package mathesar and run as service

platforms/nixos/modules/nmasur/presets/services/mathesar/mathesar-postgres.age

@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyA2SUsv
+d1R3Slo3UDhDUWNiTDcybU9mTzhycDNKVCtteHhwRXU4M0x5UVF3CkUvZHdISzE4
+NU9qdy9sUGxTeTJxY2huWS9zVnRzd2o0UFpxc0FjT2lDTGMKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIG1SM3gxRzJ5RllOTXhHZC9sc1Z6U1VCc3ptTWZRYzNJQ1g4ZjRI
+d3U3RVUKekNYc0VpSUw4TVJsSGNYNElxUUcwS25oczVUWnNlUTd2SXlvYlEvcE01
+ZwotPiBzc2gtZWQyNTUxOSBuanZYNUEgc0JUZlkyY0dKWjhzVlMwTi8zS1VrVGt1
+UGJzeURtbEZ3ZWpncWZNK2x5SQpJdVNSV2NLdHBEVThtWVBhUm1GSEEvV2s0bGZB
+WFJTK0xIa01ucHBxcm1jCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBrRitXVzdvRmgz
+VW5HMHpBRStuTnRDZmlCdVRra09JNE85Wkl4bkJJWkFzCkZUeTRWK0VmL21VRlpW
+SWg5dnJ4UGw4aXZteUxyaXZUaGpxQkdQL0hXK0kKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IE4xSlZYbmFWZlhCQ3RibFN5Z3gzMDN5cXNDQzA4UnViUk9IclBTdE4valkK
+MGx3Nkhac3NEZGh2SExUMU94NExiRlMvRndobUlJdmhBWU1CM0diL0V3ZwotLS0g
+SDhvSzRFUFdGN0ZLUm9hWWV2T2tHMVdvTHlWOEZWTkZjLzd0VE12SU9kNAp2wHsq
+uKxlrH9xXj17Zd3FAjRlSMjjVVOYZOVyiPMWY7MD7V5XVY0hCPnKpzX4RyYeTfqf
+3W2LaWecMcRtTdRLOyCqVC+1DXtCAL/DqxIWcu3Q+zDQog==
+-----END AGE ENCRYPTED FILE-----

platforms/nixos/modules/nmasur/presets/services/mathesar/mathesar.age

@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBJZjI5
+Y0pMd01IdVJIa2RtU3BrajNGblczeUdkWUgxdFliQmJGK2RDclhVCjVlbmRpV1Bj
+K1hMTm1HZ0pnYm05YmZ0Tm9UZjVoQ3FMM2dhVkRtV1FBZWsKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIGxzbXA2NVRXbGxsY05hU0ZGWlU2MTNGVGozN2dycnBaNUZ4Ykxx
+UjB0d3MKcUdRampFeTdGek9FaHVrV3Y1ay8rMGh6M2NRZjVpUHdWYVJYZENmOGty
+RQotPiBzc2gtZWQyNTUxOSBuanZYNUEgamdMKzRnRldKYW9sYzJGWmR2TjRYVlRZ
+SXhKT3BrNC9XdHhpUVFQSXVROApoM3BUajhmR01VeDR1MHJhMnJFUkxCOW9DckZF
+TkhMd1BYODMrVm5PSGFJCi0+IHNzaC1lZDI1NTE5IENxSU9VQSAzbVJsT2pBTENF
+eGUrOEdHakZzb3ExMGwyMW91TEZORmpxdUJJMUJlZEJFClV2UlFlNVBxSmlaMnNs
+MTlFNzVOSjVqMVp5a1dwUVJqR3ZPRkdnY0w5dXMKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IDcrZzhhWjh4UFVSM1loTTV1UXp2NDF1cGlLUWZ2bTN0NHJiOFhESFdJQWcK
+UFZzT2hmSTFlR0VNenVobktDN2xaZElwTWFZVklscFAvQmQyZjJiTU4wawotLS0g
+UW8vRlpmcGV1SmR1blZRK3c0eVpGeUlZMEc5eGlRcVpnbXI5UkNUelJEYwo8Na+w
+XzVV1/LPzA3kl0yDvF2b0nn1TmR903ralFbjmT2Rv/HNDVyVklIz1Jycaje8W8uV
+vZGGicSNIIZbGLEYT9fMUzY1KPoU6LUx0mgGUK2PZssHmG9mbW/Jx3R6
+-----END AGE ENCRYPTED FILE-----

