postgres: use socket in more cases

agenix/hosts/tanker/atticd/environment.age

@@ -1,11 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 MtGp6g Rio2L6qhE3HLAxtdsf5aDXWbDowXsR74H36HkBRY1Qs
+-> ssh-ed25519 MtGp6g 7OUpuVWfw1jz9JtaC6K/KrJVdcLb1PKigAUIGfzgVwM
-H36+ug7qZlnWks0j4rxhb7smuaE+fvJzrYYfYKz9VDs
+mCIPD1YzWoHt7sIKNTwkrLixKGW0lZ86ZBp3z3wfJ6s
--> ssh-ed25519 iO8/4g qHBdGD/HGzbFqvXL/KuPwLUg30CV/26KSOREF6qHpB0
+-> ssh-ed25519 iO8/4g GRcZfvDBi67ZeSpbLBBTynRTMKCNMk4VSqtsMXI7p2o
-N35CMIkrxCPA/l4G0CqaMD7hjnvUgXLVI9vwvdvBCkE
+XEcy4Rp9DcsGIWFvpT4zVh3hXfsjN5R75s+VM95jT/0
--> (-grease @V D*c
+-> _7@:r|-grease RR05Nt% bPge< Ca_MC#i2 .ID>6
-/zy4Ks2tvL+zUP+eL+2XXiqxm9wfCbv8iExB5sq6AHnvjPecoh2+
+dI8VCaNse7zMMLAb/wg4SPWBv7D6RuWt8QUo8GBBOR0749Tq/5Izb6+ZiM4RNabF
---- /5TCNr2PFppr/TtIPsSxkzyLtEzku996EiJ2AiULda0
+UtI
-%ä/…fØÌ&Q2‰…nL`ýc:÷ªmÓ¾~eIÁžó “u<E2809C>9è‹ËS‘š
õÐÕÓrt4À•S@!“ÁM‰´Â84ÊÅý'”<,?f¸È-ÕáH-7f(T7Õ}
UÍЛºvº¤& L³I
	¿ÇÀœ™)Òˆss«¤C›<43>mÞ«[X5¯ç½˜•EÕØÐЯ£pÍúÓZ¹B(÷ÃA÷:_°\¹Eë2h®ÊÒ—JµØÓ4Hä¶BWK\h‹Øªü¨0¡«•À¼™9e;ñí¤¼»ÊìΤ*PR+[ð50KùEu¸`{4œ45ÅÒ
1&‚¬[°“@„çÎ4TL|Œž%4üñ]§‘ý
+--- pXngiLlW+QG3Htiu7vqnBnTOV5PzBOhEBI+iAcDCFKc
-z†<EFBFBD>ÔcDüœ8:ƒÌöüø„ÛýIç:b.=†Z0Ñ:Oõ†ÛKÞ%>
sS­ë=Û-(W±Ë€/Ž–`ÉŽÅ<18>§k±Íü-	Uun>Ÿ>Œ,ztsPõ”æ‚}EU]zî
+%šcn­…ø¿üêGÐ0<hÈæ\« F	Ôô`~+Óý0²!áB:
)7S<37>*ÅãŽÂ™>3W
9yPên¢½öh!.<2E>ÜØ
-<EFBFBD>»=ù¶·›Äš6î_:
+YNÉÁ·"Q×%ÈŽ]Û&­·–	€ˆ>·L‡d!ÿbí㌷ï*z*hU<óWü×AqY¶Õ½f°(mæß55R×n¢ûÚC
Ž•õÌgÛW-ÊJœÕŠnb]Ç;Ä G÷ûI•‚¢þÃã|ù*^8#c¢ƒ›—ÓýDI­±Î!öB*<2A>5<EFBFBD>…O+.lMD9®zà]5x*£<>n¡ŒƒQõšDØv-€¶€ª‘†‡,™ 3JÂäd[lxÓbóâc"Ø2ŸD½'pgNîþÇz<C387>”å<E2809D>
4Î¥˜

agenix/hosts/tanker/config.nix

@@ -18,10 +18,6 @@
       file = ./msmtp/password.age;
     };
 
-    atuin-environment = {
-      file = ./atuin/environment.age;
-    };
-
     atticd-environment = {
       file = ./atticd/environment.age;
     };

flake.lock

@@ -11,11 +11,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1689334118,
+        "lastModified": 1690228878,
-        "narHash": "sha256-djk5AZv1yU84xlKFaVHqFWvH73U7kIRstXwUAnDJPsk=",
+        "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "0d8c5325fc81daf00532e3e26c6752f7bcde1143",
+        "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
         "type": "github"
       },
       "original": {
@@ -366,11 +366,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1690190169,
+        "lastModified": 1690208251,
-        "narHash": "sha256-E6Xj2hBFlcJIonBvi7VBSKUhYIhRHa/C05OC9I24N3M=",
+        "narHash": "sha256-eb/KANeuQADVl5j4wVid4jyPCOMTorSI2+gqoXp3LME=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "ab70a02363e28738f8c6e2793e4d6b7105a0494d",
+        "rev": "d309a62ee81faec56dd31a263a0184b0e3227e36",
         "type": "github"
       },
       "original": {
@@ -449,11 +449,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1689320556,
+        "lastModified": 1690200740,
-        "narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=",
+        "narHash": "sha256-aRkEXGmCbAGcvDcdh/HB3YN+EvoPoxmJMOaqRZmf6vM=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "d4ea64f2063820120c05f6ba93ee02e6d4671d6b",
+        "rev": "ba9650b14e83b365fb9e731f7d7c803f22d2aecf",
         "type": "github"
       },
       "original": {

