# Managed by Ansible — drop-in include for /etc/postgresql/16/main/conf.d/.
# Postgres reads everything in conf.d after the main postgresql.conf
# (the Debian-shipped file enables `include_dir = 'conf.d'`).
#
# We use a drop-in instead of overwriting postgresql.conf because the
# Debian package's default file carries dozens of platform-specific
# settings that touching them risks breaking. Smaller blast radius.
#
# Changing archive_mode requires a full Postgres RESTART (not just
# reload) — the SIGHUP-reload path can't toggle it.

# WAL archiving — required for PITR. Ships every WAL segment to
# spaces-prod:shithub-wal via /usr/local/bin/shithub-pg-archive.
# Operator must:
#   1. Create the shithub-wal bucket in the primary Spaces region
#      (and shithub-wal-dr in the DR region for sync-cross-region.sh).
#   2. Extend the prod RW Spaces key's grants to include readwrite
#      on both buckets.
#   3. systemctl restart postgresql@16-main
#   4. Verify: SELECT * FROM pg_stat_archiver \\gx — last_archived_wal
#      becomes non-null within ~60s (archive_timeout).
wal_level = replica
archive_mode = on
archive_command = '/usr/local/bin/shithub-pg-archive %p %f'
# Force WAL rotation if no segment fills naturally — bounds RPO at
# 60s on a quiet server. The penalty is one extra ~16 MB segment per
# minute of idle, which Spaces lifecycle handles cheaply.
archive_timeout = 60