216 lines
7.8 KiB
Nix
216 lines
7.8 KiB
Nix
|
{ config, lib, utils, pkgs, ... }:
|
||
|
let
|
||
|
cfg = config.services.pgbouncer;
|
||
|
|
||
|
settingsFormat = pkgs.formats.ini { };
|
||
|
configFile = settingsFormat.generate "pgbouncer.ini" cfg.settings;
|
||
|
configPath = "pgbouncer/pgbouncer.ini";
|
||
|
in
|
||
|
{
|
||
|
imports = [
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "logFile" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "log_file" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "listenAddress" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "listen_addr" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "listenPort" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "listen_port" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "poolMode" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "pool_mode" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "maxClientConn" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "max_client_conn" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "defaultPoolSize" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "default_pool_size" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "maxDbConnections" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "max_db_connections" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "maxUserConnections" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "max_user_connections" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "ignoreStartupParameters" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "ignore_startup_parameters" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "databases" ]
|
||
|
[ "services" "pgbouncer" "settings" "databases" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "users" ]
|
||
|
[ "services" "pgbouncer" "settings" "users" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "peers" ]
|
||
|
[ "services" "pgbouncer" "settings" "peers" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "authType" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "auth_type" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "authHbaFile" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "auth_hba_file" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "authFile" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "auth_file" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "authUser" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "auth_user" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "authQuery" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "auth_query" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "authDbname" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "auth_dbname" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "adminUsers" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "admin_users" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "statsUsers" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "stats_users" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "verbose" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "verbose" ])
|
||
|
(lib.mkChangedOptionModule
|
||
|
[ "services" "pgbouncer" "syslog" "enable" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "syslog" ]
|
||
|
(config:
|
||
|
let
|
||
|
enable = lib.getAttrFromPath
|
||
|
[ "services" "pgbouncer" "syslog" "enable" ]
|
||
|
config;
|
||
|
in
|
||
|
if enable then 1 else 0))
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "syslog" "syslogIdent" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "syslog_ident" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "syslog" "syslogFacility" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "syslog_facility" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "tls" "client" "sslmode" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "client_tls_sslmode" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "tls" "client" "keyFile" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "client_tls_key_file" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "tls" "client" "certFile" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "client_tls_cert_file" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "tls" "client" "caFile" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "client_tls_ca_file" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "tls" "server" "sslmode" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "server_tls_sslmode" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "tls" "server" "keyFile" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "server_tls_key_file" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "tls" "server" "certFile" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "server_tls_cert_file" ])
|
||
|
(lib.mkRenamedOptionModule
|
||
|
[ "services" "pgbouncer" "tls" "server" "caFile" ]
|
||
|
[ "services" "pgbouncer" "settings" "pgbouncer" "server_tls_ca_file" ])
|
||
|
(lib.mkRemovedOptionModule [ "services" "pgbouncer" "extraConfig" ] "Use services.pgbouncer.settings instead.")
|
||
|
];
|
||
|
|
||
|
options.services.pgbouncer = {
|
||
|
enable = lib.mkEnableOption "PostgreSQL connection pooler";
|
||
|
|
||
|
package = lib.mkPackageOption pkgs "pgbouncer" { };
|
||
|
|
||
|
openFirewall = lib.mkOption {
|
||
|
type = lib.types.bool;
|
||
|
default = false;
|
||
|
description = ''
|
||
|
Whether to automatically open the specified TCP port in the firewall.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
settings = lib.mkOption {
|
||
|
type = settingsFormat.type;
|
||
|
default = { };
|
||
|
description = ''
|
||
|
Configuration for PgBouncer, see <https://www.pgbouncer.org/config.html>
|
||
|
for supported values.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
# Linux settings
|
||
|
openFilesLimit = lib.mkOption {
|
||
|
type = lib.types.int;
|
||
|
default = 65536;
|
||
|
description = ''
|
||
|
Maximum number of open files.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
user = lib.mkOption {
|
||
|
type = lib.types.str;
|
||
|
default = "pgbouncer";
|
||
|
description = ''
|
||
|
The user pgbouncer is run as.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
group = lib.mkOption {
|
||
|
type = lib.types.str;
|
||
|
default = "pgbouncer";
|
||
|
description = ''
|
||
|
The group pgbouncer is run as.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
homeDir = lib.mkOption {
|
||
|
type = lib.types.path;
|
||
|
default = "/var/lib/pgbouncer";
|
||
|
description = ''
|
||
|
Specifies the home directory.
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = lib.mkIf cfg.enable {
|
||
|
users.groups.${cfg.group} = { };
|
||
|
users.users.${cfg.user} = {
|
||
|
description = "PgBouncer service user";
|
||
|
group = cfg.group;
|
||
|
home = cfg.homeDir;
|
||
|
createHome = true;
|
||
|
isSystemUser = true;
|
||
|
};
|
||
|
|
||
|
environment.etc.${configPath}.source = configFile;
|
||
|
|
||
|
# Default to RuntimeDirectory instead of /tmp.
|
||
|
services.pgbouncer.settings.pgbouncer.unix_socket_dir = lib.mkDefault "/run/pgbouncer";
|
||
|
|
||
|
systemd.services.pgbouncer = {
|
||
|
description = "PgBouncer - PostgreSQL connection pooler";
|
||
|
wants = [ "network-online.target" ];
|
||
|
after = [ "network-online.target" ];
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
reloadTriggers = [ configFile ];
|
||
|
serviceConfig = {
|
||
|
Type = "notify-reload";
|
||
|
User = cfg.user;
|
||
|
Group = cfg.group;
|
||
|
ExecStart = utils.escapeSystemdExecArgs [
|
||
|
(lib.getExe pkgs.pgbouncer)
|
||
|
"/etc/${configPath}"
|
||
|
];
|
||
|
RuntimeDirectory = "pgbouncer";
|
||
|
LimitNOFILE = cfg.openFilesLimit;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
networking.firewall = lib.mkIf cfg.openFirewall {
|
||
|
allowedTCPPorts = [
|
||
|
(cfg.settings.pgbouncer.listen_port or 6432)
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
|
||
|
meta.maintainers = [ lib.maintainers._1000101 ];
|
||
|
}
|