Initial add of pgadmin to nidus systems

This is to allow Ben to do his own delving into the data we have

host/nocix/amd-legacy-quadcore/configuration.nix

@@ -28,6 +28,9 @@
 			domainNameSync = "staging-sync.nidus.cloud";
 			environment = "staging";
 		};
+		pgadmin = {
+			domainName = "staging-pgadmin.nidus.cloud";
+		};
 		tegola = {
 			domainName = "staging-tegola.nidus.cloud";
 		};

modules/system/default.nix

@@ -19,6 +19,8 @@
 		./minio.nix
 		./nidus-sync.nix
 		./openssh.nix
+		./pi.nix
+		./pgadmin.nix
 		./podman.nix
 		./qgis.nix
 		./restic

modules/system/pgadmin.nix

@@ -0,0 +1,44 @@
+{ config, configFiles, lib, pkgs, ... }:
+with lib;
+
+let
+	cfg = config.myModules.pgadmin;
+	group = "root";
+	port = 10100;
+	user = "root";
+in {
+	options.myModules.pgadmin = {
+		domainName = mkOption {
+			example = "staging-pgadmin.nidus.cloud";
+			type = types.str;
+		};
+		enable = mkEnableOption "custom pgadmin configuration";
+	};
+
+	config = mkIf config.myModules.pgadmin.enable {
+		services.caddy.virtualHosts."${cfg.domainName}" = {
+			extraConfig = ''
+				reverse_proxy {
+					to http://127.0.0.1:${toString port}
+					header_up X-Forwarded-Proto "https"
+				}
+				header / Access-Control-Allow-Origin *
+			'';
+		};
+		services.pgadmin = {
+			enable = true;
+			initialEmail = "eli@gleipnir.technology";
+			initialPasswordFile = "/var/run/secrets/pgadmin.yaml";
+			port = port;
+		};
+		sops.secrets."pgadmin-initial-password-file" = {
+			format = "yaml";
+			group = "${group}";
+			key = "initial-password";
+			mode = "0440";
+			owner = "${user}";
+			#restartUnits = ["${nidusNameWebserver}.service"];
+			sopsFile = ../../secrets/pgadmin.yaml;
+		};
+	};
+}

roles/nidus-sync.nix

@@ -16,6 +16,7 @@
 	myModules.asterisk.enable = false;
 	myModules.caddy.enable = true;
 	myModules.qgis.enable = false;
+	myModules.pgadmin.enable = true;
 	myModules.nidus-sync.enable = true;
 	myModules.restic.role = "nidus";
 	myModules.tegola.enable = true;

