From 0ff2b12fb08300a9b517555593e09614838386c3 Mon Sep 17 00:00:00 2001
From: Kaare Hoff Skovgaard <kaare@kaareskovgaard.net>
Date: Mon, 11 Aug 2025 00:13:57 +0200
Subject: [PATCH] Some fixes regarding startup of postgres

There were some issues with setting mount dependencies
for postgresql. Now however that is solved. What didn't work
was when the disk-mapping.json file depended on vault-agent.

As that file is not secret by any means, I moved it to /var/lib.

The only thing left to do, is to make postgresql start up
when the server is first created, and the /var/lib file
does not exist.
---
 nix/checks/zfs/default.nix                    |  4 +-
 nix/modules/nixos/fs/zfs/default.nix          | 38 +++++++++++++++++--
 .../fs/zfs/services/postgresql/default.nix    |  6 ++-
 3 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/nix/checks/zfs/default.nix b/nix/checks/zfs/default.nix
index 0ef9bc4..5a0a1be 100644
--- a/nix/checks/zfs/default.nix
+++ b/nix/checks/zfs/default.nix
@@ -24,8 +24,8 @@ let
     text = ''
       df -h
       lsblk
-      ${lib.getExe' pkgs.uutils-coreutils-noprefix "mkdir"} -p /run/secret
-      echo ${lib.escapeShellArg (builtins.toJSON diskMapping)} > /run/secret/disk-mapping.json
+      ${lib.getExe' pkgs.uutils-coreutils-noprefix "mkdir"} -p /var/lib/vault-agent
+      echo ${lib.escapeShellArg (builtins.toJSON diskMapping)} > /var/lib/vault-agent/disk-mapping.json
     '';
   };
   diskMappingModule = {
diff --git a/nix/modules/nixos/fs/zfs/default.nix b/nix/modules/nixos/fs/zfs/default.nix
index a6cc786..a2750d8 100644
--- a/nix/modules/nixos/fs/zfs/default.nix
+++ b/nix/modules/nixos/fs/zfs/default.nix
@@ -9,6 +9,16 @@ let
   cfg = config.khscodes.fs.zfs;
   isTest = cfg.test;
   zpoolSetup = lib.getExe pkgs.khscodes.zpool-setup;
+  allDatasets = lib.lists.flatten (
+    lib.lists.map (
+      { name, value }:
+      lib.lists.map (ds: {
+        zpool = name;
+        datasetName = ds.name;
+        datasetConfig = ds.value;
+      }) (lib.attrsToList value.datasets)
+    ) (lib.attrsToList cfg.zpools)
+  );
   setupZpool =
     { name, value }:
     let
@@ -83,14 +93,14 @@ in
         BAO_ADDR = config.khscodes.services.vault-agent.vault.address;
         VAULT_ROLE_ID_FILE = "/var/lib/vault-agent/role-id";
         VAULT_SECRET_ID_FILE = "/var/lib/vault-agent/secret-id";
-        DISK_MAPPING_FILE = "/run/secret/disk-mapping.json";
+        DISK_MAPPING_FILE = "/var/lib/vault-agent/disk-mapping.json";
         LOGLEVEL = "trace";
       }
       // (lib.attrsets.optionalAttrs isTest {
         ZFS_TEST = "true";
       });
       unitConfig.ConditionPathExists = [
-        "/run/secret/disk-mapping.json"
+        "/var/lib/vault-agent/disk-mapping.json"
       ]
       ++ lib.lists.optionals (!isTest) [
         "/var/lib/vault-agent/role-id"
@@ -104,6 +114,28 @@ in
         '';
       };
     };
+    # Make sure mount units exists, such that RequiresMountsFor works as intended.
+    systemd.mounts = lib.lists.foldl (
+      acc:
+      {
+        zpool,
+        datasetName,
+        datasetConfig,
+      }:
+      acc
+      ++ (lib.lists.optional (datasetConfig.mountpoint != null) {
+        description = "Mount ${datasetConfig.mountpoint} from zpool ${zpool}";
+        what = "${zpool}/${datasetName}";
+        where = "${datasetConfig.mountpoint}";
+        type = "zfs-non-legacy";
+        unitConfig = {
+          Requires = [ "khscodes-zpool-setup.service" ];
+          After = [ "khscodes-zpool-setup.service" ];
+          Conflicts = [ "umount.target" ];
+          Before = [ "umount.target" ];
+        };
+      })
+    ) [ ] allDatasets;
     khscodes.infrastructure.vault-server-approle.policy = lib.mapAttrs' (name: value: {
       name = "${value.encryptionKeyOpenbao.mount}/data/${value.encryptionKeyOpenbao.name}";
       value = {
@@ -119,7 +151,7 @@ in
           {{ .Data.data | toUnescapedJSON }}
           {{- end -}}
         '';
-        destination = "/run/secret/disk-mapping.json";
+        destination = "/var/lib/vault-agent/disk-mapping.json";
         owner = "root";
         group = "root";
         perms = "0644";
diff --git a/nix/modules/nixos/fs/zfs/services/postgresql/default.nix b/nix/modules/nixos/fs/zfs/services/postgresql/default.nix
index a6c4f0b..0b7c414 100644
--- a/nix/modules/nixos/fs/zfs/services/postgresql/default.nix
+++ b/nix/modules/nixos/fs/zfs/services/postgresql/default.nix
@@ -51,6 +51,7 @@ in
       khscodes.fs.zfs.zpools."${cfg.pool}".datasets."${cfg.datasetName}" = cfg.datasetConfig;
       systemd.services.postgresql = {
         after = [ "khscodes-zpool-setup.service" ];
+        requires = [ "khscodes-zpool-setup.service" ];
         unitConfig = {
           RequiresMountsFor = [ cfg.datasetConfig.mountpoint ];
         };
@@ -68,7 +69,10 @@ in
           lib.lists.map (db: {
             name = "postgresqlBackup-${db}";
             value = {
-              after = [ "khscodes-zpool-setup.service" ];
+              after = [
+                "khscodes-zpool-setup.service"
+              ];
+              requires = [ "khscodes-zpool-setup.service" ];
               unitConfig = {
                 RequiresMountsFor = [ cfg.backupDatasetConfig.mountpoint ];
               };