the_prg_server_configuration/nix-system-configs/modules/system/database.nix

{
  config,
  pkgs,
  lib,
  ...
}: let
  choose = paths: builtins.head (builtins.filter (p: builtins.pathExists p) paths);
  dummyFileSystems = {
    fileSystems."/" = {
      device = "/dev/disk/by-label/nixos";
      fsType = "ext4";
    };
  };
in {
  options.local = {
    hostname = lib.mkOption {
      type = lib.types.str;
      default = "nixos-default";
      description = "System hostname";
    };
    username = lib.mkOption {
      type = lib.types.str;
      default = "user";
      description = "Primary user username";
    };
    userDescription = lib.mkOption {
      type = lib.types.str;
      default = "NixOS User";
      description = "Primary user description";
    };
    address = lib.mkOption {
      type = lib.types.str;
      default = "10.1.1.100";
      description = "Static IP address";
    };
  };

  imports =
    [
      (choose [./modules/desktop-manager/gnome.nix ../desktop-manager/gnome.nix])
      (choose [./modules/local/hostname_username.nix ../local/hostname_username.nix])
      (choose [./modules/local/networking_local.nix ../local/networking_local.nix])
      # (choose [./modules/bootloader/seabios-assigned-iso-at-birth.nix ../bootloader/seabios-assigned-iso-at-birth.nix])
      (choose [./modules/lix-default.nix ../lix-default.nix])
      (choose [./modules/toolsets/grafana_metric.nix ../toolsets/grafana_metric.nix])
      (choose [./modules/secrets-config/sops-database.nix ../secrets-config/sops-database.nix])
      (choose [./modules/system_scripts/gcloud_backup.nix ../system_scripts/gcloud_backup.nix])
      ## TODO: Make this more elegant and less risky for unexpected errors happening.
    ]
    ++ lib.optional (builtins.pathExists ./hardware-configuration.nix) ./hardware-configuration.nix
    ++ lib.optional (!builtins.pathExists ./hardware-configuration.nix) dummyFileSystems;

  config = {
    local.hostname = "nixosdd";
    local.username = "nixosdd";
    local.userDescription = "NixOS Dedicated Database";
    local.address = "10.1.1.251";

    networking.firewall.allowedTCPPorts = [
      5432 # PostgreSQL
      3306 # MariaDB/MySQL
      6379 # Valkey
    ];
    networking.firewall.allowedUDPPorts = [
      5432 # PostgreSQL
      3306 # MariaDB/MySQL
      6379 # Valkey
    ];

    # Bootloader.
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;

    # Enable PostgreSQL
    services.postgresql = {
      enable = true;
      enableTCPIP = true;
      ensureDatabases = ["forgejo" "part_db_database"];
      settings = {
        listen_addresses = "*";
      };
      authentication = pkgs.lib.mkOverride 10 ''
        local   all             all                                 trust
        host    all             all             10.1.1.4/32         scram-sha-256
        host    all             all             10.1.1.249/32       scram-sha-256
        host    all             all             10.1.1.244/32       scram-sha-256
        host    all             all             127.0.0.1/32        trust
        host    all             all             ::1/128             trust
      '';
    };

    # Enable MariaDB
    services.mysql = {
      enable = true;
      package = pkgs.mariadb;
    };

    # Enable Tailscale
    services.tailscale.enable = true;

    # List packages installed in system profile. To search, run:
    # $ nix search wget
    environment.systemPackages = with pkgs; [
      #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
      wget
      helix
      fastfetch
      hyfetch
      pgadmin4
      python3
      python3Packages.pip
      python3Packages.setuptools
      python3Packages.wheel
      python3Packages.cryptography
      google-cloud-sdk

      # Valkey (as Redis alternative)
      valkey
    ];

    # Systemd service for Valkey (port 6379). Creates config and directories via Nix-managed units.
    systemd.services.valkey_6379 = {
      description = "Valkey in-memory store (port 6379)";
      wants = ["network.target"];
      after = ["network.target"];
      wantedBy = ["multi-user.target"];
      serviceConfig = {
        ExecStart = "${pkgs.valkey}/bin/valkey-server /etc/valkey/6379.conf";
        Restart = "always";
        User = "root";
        RuntimeDirectory = "valkey_6379"; # places runtime dir under /run
        # Keep logs in a file (configured below) but also keep unit re-start behavior
      };
      # Ensure the service is started at boot
      wantedBy = ["multi-user.target"];
    };

    # Provide the Valkey config file at /etc/valkey/6379.conf
    environment.etc = lib.mkOverride 0 (lib.attrsets.union environment.etc {
      "valkey/6379.conf" = {
        text = ''
          # Valkey configuration managed by NixOS
          daemonize yes
          pidfile /var/run/valkey_6379.pid
          port 6379
          loglevel notice
          logfile /var/log/valkey_6379.log
          dir /var/valkey/6379
        '';
      };
    });

    # Create data and log directories using systemd tmpfiles rules so paths exist on boot
    systemd.tmpfiles.rules = lib.mkForce [
      "d /var/valkey 0755 root root - -"
      "d /var/valkey/6379 0755 root root - -"
      "f /var/log/valkey_6379.log 0644 root root - -"
    ];

    system.stateVersion = "25.11";
  };
}
# For Postgres you may need to allow remote connections and adjust pg_hba.conf