From f43a34f37c2402d5fe494191b94abc36433d39e9 Mon Sep 17 00:00:00 2001
From: Richie Cahill <Richie@tmmworkshop.com>
Date: Fri, 7 Feb 2025 19:40:27 -0500
Subject: [PATCH] setting up postgres

---
 .vscode/settings.json                      |   3 +
 systems/jeeves/services/postgress.nix      | 127 +++++++++++++++++++++
 users/richie/home/gui/vscode/settings.json |  14 +++
 3 files changed, 144 insertions(+)
 create mode 100644 systems/jeeves/services/postgress.nix

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 25a357c..dc7e8a9 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -42,6 +42,8 @@
     "Compat",
     "contentblocking",
     "cookiebanners",
+    "createdb",
+    "createrole",
     "crlite",
     "cryptsetup",
     "darkreader",
@@ -231,6 +233,7 @@
     "sysstat",
     "tabmanager",
     "tamasfe",
+    "TCPIP",
     "tiktok",
     "timonwong",
     "tmmworkshop",
diff --git a/systems/jeeves/services/postgress.nix b/systems/jeeves/services/postgress.nix
new file mode 100644
index 0000000..6bcb279
--- /dev/null
+++ b/systems/jeeves/services/postgress.nix
@@ -0,0 +1,127 @@
+{ pkgs, ... }:
+let
+  vars = import ../vars.nix;
+in
+{
+  networking.firewall.allowedTCPPorts = [ 5432 ];
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_17_jit;
+    enableTCPIP = true;
+    enableJIT = true;
+    dataDir = "${vars.media_database}/postgres";
+
+    authentication = pkgs.lib.mkOverride 10 ''
+
+      #type database DBuser origin-address auth-method
+      local all       all     trust
+      
+      # ipv4
+      host  all      all     127.0.0.1/32    trust
+      host  all      all     192.168.90.1/24 trust
+
+      # ipv6
+      host all       all     ::1/128         trust
+    '';
+
+    identMap = ''
+      # ArbitraryMapName systemUser DBUser
+        superuser_map      root      postgres
+        superuser_map      postgres  postgres
+        # Let other names login as themselves
+        superuser_map      richie    postgres
+    '';
+    ensureUsers = [
+      {
+        name = "postgres";
+        ensureClauses = {
+          superuser = true;
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+      {
+        name = "richie";
+        ensureClauses = {
+          superuser = true;
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+    ];
+    # Thank you NotAShelf
+    # https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
+    settings = {
+      # Connectivity;
+      max_connections = 100;
+      superuser_reserved_connections = 3;
+
+      # Memory Settings;
+      shared_buffers = "1024 MB";
+      work_mem = "32 MB";
+      maintenance_work_mem = "320 MB";
+      huge_pages = "off";
+      effective_cache_size = "2 GB";
+      effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
+      random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
+
+      # Monitoring;
+      shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
+      track_io_timing = "on"; # measure exact block IO times;
+      track_functions = "pl"; # track execution times of pl-language procedures if any;
+      # Replication;
+      wal_level = "replica"; # consider using at least "replica";
+      max_wal_senders = 0;
+      synchronous_commit = "on";
+
+      # Checkpointing: ;
+      checkpoint_timeout = "15 min";
+      checkpoint_completion_target = 0.9;
+      max_wal_size = "1024 MB";
+      min_wal_size = "512 MB";
+
+      # WAL writing;
+      wal_compression = "on";
+      wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
+      wal_writer_delay = "200ms";
+      wal_writer_flush_after = "1MB";
+
+      # Background writer;
+      bgwriter_delay = "200ms";
+      bgwriter_lru_maxpages = 100;
+      bgwriter_lru_multiplier = 2.0;
+      bgwriter_flush_after = 0;
+
+      # Parallel queries: ;
+      max_worker_processes = 6;
+      max_parallel_workers_per_gather = 3;
+      max_parallel_maintenance_workers = 3;
+      max_parallel_workers = 6;
+      parallel_leader_participation = "on";
+
+      # Advanced features ;
+      enable_partitionwise_join = "on";
+      enable_partitionwise_aggregate = "on";
+      jit = "on";
+
+      jit_above_cost = 100000;
+      jit_inline_above_cost = 150000;
+      jit_optimize_above_cost = 500000;
+
+      # log slow queries
+      log_min_duration_statement = 100;
+      "auto_explain.log_min_duration" = 100;
+
+      # logging configuration
+      log_connections = true;
+      log_statement = "all";
+      logging_collector = true;
+      log_disconnections = true;
+    };
+  };
+}
diff --git a/users/richie/home/gui/vscode/settings.json b/users/richie/home/gui/vscode/settings.json
index 1591c55..c94fec9 100644
--- a/users/richie/home/gui/vscode/settings.json
+++ b/users/richie/home/gui/vscode/settings.json
@@ -30,6 +30,20 @@
     "announcement": "off"
   },
 
+  // database settings
+  "sqltools.connections": [
+    {
+      "previewLimit": 50,
+      "server": "192.168.90.40",
+      "port": 5432,
+      "askForPassword": true,
+      "driver": "PostgreSQL",
+      "name": "main",
+      "database": "postgres",
+      "username": "richie"
+    }
+  ],
+
   // formatters
   "[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
   "[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },