clanModules/postgresql/default.nix

{
  pkgs,
  lib,
  config,
  ...
}:
let
  createDatatbaseState =
    db:
    let
      folder = "/var/backup/postgres/${db.name}";
      current = "${folder}/pg-dump";
      compression = lib.optionalString (lib.versionAtLeast config.services.postgresql.package.version "16") "--compress=zstd";
    in
    {
      folders = [ folder ];
      preBackupScript = ''
        export PATH=${
          lib.makeBinPath [
            config.services.postgresql.package
            config.systemd.package
            pkgs.coreutils
            pkgs.util-linux
            pkgs.zstd
          ]
        }
        while [[ "$(systemctl is-active postgresql)" == activating ]]; do
          sleep 1
        done

        mkdir -p "${folder}"
        runuser -u postgres -- pg_dump ${compression} --dbname=${db.name} -Fc -c > "${current}.tmp"
        mv "${current}.tmp" ${current}
      '';
      postRestoreScript = ''
        export PATH=${
          lib.makeBinPath [
            config.services.postgresql.package
            config.systemd.package
            pkgs.coreutils
            pkgs.util-linux
            pkgs.zstd
            pkgs.gnugrep
          ]
        }
        while [[ "$(systemctl is-active postgresql)" == activating ]]; do
          sleep 1
        done
        echo "Waiting for postgres to be ready..."
        while ! runuser -u postgres -- psql --port=${builtins.toString config.services.postgresql.settings.port} -d postgres -c "" ; do
          if ! systemctl is-active postgresql; then exit 1; fi
          sleep 0.1
        done

        if [[ -e "${current}" ]]; then
          (
            systemctl stop ${lib.concatStringsSep " " db.restore.stopOnRestore}
            trap "systemctl start ${lib.concatStringsSep " " db.restore.stopOnRestore}" EXIT

            mkdir -p "${folder}"
            if runuser -u postgres -- psql -d postgres -c "SELECT 1 FROM pg_database WHERE datname = '${db.name}'" | grep -q 1; then
              runuser -u postgres -- dropdb "${db.name}"
            fi
            runuser -u postgres -- pg_restore -C -d postgres "${current}"
          )
        else
          echo No database backup found, skipping restore
        fi
      '';
    };

  createDatabase = db: ''
    CREATE DATABASE "${db.name}" ${
      lib.concatStringsSep " " (
        lib.mapAttrsToList (name: value: "${name} = '${value}'") db.create.options
      )
    }
  '';
  cfg = config.clan.postgresql;

  userClauses = lib.mapAttrsToList (
    _: user:
    ''$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"' ''
  ) cfg.users;
  databaseClauses = lib.mapAttrsToList (
    name: db:
    lib.optionalString db.create.enable ''$PSQL -d postgres -c "SELECT 1 FROM pg_database WHERE datname = '${name}'" | grep -q 1 || $PSQL -d postgres -c ${lib.escapeShellArg (createDatabase db)} ''
  ) cfg.databases;
in
{
  options.clan.postgresql = {
    # we are reimplemeting ensureDatabase and ensureUser options here to allow to create databases with options
    databases = lib.mkOption {
      default = { };
      type = lib.types.attrsOf (
        lib.types.submodule (
          { name, ... }:
          {
            options = {
              name = lib.mkOption {
                type = lib.types.str;
                default = name;
                description = "Database name.";
              };
              service = lib.mkOption {
                type = lib.types.str;
                default = name;
                description = "Service name that we associate with the database.";
              };
              # set to false, in case the upstream module uses ensureDatabase option
              create.enable = lib.mkOption {
                type = lib.types.bool;
                default = true;
                description = "Create the database if it does not exist.";
              };
              create.options = lib.mkOption {
                type = lib.types.lazyAttrsOf lib.types.str;
                default = { };
                example = {
                  TEMPLATE = "template0";
                  LC_COLLATE = "C";
                  LC_CTYPE = "C";
                  ENCODING = "UTF8";
                  OWNER = "foo";
                };
              };
              restore.stopOnRestore = lib.mkOption {
                type = lib.types.listOf lib.types.str;
                default = [ ];
                description = "List of systemd services to stop before restoring the database.";
              };
            };
          }
        )
      );
    };
    users = lib.mkOption {
      default = { };
      type = lib.types.attrsOf (
        lib.types.submodule (
          { name, ... }:
          {
            options.name = lib.mkOption {
              type = lib.types.str;
              default = name;
            };
          }
        )
      );
    };
  };
  config = {
    services.postgresql.settings = {
      wal_level = "replica";
      max_wal_senders = 3;
    };

