From 1f2886d35c74b5e7d405e730d64d82fb2e6f622d Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Sun, 12 Apr 2026 16:33:53 -0400
Subject: [PATCH] AGENTS.md: document postgresql-first policy

---
 AGENTS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/AGENTS.md b/AGENTS.md
index 356feab..7172418 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -112,6 +112,7 @@ Each service file in `services/` follows this structure:
 - **Hugepages**: Services needing large pages declare their budget in `service-configs.nix` under `hugepages_2m.services`. The kernel sysctl is set automatically from the total.
 - **Domain**: Primary domain is `sigkill.computer`. Old domain `gardling.com` redirects automatically.
 - **Hardened kernel**: Uses `_hardened` kernel. Security-sensitive defaults apply.
+- **PostgreSQL as central database**: All services that support PostgreSQL MUST use it instead of embedded databases (H2, SQLite, etc.). Connect via Unix socket with peer auth when possible (JDBC services can use junixsocket). The PostgreSQL instance is declared in `services/postgresql.nix` with ZFS-backed storage. Use `ensureDatabases`/`ensureUsers` to auto-create databases and roles.
 
 ### Test Pattern
 Tests use `pkgs.testers.runNixOSTest` (NixOS VM tests):