machines/bc01n05: zfsify; initial postgres

Change-Id: I355ac4aa3c56a1e6a564b7a3c7cfc4e67b072dae Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1470 Reviewed-by: q3k <q3k@hackerspace.pl>
2023-03-05 23:21:37 +01:00 · 2023-03-05 23:21:37 +01:00 · 821b839b16
parent 3320155d23
commit 821b839b16
1 changed files with 60 additions and 7 deletions
--- a/cluster/machines/bc01n05.hswaw.net.nix
+++ b/cluster/machines/bc01n05.hswaw.net.nix
@ -1,8 +1,8 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:

 with builtins;
-
-rec {
+let postgresPkg = pkgs.postgresql_14;
+in rec {
  networking.hostName = "bc01n05";
  # TODO: undefine fqdn and define domain after big nix change
  hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
@ -10,11 +10,34 @@ rec {
  system.stateVersion = "22.05";
  nix.maxJobs = 16;

+  ### zfs
+  # randomly generated
+  networking.hostId = "26dbfbcd";
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.initrd.supportedFilesystems = [ "zfs" ];
+  services.zfs.trim.enable = true;
+
  boot.loader.grub.device = "/dev/sda";
-  fileSystems."/".device = "/dev/disk/by-uuid/c6658511-3304-44ba-a161-049b843e63f8";
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
-    fsType = "ext4";
+  fileSystems = {
+    "/" = {
+      device = "rpool/nixos/root";
+      fsType = lib.mkForce "zfs";
+      options = [ "X-mount.mkdir" ];
+    };
+    "/home" = {
+      device = "rpool/nixos/home";
+      fsType = "zfs";
+      options = [ "X-mount.mkdir" ];
+    };
+    "/var/lib/postgresql" = {
+      device = "rpool/postgres";
+      fsType = "zfs";
+      options = [ "X-mount.mkdir" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
+      fsType = "ext4";
+    };
  };

  hscloud.base = {
@ -23,5 +46,35 @@ rec {
    ipAddrBits = 28;
    gw = "185.236.240.33";
  };
+
+  environment.systemPackages = [postgresPkg];
+  services.postgresql = {
+    enable = true;
+    package = postgresPkg;
+    enableTCPIP = true;
+    initdbArgs = ["--encoding='UTF8'" "--lc-collate='C'" "--lc-ctype='C'"];
+    ensureDatabases = ["synapse" "mediarepo"];
+    ensureUsers = [
+      {
+        name = "synapse";
+        ensurePermissions = {
+          "DATABASE synapse" = "ALL PRIVILEGES";
+        };
+      }
+      {
+        name = "mediarepo";
+        ensurePermissions = {
+          "DATABASE mediarepo" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+    # TODO actually allow synapse to talk to us
+    # also adjust firewall
+    authentication = pkgs.lib.mkOverride 10 ''
+      local all all trust
+      host all all 127.0.0.1/32 trust
+      host all all ::1/128 trust
+    '';
+  };
 }