Zoldene database config

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2025-03-14 00:28:35 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2025-03-14 01:03:28 +0100
commit: 8b1cbf7db2e272f74712ca3c8937028925843bd9 (patch)
tree: fa9766539b68b669b60409168a1b4361556c37a9
parent: 9a2bbc9550bbf6c6cf7f6184159818acf9e0c63c (diff)
download: Nix-8b1cbf7db2e272f74712ca3c8937028925843bd9.tar.gz
Nix-8b1cbf7db2e272f74712ca3c8937028925843bd9.tar.zst
Nix-8b1cbf7db2e272f74712ca3c8937028925843bd9.zip
6 files changed, 56 insertions, 39 deletions
diff --git a/deploy/flake.lock b/deploy/flake.lock
index 610fcbc..6c3e517 100644
--- a/deploy/flake.lock
+++ b/deploy/flake.lock
@@ -2848,7 +2848,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-HXTL7vVayoRljwcYIroiMTrZAKlmhJwTXjCc15CO8iI=",
+        "narHash": "sha256-sLwKmVmedkPJkkDRn3bWtQqsGAM6UdqVpHtfB5oQJ84=",
        "path": "../flakes",
        "type": "path"
      },
@@ -4042,7 +4042,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-T3G0k/1kcFs28OETmnqzOVm5YlKFilOc6jpHE6ZXS/s=",
+        "narHash": "sha256-OHoDl3aFFCQ6NOfRGefPo5xJazDKqnAo+a6GJw6VhNc=",
        "path": "../systems/zoldene",
        "type": "path"
      },
diff --git a/flake.lock b/flake.lock
index 0bcb602..1b3007f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2729,7 +2729,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-HXTL7vVayoRljwcYIroiMTrZAKlmhJwTXjCc15CO8iI=",
+        "narHash": "sha256-sLwKmVmedkPJkkDRn3bWtQqsGAM6UdqVpHtfB5oQJ84=",
        "path": "./flakes",
        "type": "path"
      },
@@ -4058,7 +4058,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-T3G0k/1kcFs28OETmnqzOVm5YlKFilOc6jpHE6ZXS/s=",
+        "narHash": "sha256-OHoDl3aFFCQ6NOfRGefPo5xJazDKqnAo+a6GJw6VhNc=",
        "path": "../systems/zoldene",
        "type": "path"
      },
diff --git a/flakes/flake.lock b/flakes/flake.lock
index 2765727..c06e084 100644
--- a/flakes/flake.lock
+++ b/flakes/flake.lock
@@ -3962,7 +3962,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-T3G0k/1kcFs28OETmnqzOVm5YlKFilOc6jpHE6ZXS/s=",
+        "narHash": "sha256-OHoDl3aFFCQ6NOfRGefPo5xJazDKqnAo+a6GJw6VhNc=",
        "path": "../systems/zoldene",
        "type": "path"
      },
diff --git a/systems/zoldene/base.nix b/systems/zoldene/base.nix
index 71b8209..d580f99 100644
--- a/systems/zoldene/base.nix
+++ b/systems/zoldene/base.nix
@@ -14,6 +14,7 @@ in
    ./virtualisation.nix
    ./certificates.nix
    ./synapse.nix
+    ./database.nix
  ];
  services.borgBackup.enable = true;
diff --git a/systems/zoldene/database.nix b/systems/zoldene/database.nix
new file mode 100644
index 0000000..2eb6cd9
--- /dev/null
+++ b/systems/zoldene/database.nix
@@ -0,0 +1,50 @@
+{ pkgs, config, lib, nodes, ... }:
+let
+  psqlVersion = pkgs.postgresql_16.psqlSchema;
+in
+{
+  disko.devices.zpool.zfast.datasets."root/persist/var/lib/postgresql" =
+    { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/postgresql"; options.mountpoint = "legacy"; };
+  disko.devices.zpool.zfast.datasets."root/persist/var/lib/postgresql/${psqlVersion}" =
+    { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/postgresql/${psqlVersion}"; options.mountpoint = "legacy"; };
+  environment.persistence."/persist/zfast".directories = [
+    {
+      directory = "/var/lib/postgresql";
+      user = config.users.users.postgres.name;
+      group = config.users.users.postgres.group;
+      mode = "0755";
+    }
+    {
+      directory = "/var/lib/postgresql/${psqlVersion}";
+      user = config.users.users.postgres.name;
+      group = config.users.users.postgres.group;
+      mode = "0755";
+    }
+  ];
