nuc-configurations/global/software-configuration.nix

{ pkgs, pkgs-unstable, lib, ... }: 
let
  databases = [
    "k3s"
    "gitea"
    "vaultwarden"
    "saysthbot"
  ];
in
{
  # Enable automatic login for the user.
  services = {
    logrotate.checkConfig = false;
    sshd.enable = true;

    ntp = {
      enable = true;
      servers = [
        "ntp.ntsc.ac.cn" # China
      ];
    };

    k3s = {
      enable = true;
      package = pkgs-unstable.k3s;
      configPath = "/etc/rancher/k3s/config.yaml";
    };

    postgresql = {
      enable = true;
      package = pkgs.postgresql_14;
      authentication = ''
        host	all	all	10.42.0.0/16	md5
        host	all	all	fd01::/56	md5
      '';
      enableTCPIP = true;
      ensureDatabases = databases;
      ensureUsers = [
        {
          name = "k3s";
          ensurePermissions = {
            "DATABASE k3s" =  "ALL PRIVILEGES";
          };
          ensureClauses = {
            login = true;
          };
        }
        {
          name = "gitea";
          ensurePermissions = {
            "DATABASE gitea" =  "ALL PRIVILEGES";
          };
          ensureClauses = {
            login = true;
          };
        }
        {
          name = "vaultwarden";
          ensurePermissions = {
            "DATABASE vaultwarden" =  "ALL PRIVILEGES";
          };
          ensureClauses = {
            login = true;
          };
        }
        {
          name = "saysthbot";
          ensurePermissions = {
            "DATABASE saysthbot" =  "ALL PRIVILEGES";
          };
          ensureClauses = {
            login = true;
          };
        }
      ];
    };

    postgresqlBackup = {
      enable = true;
      databases = databases;
      compressionLevel = 9;
      location = "/backup/postgresql";
      startAt = "*-*-* 01:15:00";
    };
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    nerdctl
    vim
    gnumake42
  ];
}