flake.lock

@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1751952840,
-        "narHash": "sha256-SIkjQb9PPGvR/EcZAU8UZEnO9dwY2Z/BrDWgtyZd7OA=",
+        "lastModified": 1751271578,
+        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "27278798fe68d7f81131dd7ab62b8ea2b795cd56",
+        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
         "type": "github"
       },
       "original": {

modules/nixos/services/tandoor-recipes/default.nix

@@ -26,16 +26,18 @@ in
     services.tandoor-recipes = {
       enable = true;
 
-      database = {
-        createLocally = true;
-      };
-
       port = cfg.port;
       extraConfig =
         let
           tandoorRecipesDomain = "recipes.${config.networking.domain}";
         in
         {
+          # Use PostgreSQL
+          DB_ENGINE = "django.db.backends.postgresql";
+          POSTGRES_HOST = "/run/postgresql";
+          POSTGRES_USER = "tandoor_recipes";
+          POSTGRES_DB = "tandoor_recipes";
+
           # Security settings
           ALLOWED_HOSTS = tandoorRecipesDomain;
           CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}";
@@ -47,12 +49,27 @@ in
 
     systemd.services = {
       tandoor-recipes = {
+        after = [ "postgresql.target" ];
+        requires = [ "postgresql.target" ];
+
         serviceConfig = {
           EnvironmentFile = cfg.secretKeyFile;
         };
       };
     };
 
+    # Set-up database
+    services.postgresql = {
+      enable = true;
+      ensureDatabases = [ "tandoor_recipes" ];
+      ensureUsers = [
+        {
+          name = "tandoor_recipes";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+
     my.services.nginx.virtualHosts = {
       recipes = {
         inherit (cfg) port;