# PostgreSQL Configuration for PloughGres
# Security and Encryption Focused Configuration

# Connection Settings
listen_addresses = '*'
port = 5432
max_connections = 100

# SSL/TLS Configuration
ssl = on
ssl_cert_file = '/var/lib/postgresql/ssl/server.crt'
ssl_key_file = '/var/lib/postgresql/ssl/server.key'
ssl_ca_file = '/var/lib/postgresql/ssl/ca.crt'
ssl_prefer_server_ciphers = on
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
# ssl_protocols not supported in PostgreSQL 15, using ssl_min_protocol_version instead
ssl_min_protocol_version = 'TLSv1.2'

# Authentication
password_encryption = scram-sha-256
db_user_namespace = off

# Memory Settings
shared_buffers = 256MB
effective_cache_size = 1GB
work_mem = 4MB
maintenance_work_mem = 64MB

# WAL (Write-Ahead Logging) Settings - Important for data integrity
wal_level = replica
max_wal_size = 1GB
min_wal_size = 80MB
checkpoint_completion_target = 0.9
wal_compression = on

# Logging Configuration
log_destination = 'stderr'
logging_collector = on
log_directory = '/var/log/postgresql'
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'
log_rotation_age = 1d
log_rotation_size = 10MB
log_min_messages = warning
log_min_error_statement = error
log_min_duration_statement = 1000
log_connections = on
log_disconnections = on
log_line_prefix = '%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h '
log_statement = 'ddl'
log_temp_files = 0

# Security Settings
row_security = on
shared_preload_libraries = 'pg_stat_statements'

# Performance Tuning
random_page_cost = 1.1
effective_io_concurrency = 200
max_worker_processes = 8
max_parallel_workers_per_gather = 2
max_parallel_workers = 8
max_parallel_maintenance_workers = 2

# Checkpoint Settings
checkpoint_timeout = 5min
checkpoint_completion_target = 0.9

# Archiving (useful for backup encryption)
archive_mode = on
archive_command = 'test ! -f /var/lib/postgresql/archive/%f && cp %p /var/lib/postgresql/archive/%f'