forked from hswaw/hscloud
machines/bc01n05: zfsify; initial postgres
Change-Id: I355ac4aa3c56a1e6a564b7a3c7cfc4e67b072dae Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1470 Reviewed-by: q3k <q3k@hackerspace.pl>
This commit is contained in:
parent
3320155d23
commit
821b839b16
1 changed files with 60 additions and 7 deletions
|
@ -1,8 +1,8 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with builtins;
|
||||
|
||||
rec {
|
||||
let postgresPkg = pkgs.postgresql_14;
|
||||
in rec {
|
||||
networking.hostName = "bc01n05";
|
||||
# TODO: undefine fqdn and define domain after big nix change
|
||||
hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
|
||||
|
@ -10,11 +10,34 @@ rec {
|
|||
system.stateVersion = "22.05";
|
||||
nix.maxJobs = 16;
|
||||
|
||||
### zfs
|
||||
# randomly generated
|
||||
networking.hostId = "26dbfbcd";
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
boot.initrd.supportedFilesystems = [ "zfs" ];
|
||||
services.zfs.trim.enable = true;
|
||||
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
fileSystems."/".device = "/dev/disk/by-uuid/c6658511-3304-44ba-a161-049b843e63f8";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
|
||||
fsType = "ext4";
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "rpool/nixos/root";
|
||||
fsType = lib.mkForce "zfs";
|
||||
options = [ "X-mount.mkdir" ];
|
||||
};
|
||||
"/home" = {
|
||||
device = "rpool/nixos/home";
|
||||
fsType = "zfs";
|
||||
options = [ "X-mount.mkdir" ];
|
||||
};
|
||||
"/var/lib/postgresql" = {
|
||||
device = "rpool/postgres";
|
||||
fsType = "zfs";
|
||||
options = [ "X-mount.mkdir" ];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
hscloud.base = {
|
||||
|
@ -23,5 +46,35 @@ rec {
|
|||
ipAddrBits = 28;
|
||||
gw = "185.236.240.33";
|
||||
};
|
||||
|
||||
environment.systemPackages = [postgresPkg];
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = postgresPkg;
|
||||
enableTCPIP = true;
|
||||
initdbArgs = ["--encoding='UTF8'" "--lc-collate='C'" "--lc-ctype='C'"];
|
||||
ensureDatabases = ["synapse" "mediarepo"];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "synapse";
|
||||
ensurePermissions = {
|
||||
"DATABASE synapse" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "mediarepo";
|
||||
ensurePermissions = {
|
||||
"DATABASE mediarepo" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
];
|
||||
# TODO actually allow synapse to talk to us
|
||||
# also adjust firewall
|
||||
authentication = pkgs.lib.mkOverride 10 ''
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue