From 8c8170058ed1c816d43db4d96110e659a6afafc3 Mon Sep 17 00:00:00 2001
From: "Gustavo \"Guz\" L de Mello" <contact@guz.one>
Date: Tue, 16 Sep 2025 16:17:17 -0300
Subject: [PATCH] feat(common): setup postgresql for shared database instance

---
 common/default.nix    |  1 +
 common/postgresql.nix | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 common/postgresql.nix

diff --git a/common/default.nix b/common/default.nix
index 79ffd5b..628dfba 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -3,5 +3,6 @@
     ./caddy.nix
     ./cloudflare.nix
     ./garage.nix
+    ./postgresql.nix
   ];
 }
diff --git a/common/postgresql.nix b/common/postgresql.nix
new file mode 100644
index 0000000..bdf33cc
--- /dev/null
+++ b/common/postgresql.nix
@@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.services.postgresql;
+  cfgadm = config.services.pgadmin;
+in {
+  services.postgresql = {
+    authentication = lib.mkForce ''
+      #type database DBuser origin-address auth-method
+      local all      all    trust
+      # ipv4
+      host  all      all    172.0.0.1/32   trust
+      # ipv6
+      host  all      all    ::1/128        trust
+    '';
+    enable = true;
+    ensureDatabases = [
+      "nextcloud"
+    ];
+    ensureUsers = [
+      {
+        name = "nextcloud";
+        ensureDBOwnership = true;
+      }
+    ];
+    enableTCPIP = true;
+    settings = {
+      port = 3245;
+    };
+  };
+
+  services.caddy.virtualHosts = {
+    "db.local".extraConfig = ''
+      reverse_proxy http://localhost:${toString cfg.settings.port}
+      tls internal
+    '';
+  };
+}