home/programs/nvim/plugins.nix

@@ -118,12 +118,12 @@ in
   };
   nvim-treesitter = buildVimPluginFrom2Nix {
     pname = "nvim-treesitter";
-    version = "2023-07-22";
+    version = "2023-07-24";
     src = fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter";
-      rev = "7b04e8b67eec7d92daadf9f0717dd272ddfc81a3";
+      rev = "7c1e944311a0d4eb2c8a346661ee4ed207aca514";
-      sha256 = "0wlgk11y86pnb5jc6rsswyyvarfpbp5i7s4lqb7i2jz6m96min3n";
+      sha256 = "01aw60dzgj72yk5npwwfgq7l8193kr67yypkyrc6938gdw4p3mqk";
       fetchSubmodules = false;
     };
   };
@@ -484,12 +484,12 @@ in
   };
   nvim-treesitter-textobjects = buildVimPluginFrom2Nix {
     pname = "nvim-treesitter-textobjects";
-    version = "2023-07-23";
+    version = "2023-07-24";
     src = fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter-textobjects";
-      rev = "ef32a5c24b767d165ed63fd2b24ac8dc52742521";
+      rev = "9c1962eb9a36560787876e89a73acd071081cc08";
-      sha256 = "1jrg79hliagz408200vl4926a61c462lz5rv59xjfp70x5pbdjjd";
+      sha256 = "0gqjghxy7mx555kfj7d1xas5j3wh9d1s2zfi7ydrs3w2ylbfz1sy";
       fetchSubmodules = false;
     };
   };
@@ -506,12 +506,12 @@ in
   };
   heirline-nvim = buildVimPluginFrom2Nix {
     pname = "heirline.nvim";
-    version = "2023-07-05";
+    version = "2023-07-24";
     src = fetchFromGitHub {
       owner = "rebelot";
       repo = "heirline.nvim";
-      rev = "76136ccd93ed608e8109762f032cf1118981ebbd";
+      rev = "1840fe27dbb38efa13c8af4614acafe6efa41988";
-      sha256 = "09mqjrbzhfbfs6n1hg4dv5kfr1xbwbq5qhd8b52550bs6a43r9bg";
+      sha256 = "1h4h4hkz9vkdh2hza1qp0xmiv1rkxzzq7aa4zrp82460z1ic3z1h";
       fetchSubmodules = false;
     };
   };

secrets.nix

@@ -21,8 +21,6 @@ in
 
   "agenix/hosts/tanker/msmtp/password.age".publicKeys = tanker;
 
-  "agenix/hosts/tanker/atuin/environment.age".publicKeys = tanker;
-
   "agenix/hosts/tanker/atticd/environment.age".publicKeys = tanker;
 
   "agenix/hosts/tanker/fedifetcher/config.age".publicKeys = tanker;

system/nixos/atticd.nix

@@ -13,7 +13,7 @@ in
 
     settings = {
       listen = "127.0.0.1:8080";
-      database.url = secret.atticd.database-url;
+      database.url = "postgresql:///attic?host=/run/postgresql";
 
       allowed-hosts = [ "${fqdn}" ];
       api-endpoint = "https://${fqdn}/";
@@ -39,6 +39,19 @@ in
     };
   };
 
+  services.postgresql = {
+    ensureDatabases = [ "attic" ];
+
+    ensureUsers = [
+      {
+        name = "atticd";
+        ensurePermissions = {
+          "DATABASE attic" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+  };
+
   services.nginx.virtualHosts."${fqdn}" = {
     quic = true;
     http3 = true;

system/nixos/atuin-sync.nix

@@ -1,21 +1,11 @@
-{ pkgs, config, ... }:
-
 {
-  systemd.services.atuin-sync = {
+  services.atuin = {
-    description = "atuin sync server";
+    enable = true;
 
-    wantedBy = [ "multi-user.target" ];
+    host = "127.0.0.1";
-    after = [ "network.target" "network-online.target" ];
+    port = 8015;
-    wants = [ "network.target" "network-online.target" ];
+    openRegistration = false;
-
+    openFirewall = false;
-    serviceConfig = {
-      ExecStart = "${pkgs.atuin}/bin/atuin server start";
-      EnvironmentFile = [ config.age.secrets.atuin-environment.path ];
-      Restart = "on-failure";
-      DynamicUser = true;
-      RuntimeDirectory = "atuin";
-      RuntimeDirectoryMode = "0700";
-    };
   };
 
   services.nginx.virtualHosts."atuin-sync.kempkens.io" = {

system/nixos/postgresql.nix

@@ -13,19 +13,6 @@
       wal_recycle = "off";
     };
 
-    ensureDatabases = [
-      "attic"
-    ];
-
-    ensureUsers = [
-      {
-        name = "attic";
-        ensurePermissions = {
-          "DATABASE attic" = "ALL PRIVILEGES";
-        };
-      }
-    ];
-
     authentication = ''
       host all all 100.113.242.85/32 md5
       host all all 10.88.0.0/16 md5

system/nixos/synapse.nix

@@ -32,7 +32,11 @@ in
       database = {
         name = "psycopg2";
         args = {
-          host = "127.0.0.1";
+          host = "/run/postgresql";
+          user = "matrix-synapse";
+          database = "synapse";
+          cp_min = 5;
+          cp_max = 10;
         };
       };
 
@@ -103,7 +107,7 @@ in
     };
   };
 
-  systemd.services.matrix-synapse.after = [ "podman-wait-for-host-interface.service" ];
+  systemd.services.matrix-synapse.after = [ "postgresql.service" "podman-wait-for-host-interface.service" ];
 
   networking.firewall.interfaces."podman+".allowedTCPPorts = [ 8008 ];