From c78f92b2e9313f75bb29abb919171979393ec0c8 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Fri, 23 Jan 2026 08:49:30 -0800
Subject: enable postgresql + backups

---
 README.org               | 11 ++++++++++-
 home/profiles/darwin.nix |  1 +
 machines/rivendell.nix   |  2 ++
 profiles/postgresql.nix  | 20 ++++++++++++++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 profiles/postgresql.nix

diff --git a/README.org b/README.org
index d36768a..0a06f13 100644
--- a/README.org
+++ b/README.org
@@ -126,6 +126,15 @@ Backups are done with =restic= and are stored on the local machine, and they are
 ** Remote builders
 *** Clients
 On the clients, you can run =nix config show builders= to see the list of the remote builders.
-If a client is failing to run builds remotely due to some ssh errors, you can run the following command: =sudo ssh -o 'IdentityAgent none' -i PRIVATE_KEY USER@HOST true=. We need to use =sudo= since the nix daemon runs as root.
+If a client is failing to run builds remotely due to some ssh errors, you can run the following command: =sudo ssh -o 'IdentityAgent none' -i /run/agenix/ssh-remote-builder builder@builder true=. We need to use =sudo= since the nix daemon runs as root.
 *** Builders
 On the builders, you can run =nix config show allowed-users= to see the list of users who can trigger nix builds.
+** PostgreSQL
+To connect from my local machine remotely:
+#+begin_src shell
+ssh framebox -L 35432:/var/run/postgresql/.s.PGSQL.5432
+#+end_src
+Then:
+#+begin_src shell
+psql -U postgres -h localhost -p 35432
+#+end_src
diff --git a/home/profiles/darwin.nix b/home/profiles/darwin.nix
index d8942c8..ded6086 100644
--- a/home/profiles/darwin.nix
+++ b/home/profiles/darwin.nix
@@ -21,6 +21,7 @@
     nil # nix lsp
     nix-direnv # integration with direnv
     nixfmt-rfc-style # new formatter
+    postgresql
     shellcheck
     tree
     wget
diff --git a/machines/rivendell.nix b/machines/rivendell.nix
index 0c4ac28..32ec964 100644
--- a/machines/rivendell.nix
+++ b/machines/rivendell.nix
@@ -43,6 +43,7 @@
     ../profiles/home-manager.nix
     ../profiles/miniflux.nix
     ../profiles/monitoring.nix
+    ../profiles/postgresql.nix
     ../profiles/remote-unlock.nix
     ../profiles/restic-backup.nix
     ../profiles/server.nix
@@ -69,6 +70,7 @@
       "/data/archives"
       "/data/media/music"
       "/var/lib/gitolite/repositories"
+      "/var/backup/postgresql"
     ];
   };
 
diff --git a/profiles/postgresql.nix b/profiles/postgresql.nix
new file mode 100644
index 0000000..6e473ad
--- /dev/null
+++ b/profiles/postgresql.nix
@@ -0,0 +1,20 @@
+{ ... }:
+{
+  services.postgresql = {
+    enable = true;
+    authentication = ''
+      local all all peer map=mapping
+    '';
+    identMap = ''
+      mapping fcuny    postgres
+      mapping root     postgres
+      mapping postgres postgres
+      mapping /^(.*)$  \1
+    '';
+  };
+
+  services.postgresqlBackup = {
+    enable = true;
+    compression = "zstd";
+  };
+}
-- 
cgit v1.2.3