    services.postgresql.enable = true;
    # We are duplicating a bit the upstream module but allow to create databases with options
    systemd.services.postgresql.postStart = ''
      PSQL="psql --port=${builtins.toString config.services.postgresql.settings.port}"

      while ! $PSQL -d postgres -c "" 2> /dev/null; do
        if ! kill -0 "$MAINPID"; then exit 1; fi
        sleep 0.1
      done
      ${lib.concatStringsSep "\n" userClauses}
      ${lib.concatStringsSep "\n" databaseClauses}
    '';

    clan.core.state = lib.mapAttrs' (
      _: db: lib.nameValuePair db.service (createDatatbaseState db)
    ) config.clan.postgresql.databases;

    environment.systemPackages = builtins.map (
      db:
      let
        folder = "/var/backup/postgres/${db.name}";
        current = "${folder}/pg-dump";
      in
      pkgs.writeShellScriptBin "postgres-db-restore-command-${db.name}" ''
        export PATH=${
          lib.makeBinPath [
            config.services.postgresql.package
            config.systemd.package
            pkgs.coreutils
            pkgs.util-linux
            pkgs.zstd
            pkgs.gnugrep
          ]
        }
        while [[ "$(systemctl is-active postgresql)" == activating ]]; do
          sleep 1
        done
        echo "Waiting for postgres to be ready..."
        while ! runuser -u postgres -- psql --port=${builtins.toString config.services.postgresql.settings.port} -d postgres -c "" ; do
          if ! systemctl is-active postgresql; then exit 1; fi
          sleep 0.1
        done

        if [[ -e "${current}" ]]; then
          (
            ${
              lib.optionalString (db.restore.stopOnRestore != [ ]) ''
                systemctl stop ${builtins.toString db.restore.stopOnRestore}
                trap "systemctl start ${builtins.toString db.restore.stopOnRestore}" EXIT
              ''
            }

            mkdir -p "${folder}"
            if runuser -u postgres -- psql -d postgres -c "SELECT 1 FROM pg_database WHERE datname = '${db.name}'" | grep -q 1; then
              runuser -u postgres -- dropdb "${db.name}"
            fi
            runuser -u postgres -- pg_restore -C -d postgres "${current}"
          )
        else
          echo No database backup found, skipping restore
        fi
      ''
    ) (builtins.attrValues config.clan.postgresql.databases);
  };
}
add postgresql backup hooks 2024-05-31 14:36:37 +00:00			`{`
			`pkgs,`
			`lib,`
			`config,`
			`...`
			`}:`
			`let`
			`createDatatbaseState =`
			`db:`
			`let`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`folder = "/var/backup/postgres/${db.name}";`
backup: add a way to stop services before restoring a state. 2024-06-06 13:17:47 +00:00			`current = "${folder}/pg-dump";`
			`compression = lib.optionalString (lib.versionAtLeast config.services.postgresql.package.version "16") "--compress=zstd";`
add postgresql backup hooks 2024-05-31 14:36:37 +00:00			`in`
			`{`
			`folders = [ folder ];`
clan.core.state: wrap all commands in shell scripts Otherwise we cannot execute them via ssh and also have nix store dependencies. 2024-06-19 09:42:14 +00:00			`preBackupScript = ''`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`export PATH=${`
			`lib.makeBinPath [`
			`config.services.postgresql.package`
			`config.systemd.package`
			`pkgs.coreutils`
			`pkgs.util-linux`
			`pkgs.zstd`
			`]`
			`}`
			`while [[ "$(systemctl is-active postgresql)" == activating ]]; do`
			`sleep 1`
			`done`