platforms/nixos/modules/nmasur/presets/services/mathesar/mathesar.nix

@@ -0,0 +1,97 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  inherit (config.nmasur.settings) hostnames;
+  cfg = config.nmasur.presets.services.mathesar;
+in
+
+{
+
+  options.nmasur.presets.services.mathesar = {
+    enable = lib.mkEnableOption "Postgres web UI";
+    port = lib.mkOption {
+      type = lib.types.port;
+      description = "Port to use for the localhost";
+      default = 8099;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    systemd.services.mathesar = {
+      description = "Postgres web UI";
+      after = [
+        "network.target"
+        "postgresql.target"
+      ];
+      requires = [
+        "mathesar-secret.service"
+        "mathesar-postgres-secret.service"
+      ];
+      wantedBy = [ "multi-user.target" ];
+      environment = {
+        POSTGRES_HOST = "127.0.0.1";
+        POSTGRES_DB = "mathesar_django";
+        POSTGRES_USER = "mathesar";
+        # POSTGRES_PASSWORD = "none";
+        POSTGRES_PORT = "5432";
+        ALLOWED_HOSTS = "*";
+        SKIP_STATIC_COLLECTION = "true";
+        DEBUG = "true";
+      };
+      serviceConfig = {
+        Type = "simple";
+        DynamicUser = true;
+        StateDirectory = "mathesar";
+
+        EnvironmentFile = [
+          config.secrets.mathesar.dest
+          config.secrets.mathesar-postgres.dest
+        ];
+      };
+      preStart = "exec ${pkgs.nmasur.mathesar}/bin/mathesar-install";
+      script =
+        let
+          args = [ "--bind=127.0.0.1:${builtins.toString cfg.port}" ];
+        in
+        ''
+          exec ${pkgs.nmasur.mathesar}/bin/mathesar-gunicorn ${toString args}
+        '';
+    };
+
+    secrets.mathesar = {
+      source = ./mathesar.age;
+      dest = "${config.secretsDirectory}/mathesar";
+      owner = builtins.toString config.users.users.postgres.uid;
+      group = builtins.toString config.users.users.postgres.uid;
+    };
+    secrets.mathesar-postgres = {
+      source = ./mathesar-postgres.age;
+      dest = "${config.secretsDirectory}/mathesar-postgres";
+      owner = builtins.toString config.users.users.postgres.uid;
+      group = builtins.toString config.users.users.postgres.uid;
+    };
+
+    # Allow web traffic to Caddy
+    nmasur.presets.services.caddy.routes = [
+      {
+        match = [ { host = [ hostnames.mathesar ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [ { dial = "localhost:${builtins.toString cfg.port}"; } ];
+          }
+        ];
+      }
+    ];
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ hostnames.mathesar ];
+
+  };
+}

platforms/nixos/modules/nmasur/profiles/communications.nix

@@ -28,11 +28,12 @@ in
         grafana.enable = lib.mkDefault true;
         influxdb2.enable = lib.mkDefault true;
         litestream.enable = lib.mkDefault true;
-        pgweb.enable = lib.mkDefault true;
+        mathesar.enable = lib.mkDefault true;
         minecraft-server.enable = lib.mkDefault true;
         n8n.enable = lib.mkDefault true;
         nix-autoupgrade.enable = lib.mkDefault false; # On by default for communications
         ntfy-sh.enable = lib.mkDefault true;
+        pgweb.enable = lib.mkDefault true;
         postgresql.enable = lib.mkDefault true;
         thelounge.enable = lib.mkDefault true;
         uptime-kuma.enable = lib.mkDefault true;