From 821b839b1696a405d965909f086a62195b3159da Mon Sep 17 00:00:00 2001
From: Bartosz Stebel <implr@hackerspace.pl>
Date: Sun, 5 Mar 2023 23:21:37 +0100
Subject: [PATCH] machines/bc01n05: zfsify; initial postgres

Change-Id: I355ac4aa3c56a1e6a564b7a3c7cfc4e67b072dae
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1470
Reviewed-by: q3k <q3k@hackerspace.pl>
---
 cluster/machines/bc01n05.hswaw.net.nix | 67 +++++++++++++++++++++++---
 1 file changed, 60 insertions(+), 7 deletions(-)

diff --git a/cluster/machines/bc01n05.hswaw.net.nix b/cluster/machines/bc01n05.hswaw.net.nix
index bb3da237..84819f6b 100644
--- a/cluster/machines/bc01n05.hswaw.net.nix
+++ b/cluster/machines/bc01n05.hswaw.net.nix
@@ -1,8 +1,8 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 with builtins;
-
-rec {
+let postgresPkg = pkgs.postgresql_14;
+in rec {
   networking.hostName = "bc01n05";
   # TODO: undefine fqdn and define domain after big nix change
   hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
@@ -10,11 +10,34 @@ rec {
   system.stateVersion = "22.05";
   nix.maxJobs = 16;
 
+  ### zfs
+  # randomly generated
+  networking.hostId = "26dbfbcd";
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.initrd.supportedFilesystems = [ "zfs" ];
+  services.zfs.trim.enable = true;
+
   boot.loader.grub.device = "/dev/sda";
-  fileSystems."/".device = "/dev/disk/by-uuid/c6658511-3304-44ba-a161-049b843e63f8";
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
-    fsType = "ext4";
+  fileSystems = {
+    "/" = {
+      device = "rpool/nixos/root";
+      fsType = lib.mkForce "zfs";
+      options = [ "X-mount.mkdir" ];
+    };
+    "/home" = {
+      device = "rpool/nixos/home";
+      fsType = "zfs";
+      options = [ "X-mount.mkdir" ];
+    };
+    "/var/lib/postgresql" = {
+      device = "rpool/postgres";
+      fsType = "zfs";
+      options = [ "X-mount.mkdir" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
+      fsType = "ext4";
+    };
   };
 
   hscloud.base = {
@@ -23,5 +46,35 @@ rec {
     ipAddrBits = 28;
     gw = "185.236.240.33";
   };
+
+  environment.systemPackages = [postgresPkg];
+  services.postgresql = {
+    enable = true;
+    package = postgresPkg;
+    enableTCPIP = true;
+    initdbArgs = ["--encoding='UTF8'" "--lc-collate='C'" "--lc-ctype='C'"];
+    ensureDatabases = ["synapse" "mediarepo"];
+    ensureUsers = [
+      {
+        name = "synapse";
+        ensurePermissions = {
+          "DATABASE synapse" = "ALL PRIVILEGES";
+        };
+      }
+      {
+        name = "mediarepo";
+        ensurePermissions = {
+          "DATABASE mediarepo" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+    # TODO actually allow synapse to talk to us
+    # also adjust firewall
+    authentication = pkgs.lib.mkOverride 10 ''
+      local all all trust
+      host all all 127.0.0.1/32 trust
+      host all all ::1/128 trust
+    '';
+  };
 }