			`mkdir -p "${folder}"`
backup: add a way to stop services before restoring a state. 2024-06-06 13:17:47 +00:00			`runuser -u postgres -- pg_dump ${compression} --dbname=${db.name} -Fc -c > "${current}.tmp"`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`mv "${current}.tmp" ${current}`
add postgresql backup hooks 2024-05-31 14:36:37 +00:00			`'';`
clan.core.state: wrap all commands in shell scripts Otherwise we cannot execute them via ssh and also have nix store dependencies. 2024-06-19 09:42:14 +00:00			`postRestoreScript = ''`
			`export PATH=${`
			`lib.makeBinPath [`
			`config.services.postgresql.package`
			`config.systemd.package`
			`pkgs.coreutils`
			`pkgs.util-linux`
			`pkgs.zstd`
fix dropping non-existing database 2024-06-19 16:00:51 +00:00			`pkgs.gnugrep`
clan.core.state: wrap all commands in shell scripts Otherwise we cannot execute them via ssh and also have nix store dependencies. 2024-06-19 09:42:14 +00:00			`]`
			`}`
			`while [[ "$(systemctl is-active postgresql)" == activating ]]; do`
			`sleep 1`
			`done`
			`echo "Waiting for postgres to be ready..."`
			`while ! runuser -u postgres -- psql --port=${builtins.toString config.services.postgresql.settings.port} -d postgres -c "" ; do`
			`if ! systemctl is-active postgresql; then exit 1; fi`
			`sleep 0.1`
			`done`

			`if [[ -e "${current}" ]]; then`
			`(`
			`systemctl stop ${lib.concatStringsSep " " db.restore.stopOnRestore}`
			`trap "systemctl start ${lib.concatStringsSep " " db.restore.stopOnRestore}" EXIT`

			`mkdir -p "${folder}"`
fix dropping non-existing database 2024-06-19 16:00:51 +00:00			`if runuser -u postgres -- psql -d postgres -c "SELECT 1 FROM pg_database WHERE datname = '${db.name}'" \| grep -q 1; then`
			`runuser -u postgres -- dropdb "${db.name}"`
			`fi`
clan.core.state: wrap all commands in shell scripts Otherwise we cannot execute them via ssh and also have nix store dependencies. 2024-06-19 09:42:14 +00:00			`runuser -u postgres -- pg_restore -C -d postgres "${current}"`
			`)`
			`else`
			`echo No database backup found, skipping restore`
			`fi`
			`'';`
add postgresql backup hooks 2024-05-31 14:36:37 +00:00			`};`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00
			`createDatabase = db: ''`
			`CREATE DATABASE "${db.name}" ${`
			`lib.concatStringsSep " " (`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`lib.mapAttrsToList (name: value: "${name} = '${value}'") db.create.options`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`)`
			`}`
			`'';`
			`cfg = config.clan.postgresql;`

			`userClauses = lib.mapAttrsToList (`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`_: user:`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`''$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" \| grep -q 1 \|\| $PSQL -tAc 'CREATE USER "${user.name}"' ''`
			`) cfg.users;`
			`databaseClauses = lib.mapAttrsToList (`
			`name: db:`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`lib.optionalString db.create.enable ''$PSQL -d postgres -c "SELECT 1 FROM pg_database WHERE datname = '${name}'" \| grep -q 1 \|\| $PSQL -d postgres -c ${lib.escapeShellArg (createDatabase db)} ''`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`) cfg.databases;`
add postgresql backup hooks 2024-05-31 14:36:37 +00:00			`in`
			`{`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`options.clan.postgresql = {`
			`# we are reimplemeting ensureDatabase and ensureUser options here to allow to create databases with options`
add postgresql backup hooks 2024-05-31 14:36:37 +00:00			`databases = lib.mkOption {`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`default = { };`
			`type = lib.types.attrsOf (`
			`lib.types.submodule (`
			`{ name, ... }:`
			`{`
			`options = {`
			`name = lib.mkOption {`
			`type = lib.types.str;`
			`default = name;`
postgresql: don't prepend postgresql- for states 2024-06-19 09:40:19 +00:00			`description = "Database name.";`
			`};`
			`service = lib.mkOption {`
			`type = lib.types.str;`
			`default = name;`
			`description = "Service name that we associate with the database.";`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`};`
			`# set to false, in case the upstream module uses ensureDatabase option`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`create.enable = lib.mkOption {`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`type = lib.types.bool;`
			`default = true;`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`description = "Create the database if it does not exist.";`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`};`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`create.options = lib.mkOption {`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`type = lib.types.lazyAttrsOf lib.types.str;`
			`default = { };`
			`example = {`
			`TEMPLATE = "template0";`
			`LC_COLLATE = "C";`
			`LC_CTYPE = "C";`
			`ENCODING = "UTF8";`
			`OWNER = "foo";`
			`};`
			`};`
backup: add a way to stop services before restoring a state. 2024-06-06 13:17:47 +00:00			`restore.stopOnRestore = lib.mkOption {`
			`type = lib.types.listOf lib.types.str;`
			`default = [ ];`
postgresql: don't prepend postgresql- for states 2024-06-19 09:40:19 +00:00			`description = "List of systemd services to stop before restoring the database.";`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`};`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`};`
			`}`
			`)`
			`);`
			`};`
			`users = lib.mkOption {`
			`default = { };`
			`type = lib.types.attrsOf (`
			`lib.types.submodule (`
			`{ name, ... }:`
			`{`
			`options.name = lib.mkOption {`
			`type = lib.types.str;`
			`default = name;`
			`};`
			`}`
			`)`
			`);`
add postgresql backup hooks 2024-05-31 14:36:37 +00:00			`};`
			`};`
			`config = {`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`services.postgresql.settings = {`
			`wal_level = "replica";`
			`max_wal_senders = 3;`
			`};`

