nixos-server/services/postgres.nix

{ pkgs, ... }: {
  name = "postgres";
  config = {
    services.postgresql = {
      enable = true;
      enableTCPIP = true;
      port = 3306;
      ensureDatabases = [ "gitea" ];
      initialScript = pkgs.writeText "backend-initScript" ''
        CREATE USER gitea WITH LOGIN PASSWORD '${pkgs.lib.strings.fileContents ../secrets/gitea_postgres_pass}' CREATEDB;
        CREATE DATABASE gitea;
        GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
      '';
      authentication = pkgs.lib.mkOverride 10 ''
        host  all      all     10.10.0.0/16   trust
      '';
    };
  };
  ports = {
    tcp = [ 3306 ];
    udp = [];
    http = null;
  };
  hosts = [ ];
}