machines/bc01n05: zfsify; initial postgres
Change-Id: I355ac4aa3c56a1e6a564b7a3c7cfc4e67b072dae
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1470
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/cluster/machines/bc01n05.hswaw.net.nix b/cluster/machines/bc01n05.hswaw.net.nix
index bb3da23..84819f6 100644
--- a/cluster/machines/bc01n05.hswaw.net.nix
+++ b/cluster/machines/bc01n05.hswaw.net.nix
@@ -1,8 +1,8 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
with builtins;
-
-rec {
+let postgresPkg = pkgs.postgresql_14;
+in rec {
networking.hostName = "bc01n05";
# TODO: undefine fqdn and define domain after big nix change
hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
@@ -10,11 +10,34 @@
system.stateVersion = "22.05";
nix.maxJobs = 16;
+ ### zfs
+ # randomly generated
+ networking.hostId = "26dbfbcd";
+ boot.supportedFilesystems = [ "zfs" ];
+ boot.initrd.supportedFilesystems = [ "zfs" ];
+ services.zfs.trim.enable = true;
+
boot.loader.grub.device = "/dev/sda";
- fileSystems."/".device = "/dev/disk/by-uuid/c6658511-3304-44ba-a161-049b843e63f8";
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
- fsType = "ext4";
+ fileSystems = {
+ "/" = {
+ device = "rpool/nixos/root";
+ fsType = lib.mkForce "zfs";
+ options = [ "X-mount.mkdir" ];
+ };
+ "/home" = {
+ device = "rpool/nixos/home";
+ fsType = "zfs";
+ options = [ "X-mount.mkdir" ];
+ };
+ "/var/lib/postgresql" = {
+ device = "rpool/postgres";
+ fsType = "zfs";
+ options = [ "X-mount.mkdir" ];
+ };
+ "/boot" = {
+ device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
+ fsType = "ext4";
+ };
};
hscloud.base = {
@@ -23,5 +46,35 @@
ipAddrBits = 28;
gw = "185.236.240.33";
};
+
+ environment.systemPackages = [postgresPkg];
+ services.postgresql = {
+ enable = true;
+ package = postgresPkg;
+ enableTCPIP = true;
+ initdbArgs = ["--encoding='UTF8'" "--lc-collate='C'" "--lc-ctype='C'"];
+ ensureDatabases = ["synapse" "mediarepo"];
+ ensureUsers = [
+ {
+ name = "synapse";
+ ensurePermissions = {
+ "DATABASE synapse" = "ALL PRIVILEGES";
+ };
+ }
+ {
+ name = "mediarepo";
+ ensurePermissions = {
+ "DATABASE mediarepo" = "ALL PRIVILEGES";
+ };
+ }
+ ];
+ # TODO actually allow synapse to talk to us
+ # also adjust firewall
+ authentication = pkgs.lib.mkOverride 10 ''
+ local all all trust
+ host all all 127.0.0.1/32 trust
+ host all all ::1/128 trust
+ '';
+ };
}