add postgresql backup hooks 2024-05-31 14:36:37 +00:00			`services.postgresql.enable = true;`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`# We are duplicating a bit the upstream module but allow to create databases with options`
			`systemd.services.postgresql.postStart = ''`
			`PSQL="psql --port=${builtins.toString config.services.postgresql.settings.port}"`

			`while ! $PSQL -d postgres -c "" 2> /dev/null; do`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00			`if ! kill -0 "$MAINPID"; then exit 1; fi`
			`sleep 0.1`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`done`
			`${lib.concatStringsSep "\n" userClauses}`
			`${lib.concatStringsSep "\n" databaseClauses}`
			`'';`
postgresql: add backup and restore 2024-06-05 16:37:31 +00:00
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`clan.core.state = lib.mapAttrs' (`
postgresql: don't prepend postgresql- for states 2024-06-19 09:40:19 +00:00			`_: db: lib.nameValuePair db.service (createDatatbaseState db)`
postgresql: add new method to create users and databases 2024-06-04 10:56:39 +00:00			`) config.clan.postgresql.databases;`
postgresql: move postRestoreCommand to a dedicated command We need to call this command from the cli 2024-06-11 14:00:39 +00:00
			`environment.systemPackages = builtins.map (`
			`db:`
			`let`
			`folder = "/var/backup/postgres/${db.name}";`
			`current = "${folder}/pg-dump";`
			`in`
			`pkgs.writeShellScriptBin "postgres-db-restore-command-${db.name}" ''`
			`export PATH=${`
			`lib.makeBinPath [`
			`config.services.postgresql.package`
			`config.systemd.package`
			`pkgs.coreutils`
			`pkgs.util-linux`
			`pkgs.zstd`
fix restore if database does not exists 2024-06-14 09:48:42 +00:00			`pkgs.gnugrep`
postgresql: move postRestoreCommand to a dedicated command We need to call this command from the cli 2024-06-11 14:00:39 +00:00			`]`
			`}`
			`while [[ "$(systemctl is-active postgresql)" == activating ]]; do`
			`sleep 1`
			`done`
			`echo "Waiting for postgres to be ready..."`
			`while ! runuser -u postgres -- psql --port=${builtins.toString config.services.postgresql.settings.port} -d postgres -c "" ; do`
			`if ! systemctl is-active postgresql; then exit 1; fi`
			`sleep 0.1`
			`done`

			`if [[ -e "${current}" ]]; then`
			`(`
postgres: handle restores without associated systemd service 2024-06-14 09:14:49 +00:00			`${`
			`lib.optionalString (db.restore.stopOnRestore != [ ]) ''`
			`systemctl stop ${builtins.toString db.restore.stopOnRestore}`
			`trap "systemctl start ${builtins.toString db.restore.stopOnRestore}" EXIT`
			`''`
			`}`
postgresql: move postRestoreCommand to a dedicated command We need to call this command from the cli 2024-06-11 14:00:39 +00:00
			`mkdir -p "${folder}"`
fix restore if database does not exists 2024-06-14 09:48:42 +00:00			`if runuser -u postgres -- psql -d postgres -c "SELECT 1 FROM pg_database WHERE datname = '${db.name}'" \| grep -q 1; then`
			`runuser -u postgres -- dropdb "${db.name}"`
			`fi`
postgresql: move postRestoreCommand to a dedicated command We need to call this command from the cli 2024-06-11 14:00:39 +00:00			`runuser -u postgres -- pg_restore -C -d postgres "${current}"`
			`)`
			`else`
			`echo No database backup found, skipping restore`
			`fi`
			`''`
			`) (builtins.attrValues config.clan.postgresql.databases);`
add postgresql backup hooks 2024-05-31 14:36:37 +00:00			`};`
			`}`