the_prg_server_configuration_old/nix-system-configs/modules/system/database.nix

{
  config,
  pkgs,
  lib,
  ...
}: {
  options.local = {
    hostname = lib.mkOption {
      type = lib.types.str;
      default = "nixos-default";
      description = "System hostname";
    };
    username = lib.mkOption {
      type = lib.types.str;
      default = "user";
      description = "Primary user username";
    };
    userDescription = lib.mkOption {
      type = lib.types.str;
      default = "NixOS User";
      description = "Primary user description";
    };
    address = lib.mkOption {
      type = lib.types.str;
      default = "10.1.1.100";
      description = "Static IP address";
    };
  };

  imports = [
    ./modules/desktop-manager/gnome.nix
    ./modules/local/hostname_username.nix
    ./modules/local/networking_local.nix
    ./modules/lix-default.nix
    ./modules/secrets-config/sops-database.nix
    ./hardware-configuration.nix
  ];

  config = {
    local.hostname = "nixosdd";
    local.username = "nixosdd";
    local.userDescription = "NixOS Dedicated Database";
    local.address = "10.1.1.251";

    networking.firewall.allowedTCPPorts = [
      5432 # PostgreSQL
      3306 # MariaDB/MySQL
    ];
    networking.firewall.allowedUDPPorts = [
      5432 # PostgreSQL
      3306 # MariaDB/MySQL
    ];

    # Bootloader.
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;

    # Enable PostgreSQL
    services.postgresql = {
      enable = true;
      enableTCPIP = true;
      ensureDatabases = ["forgejo" "part_db_database"];
      settings = {
        listen_addresses = "*";
      };
      authentication = pkgs.lib.mkOverride 10 ''
        local   all             all                                 trust
        host    all             all             10.1.1.4/32         scram-sha-256
        host    all             all             10.1.1.249/32       scram-sha-256
        host    all             all             127.0.0.1/32        trust
        host    all             all             ::1/128             trust
      '';
    };

    # Enable MariaDB
    services.mysql = {
      enable = true;
      package = pkgs.mariadb;
    };

    # Enable Tailscale
    services.tailscale.enable = true;

    # List packages installed in system profile. To search, run:
    # $ nix search wget
    environment.systemPackages = with pkgs; [
      #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
      wget
      helix
      fastfetch
      hyfetch
      pgadmin4
      google-cloud-sdk
    ];

    system.stateVersion = "25.11";
  };
}