secrets/pgadmin.yaml

@@ -0,0 +1,88 @@
+initial-password: ENC[AES256_GCM,data:VbnnnuAb70MzON4J2uHIW64sxd00jaWQupwrnEKcoW+9rij9,iv:VxtJ/k2DJ1R6lG6k7DSUa6oGYeDkeSxN++xk0pdXvaU=,tag:VWGKykv6fpjs0EI/Fxj/UA==,type:str]
+sops:
+    age:
+        - recipient: age1wxlwx75hfxer4trvfzad7cwdn2hhu4we50p32vpy3qvdct7t656q3pp04x
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSkduZGMydXREV1lBRlZV
+            UzBsVmNhcTQ5bWtYY1V4REs4TVRCaDM3NkY4Ci9ua09wKzJVS3o5aEhEMkdNQlZR
+            OFVSSHd2THRUNW5XNFJQeUg2M3F2U28KLS0tIGFjdnVad0l4Vk5LWUlNSFYvNjlu
+            cSszVU9LcGVKUFk0YjgxbEh5RUJ1VXcKRl8/O+n4sCm4uu4ylTehtKHxygn5l9C7
+            RHpZwpx9YWY3kqK1tkSZ6qJAfsej7IGprau8ocAG02CAoZ+nSdH2+A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1x704pjnueguchkl54ly8w4w26ltys5900v7xnl7w3zlgasus09jszz45t8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TW1FdUNFMm40dWJKVkcw
+            R1lWcHVsdnFQdnZLZDVsdmEzc3JObGg0K2xjCms4eWhxRnpCSUgyYmpoSW8xQ0FM
+            R1dvbndaZ05VUytKSHJULzF5L1FyUzgKLS0tIFpua25IaVFjZEI3aWlOaDVUSzhr
+            ZXpuQjJITHJMNkFvbjZHVU4rTW9OVVUKWIwUACD113TB2t7f8oWA2kDRzRfyS91a
+            c5rnV7+oAzA9Yt90NYacBK0KYjLGyXOsYKpy6pAcqBxJ76qb/tOkYQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15y4k929zaj9fdg3vd40pa40tgvrgv9mn22xfummn5zxfmkcw5d0st6prjx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRjQ0b1FRdFBaMGw1VHFD
+            OEtOcVFSdENDNGcxOEM4Y2FEWjduU0czVW53ClBoSTR2UU5lNG5Kc0JGcXlBQXZB
+            VzI5KzZORDNtUDdzeU9ZM0ZlV1VxcU0KLS0tIEZNRzVSYlZjaUV0bUZmUTV6ZFFi
+            RU92MTF6Y0t4ak1WYXhhWjFpdzlINUkKE8ZWn2rtibgbdonwti1dIMglRFvTMwmL
+            Y5me/Xkec3DpwTWKppc1qce+o+qOxm9bYowwkT8Jz4sKlwwMW+Kjzw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1q5syuyx3n255vllv6elfj72yk5mhxnk9pqawzyy4gzkzmpw3gpjqz9ujx2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3M0ZvNk9mNXgrV28wbklB
+            bjl2T0dURGxrblg4MmFEb2FJZ1FUUlg3WlZnCkJDUy9oNlZjM25OSHRkOWs2Q0J6
+            U0owRzBpZG93TlRxdlc5dzBKRXk1Yk0KLS0tIEVUeEZXODc3TE9nSVFLSUxpV2x1
+            SjhjVzdlRm10SU5oY3dnYjg0eGtoK1UKkW4zZJQeV6PrPd//oMWaV0BIgX594YUA
+            M2JzpPZ4BDhm0dmUvoZC17dufNz9tc7j/5FVw2OIF9/kV//32IP5Xw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1rqa4qvkk7s26pgj09d269t84vprdrh0jhyl75xq5zyhp9cdssq2qc8hut8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFUDFESVpEMHYwSTVxYTlo
+            NXdhTnJnWUduOGk1eFVXZ0xWWm5FdzVDcnpvCkc1Y2Rkd3BKWm85RW90SWkvUHRq
+            V2ZrV3JVejN3QUJ1VDhVa1BrODdFNkUKLS0tIGIyZ3kxQWFXSFZ2NG5pa2NVNWRD
+            WnlOcFdqZllTQUdTb3RSbE5HbnNCY1UK8YcePBBrRrRq812bqG4e12CMWVvhdg6n
+            U9UKMOJ0qmYUrmmltWb1A8+OuiYP8Pkg8RY16+oUMsoZvvzP2M+qqg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1yfs6d0vac45rnx3q54u52tjk5vnfsqnghaj95kmkl7fd5du3ee8qgse385
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQL3NDd2RnbVJYbTZKemI1
+            d0tHSzJ2Z2pwTGdtVHZqUzcxUG81NTk3cDFNCkN3dkU3Y05tT0hVZEN1UlgyTGgz
+            SWJtVVE1amJMditzOXg2YVdiY21Wcm8KLS0tIDFad2crcnpyT2h4WG94bGh0dFZm
+            eFljZXRHY3ZMWlp5UmRvcjk2T0JaS0EKWhTWi+MMs3hA+BPpcAnypGrSNbGACr9C
+            g/AsGGCXfGhtkaYO/2f4kXr8ca9akjg8FLzj9gk2LIRo1Rz01Ru9Lw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMGZXRnV6cW9BaDBXenpR
+            UmkwMGkzS1NBZU9KY09kczhKYXFBamFybmlnCnRaZWNtWTZuMzZ4N1U1Rm1KU0c5
+            WjUySjAxNG96MU1wWkl1U1pzTjc0TU0KLS0tIFVNMG8yTTZIL0l6TklsNDNvUXYx
+            LzhOQVdSZlNGb0o3SHZubXVOZ3BWUDgKF22NjSGhr9zeB+1FR8LXpa0jrU2lQmoT
+            3mi1Zvo7bzvGnzyg5WXIwA4iUc//w5ohNjcNgi7Zct2dJe5Xe4acXQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age167q6r28ws6wrpjwxnt4ap2fgs6d9cyvrdhzl2wflr2tnsw5xapxq36n2ec
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwR2Ric1dxVnFtcFVodWp0
+            ZHQ4QVpRU1JWNnB4cUlOaWhUbkF5L3lFb1NNCkFPcll3S21PU004R1RVZ0s1TnFk
+            WW02aGp2WXZUQWJIODhiWFdOSm04SDQKLS0tIFBLbmJyK3k5YkVubWpEYXFUMklX
+            NERpem93RUNaNDN6UHFTSEtjd2dlb1EKtFA/mnbU0sLTnlQiXar+bC1Diwp0P3Ty
+            7ISaPkzQLpAO3Nns2CbaoLcWKdiD0dg0Cwgl8QR5ve83Iex0R65zoA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1924evks66k9g6c4zcnn2ghjcxpe0fzw2y9j253xredkwqnw9p5qqjcvjqt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRU9oTlllVTAwc0IrMnQ2
+            aHd4TW82NlYrc2p3eVJMckswS0xxeUk5WDFzCk1vRmIzWUNrU0N6WGlIQUJuVjhy
+            ZW9HYTJwaU4zOXlQd25lbnNaQ0VmQXcKLS0tIHBDTEY5UXNKcmlnUHZXaGVqZmVi
+            bnR2WUpkaDlQRkh0MWRLL3JXeW5YMG8KMHSP57yOPLEfgImHOwOJUmjRMGuLtftq
+            GjKURBQuH0MB/LEO4AkesTpBthFBDzQVvqzsCwjSsLznjOcSQIprPg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-05-08T01:40:47Z"
+    mac: ENC[AES256_GCM,data:ruC5rSzz3uFdXlo+rkrSgGsSIMqJ39gs1CGTG4TWE+jyMHtN1gM1HEvNsHwnoUD5CAGQZFZM0sRxc12a/XoCNDhrfUKnX7OEgBnRTdlQsnYjkw1La96zpoSl3Es43NKN9y6g/fncH0Od5KHWqBoUNfwyy0hMqsC0cbg2Zai681A=,iv:Xf5esrwLkIJ3oBY/4Lz57rCoC6LpgWKFRg9SBu8FmZE=,tag:lyPe67k4C81ryCeKZermOA==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1