nixos/modules/pgpool.nix

{ config, pkgs, lib, ... }:

with lib;

let
  cfg = config.services.pgpool;
  shq = lib.escapeShellArg;
  configFile = pkgs.writeText "pgpool.conf" cfg.config;
in
{

  options = {
    services.pgpool = {
      enable = mkEnableOption "pgpool-II";
      config = mkOption {
        default = ''
          backend_clustering_mode = 'snapshot_isolation'
          backend_hostname0 = '127.0.0.1'
          backend_port0 = 5432
          backend_weight0 = 1
          logging_collector = true
          log_destination = 'syslog,stderr'
          log_min_messages = 'INFO'
        '';
        example = ''
          backend_clustering_mode = 'snapshot_isolation'
          backend_hostname0 = '127.0.0.1'
          backend_port0 = 5432
          backend_weight0 = 1
          logging_collector = true
          log_destination = 'syslog,stderr'
          log_min_messages = 'INFO'
        '';
        description = ''
          Verbatim pgpool.conf to use
        '';
      };

      user = mkOption {
        type = types.str;
        default = "pgpool";
        description = ''
          User account under which pgpool runs.
        '';
      };

      group = mkOption {
        type = types.str;
        default = "pgpool";
        description = ''
          User group under which pgpool runs.
        '';
      };

      package = mkPackageOption pkgs "pgpool" { };
      extraArgs = mkOption {
        default = [];
        example = [ "-dns.port=53" ];
        type = types.listOf types.str;
        description = "Extra arguments to pass to coredns.";
      };
    };
  };

  config = mkIf cfg.enable {
    users.users.${cfg.user} = {
      isSystemUser = true;
      group = cfg.group;
      extraGroups = mkIf config.services.postgresql.enable [ "postgres" ];
    };
    users.groups.${cfg.group} = {};

    environment.etc."pgpool.conf" = {
      source = configFile;
    };

    environment.systemPackages = [ cfg.package ];

    systemd.services.pgpool = {
      description = "pgpool-II postgresql load balancer and replication manager";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        PermissionsStartOnly = true;
        LimitNPROC = 512;
        LimitNOFILE = 1048576;
        #CapabilityBoundingSet = "cap_net_bind_service";
        #AmbientCapabilities = "cap_net_bind_service";
        NoNewPrivileges = true;
        User = cfg.user;
        Group = cfg.group;
        PIDFile = "/run/pgpool/pgpool.pid";
        RuntimeDirectory = "pgpool";
        ExecStart = "${getBin cfg.package}/bin/pgpool ${lib.escapeShellArgs cfg.extraArgs}";
        ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";
        Restart = "no";
        Type = "forking";
      };
    };
  };
}