nix/machines
1
0
Fork 0
Code Issues Releases Packages Activity Actions

Some fixes regarding startup of postgres
Some checks failed
/ dev-shell (push) Successful in 2m5s
Details
/ rust-packages (push) Successful in 9m2s
Details
/ systems (push) Successful in 47m47s
Details
/ terraform-providers (push) Successful in 7m45s
Details
/ check (push) Failing after 11m24s
Details

Browse source 
There were some issues with setting mount dependencies
for postgresql. Now however that is solved. What didn't work
was when the disk-mapping.json file depended on vault-agent.

As that file is not secret by any means, I moved it to /var/lib.

The only thing left to do, is to make postgresql start up
when the server is first created, and the /var/lib file
does not exist.
This commit is contained in:
Kaare Hoff Skovgaard 2025-08-11 00:13:57 +02:00
parent 1ca3a407f2
commit 0ff2b12fb0
Signed by: khs
GPG key ID: C7D890804F01E9F0
3 changed files with 42 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nix/checks/zfs/default.nix
View file

@ -24,8 +24,8 @@ let
text = ''
df -h
lsblk
${lib.getExe' pkgs.uutils-coreutils-noprefix "mkdir"} -p /run/secret
echo ${lib.escapeShellArg (builtins.toJSON diskMapping)} > /run/secret/disk-mapping.json
${lib.getExe' pkgs.uutils-coreutils-noprefix "mkdir"} -p /var/lib/vault-agent
echo ${lib.escapeShellArg (builtins.toJSON diskMapping)} > /var/lib/vault-agent/disk-mapping.json
'';
};
diskMappingModule = {

38
nix/modules/nixos/fs/zfs/default.nix
View file

@ -9,6 +9,16 @@ let
cfg = config.khscodes.fs.zfs;
isTest = cfg.test;
zpoolSetup = lib.getExe pkgs.khscodes.zpool-setup;
allDatasets = lib.lists.flatten (
lib.lists.map (
{ name, value }:
lib.lists.map (ds: {
zpool = name;
datasetName = ds.name;
datasetConfig = ds.value;
}) (lib.attrsToList value.datasets)
) (lib.attrsToList cfg.zpools)
);
setupZpool =
{ name, value }:
let
@ -83,14 +93,14 @@ in
BAO_ADDR = config.khscodes.services.vault-agent.vault.address;
VAULT_ROLE_ID_FILE = "/var/lib/vault-agent/role-id";
VAULT_SECRET_ID_FILE = "/var/lib/vault-agent/secret-id";
DISK_MAPPING_FILE = "/run/secret/disk-mapping.json";
DISK_MAPPING_FILE = "/var/lib/vault-agent/disk-mapping.json";
LOGLEVEL = "trace";
}
// (lib.attrsets.optionalAttrs isTest {
ZFS_TEST = "true";
});
unitConfig.ConditionPathExists = [
"/run/secret/disk-mapping.json"
"/var/lib/vault-agent/disk-mapping.json"
]
++ lib.lists.optionals (!isTest) [
"/var/lib/vault-agent/role-id"
@ -104,6 +114,28 @@ in
'';
};
};
# Make sure mount units exists, such that RequiresMountsFor works as intended.
systemd.mounts = lib.lists.foldl (
acc:
{
zpool,
datasetName,
datasetConfig,
}:
acc
++ (lib.lists.optional (datasetConfig.mountpoint != null) {
description = "Mount ${datasetConfig.mountpoint} from zpool ${zpool}";
what = "${zpool}/${datasetName}";
where = "${datasetConfig.mountpoint}";
type = "zfs-non-legacy";
unitConfig = {
Requires = [ "khscodes-zpool-setup.service" ];
After = [ "khscodes-zpool-setup.service" ];
Conflicts = [ "umount.target" ];
Before = [ "umount.target" ];
};
})
) [ ] allDatasets;
khscodes.infrastructure.vault-server-approle.policy = lib.mapAttrs' (name: value: {
name = "${value.encryptionKeyOpenbao.mount}/data/${value.encryptionKeyOpenbao.name}";
value = {
@ -119,7 +151,7 @@ in
{{ .Data.data | toUnescapedJSON }}
{{- end -}}
'';
destination = "/run/secret/disk-mapping.json";
destination = "/var/lib/vault-agent/disk-mapping.json";
owner = "root";
group = "root";
perms = "0644";

6
nix/modules/nixos/fs/zfs/services/postgresql/default.nix
View file

@ -51,6 +51,7 @@ in
khscodes.fs.zfs.zpools."${cfg.pool}".datasets."${cfg.datasetName}" = cfg.datasetConfig;
systemd.services.postgresql = {
after = [ "khscodes-zpool-setup.service" ];
requires = [ "khscodes-zpool-setup.service" ];
unitConfig = {
RequiresMountsFor = [ cfg.datasetConfig.mountpoint ];
};
@ -68,7 +69,10 @@ in
lib.lists.map (db: {
name = "postgresqlBackup-${db}";
value = {
after = [ "khscodes-zpool-setup.service" ];
after = [
"khscodes-zpool-setup.service"
];
requires = [ "khscodes-zpool-setup.service" ];
unitConfig = {
RequiresMountsFor = [ cfg.backupDatasetConfig.mountpoint ];
};