concourse-nixos.nix

  services.postgresql = {
    enable = true;
    enableTCPIP = true;
    ensureDatabases = [
      "concourse"
    ];
    ensureUsers = [
      {
        name = "concourse";
        ensurePermissions = {
          "DATABASE concourse" = "ALL PRIVILEGES";
        };
      }
    ];
    authentication = ''
      host  all all 10.88.0.0/16 md5
    '';
  };
  systemd.services.postgresql = {
    postStart = ''
      $PSQL <<"EOF"
        ALTER ROLE concourse WITH PASSWORD 'insecure';
      EOF
    '';
    requires = [ "podman.service" ];
  };

  virtualisation.oci-containers.containers.concourse = {
    autoStart = true;
    image = "concourse/concourse:7.10.0";
    ports = ["8080:8080"];
    cmd = ["quickstart"];
    environment = {
      CONCOURSE_POSTGRES_HOST = "host.containers.internal";
      CONCOURSE_POSTGRES_USER = "concourse";
      CONCOURSE_POSTGRES_PASSWORD = "insecure";
      CONCOURSE_POSTGRES_DATABASE = "concourse";
      CONCOURSE_EXTERNAL_URL = "http://localhost:8080";
      CONCOURSE_ADD_LOCAL_USER = "admin:password";
      CONCOURSE_MAIN_TEAM_LOCAL_USER = "admin";
    };
  };
  networking.firewall.trustedInterfaces = [ "lo" "cni-podman0" ];