+  systemd.services.postgresql.after = [
+    "var-lib-postgresql.mount"
+    "var-lib-postgresql-16.mount"
+    "persist-zfast-var-lib-postgresql.mount"
+    "persist-zfast-var-lib-postgresql-16.mount"
+  ];
+  systemd.services.postgresql.unitConfig = {
+    BindsTo = [
+      "var-lib-postgresql.mount"
+      "var-lib-postgresql-16.mount"
+      "persist-zfast-var-lib-postgresql.mount"
+      "persist-zfast-var-lib-postgresql-16.mount"
+    ];
+  };
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_16;
+    settings.listen_addresses = lib.mkForce (builtins.concatStringsSep "," [
+      "localhost"
+      config.hostEnv.wireguard.ip
+    ]);
+    authentication = ''
+      host   replication   postgres   ${nodes.backup-2.config.hostEnv.wireguard.ip}/32   ident
+    '';
+  };
+}
diff --git a/systems/zoldene/logging.nix b/systems/zoldene/logging.nix
index 943d5f1..8187d50 100644
--- a/systems/zoldene/logging.nix
+++ b/systems/zoldene/logging.nix
@@ -35,31 +35,14 @@ let
    };
  };
  yamlFormat = pkgs.formats.yaml {};
-  psqlVersion = pkgs.postgresql_16.psqlSchema;
 in
 {
  disko.devices.zpool.zfast.datasets."root/persist/var/lib/loki" =
    { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/loki"; options.mountpoint = "legacy"; };
  disko.devices.zpool.zfast.datasets."root/persist/var/lib/fluentbit" =
    { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/fluentbit"; options.mountpoint = "legacy"; };
-  disko.devices.zpool.zfast.datasets."root/persist/var/lib/postgresql" =
-    { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/postgresql"; options.mountpoint = "legacy"; };
-  disko.devices.zpool.zfast.datasets."root/persist/var/lib/postgresql/${psqlVersion}" =
-    { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/postgresql/${psqlVersion}"; options.mountpoint = "legacy"; };
  environment.persistence."/persist/zfast".directories = [
    {
-      directory = "/var/lib/postgresql";
-      user = config.users.users.postgres.name;
-      group = config.users.users.postgres.group;
-      mode = "0755";
-    }
-    {
-      directory = "/var/lib/postgresql/${psqlVersion}";
-      user = config.users.users.postgres.name;
-      group = config.users.users.postgres.group;
-      mode = "0755";
-    }
-    {
      directory = "/var/lib/fluentbit";
      user = config.users.users.fluentbit.name;
      group = config.users.users.fluentbit.group;
@@ -126,24 +109,8 @@ in
      ];
    };
  };
-  systemd.services.postgresql.after = [
-    "var-lib-postgresql.mount"
-    "var-lib-postgresql-16.mount"
-    "persist-zfast-var-lib-postgresql.mount"
-    "persist-zfast-var-lib-postgresql-16.mount"
-  ];
-  systemd.services.postgresql.unitConfig = {
-    BindsTo = [
-      "var-lib-postgresql.mount"
-      "var-lib-postgresql-16.mount"
-      "persist-zfast-var-lib-postgresql.mount"
-      "persist-zfast-var-lib-postgresql-16.mount"
-    ];
-  };
  services.postgresql = {
-    enable = true;
-    package = pkgs.postgresql_16;
    ensureDatabases = [ "fluentbit" ];
    ensureUsers = [
      {
@@ -152,7 +119,6 @@ in
      }
    ];
  };
  environment.systemPackages = [
    pkgs.fluent-bit
  ];
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2025-03-14 00:28:35 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2025-03-14 01:03:28 +0100
commit	8b1cbf7db2e272f74712ca3c8937028925843bd9 (patch)
tree	fa9766539b68b669b60409168a1b4361556c37a9
parent	9a2bbc9550bbf6c6cf7f6184159818acf9e0c63c (diff)
download	Nix-8b1cbf7db2e272f74712ca3c8937028925843bd9.tar.gz Nix-8b1cbf7db2e272f74712ca3c8937028925843bd9.tar.zst Nix-8b1cbf7db2e272f74712ca3c8937028925843bd9.zip