waffentrager: prepare auth service

configurations/host/waffentrager/services/auth.nix

@@ -0,0 +1,27 @@
+{ materusArg, config, lib, pkgs, ... }:
+{
+  options.waffentragerService.auth.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable auth";
+
+  config =
+    let
+      cfg = config.auth.postgresql;
+    in
+    lib.mkIf cfg.enable {
+      waffentragerService.elements.enable = true;
+      waffentragerService.nginx.enable = true;
+
+      services.postgresql.enable = true;
+      services.postgresql.package = pkgs."postgresql_${cfg.version}";
+      services.postgresql.dataDir = "${config.waffentragerService.elements.postgresqlDir}/${cfg.version}";
+      services.postgresql.enableJIT = true;
+      services.postgresql.authentication = pkgs.lib.mkOverride 10 ''
+        local all all trust
+        host all all 127.0.0.1/32 scram-sha-256
+      '';
+      systemd.services.postgresql = {
+        partOf = [ "elements-mount.service" ];
+        requires = [ "elements-mount.service" ];
+        after = [ "elements-mount.service" ];
+      };
+    };
+}

configurations/host/waffentrager/services/default.nix

@@ -8,6 +8,7 @@
       ./gitea.nix
       ./nginx.nix
       ./nextcloud.nix
+      ./auth.nix
     ];
   waffentragerService.elements.enable = true;
   waffentragerService.postgresql.enable = true;
@@ -15,4 +16,5 @@
   waffentragerService.gitea.enable = true;
   waffentragerService.nginx.enable = true;
   waffentragerService.nextcloud.enable = true;
+  waffentragerService.auth.enable = true;
 }