services.postgresql: fix

2024-10-22 21:38:44 +08:00 · 2024-05-30 12:59:57 +08:00 · 2024-05-30 12:59:57 +08:00 · f97fad608d
commit f97fad608d
parent 8115d2a0c6
5 changed files with 95 additions and 107 deletions
--- a/modules/services/misskey.nix
+++ b/modules/services/misskey.nix
@ -139,9 +139,9 @@ inputs:
        redis = mkIf (misskey.instances != {}) { instances = listToAttrs (map
          (instance: { name = "misskey-${instance.name}"; value.port = instance.value.redis.port; })
          (attrsToList misskey.instances)); };
-        postgresql = mkIf (misskey.instances != {}) { instances = listToAttrs (map
+        postgresql.instances = listToAttrs (map
          (instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
-          (attrsToList misskey.instances)); };
+          (attrsToList misskey.instances));
        meilisearch =
          let instances = filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances);
          in mkIf (instances != []) { instances = listToAttrs (map
--- a/modules/services/postgresql.nix
+++ b/modules/services/postgresql.nix
@ -1,105 +1,96 @@
 inputs:
 {
-  options.nixos.services.postgresql = let inherit (inputs.lib) mkOption types; in mkOption
+  options.nixos.services.postgresql = let inherit (inputs.lib) mkOption types; in
  {
-    type = types.nullOr (types.submodule { options =
+    enable = mkOption { type = types.bool; default = inputs.config.nixos.services.postgresql.instances != {}; };
+    instances = mkOption
    {
-      instances = mkOption
+      type = types.attrsOf (types.submodule (submoduleInputs: { options =
      {
-        type = types.attrsOf (types.submodule (submoduleInputs: { options =
-        {
-          database = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
-          user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
-          passwordFile = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
-          initializeFlags = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
-        };}));
-        default = {};
-      };
-    };});
-    default = null;
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) postgresql;
-      inherit (inputs.lib) mkAfter concatStringsSep mkIf;
-      inherit (inputs.localLib) attrsToList;
-      inherit (builtins) map listToAttrs filter;
-    in mkIf (postgresql != null)
-    {
-      services =
-      {
-        postgresql =
-        {
-          enable = true;
-          package = inputs.pkgs.postgresql_15;
-          enableTCPIP = true;
-          authentication = "host all all 0.0.0.0/0 md5";
-          settings =
-          {
-            unix_socket_permissions = "0700";
-            shared_buffers = "8192MB";
-            work_mem = "512MB";
-            autovacuum = "on";
-          };
-          # log_timezone = 'Asia/Shanghai'
-          # datestyle = 'iso, mdy'
-          # timezone = 'Asia/Shanghai'
-          # lc_messages = 'en_US.utf8'
-          # lc_monetary = 'en_US.utf8'
-          # lc_numeric = 'en_US.utf8'
-          # lc_time = 'en_US.utf8'
-          # default_text_search_config = 'pg_catalog.english'
-          # plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
-          # mv /path/to/dir /path/to/dir_old
-          # mkdir /path/to/dir
-          # chattr +C /path/to/dir
-          # cp -a --reflink=never /path/to/dir_old/. /path/to/dir
-          # rm -rf /path/to/dir_old
-          ensureUsers = map (db: { name = db.value.user; }) (attrsToList postgresql.instances);
-        };
-        postgresqlBackup =
-        {
-          enable = true;
-          pgdumpOptions = "-Fc";
-          compression = "none";
-          databases = map (db: db.value.database) (attrsToList postgresql.instances);
-        };
-      };
-      systemd.services.postgresql.postStart = mkAfter (concatStringsSep "\n" (map
-        (db:
-          let
-            passwordFile =
-              if db.value.passwordFile or null != null then db.value.passwordFile
-              else inputs.config.sops.secrets."postgresql/${db.value.user}".path;
-            initializeFlag =
-              if db.value.initializeFlags != {} then
-                " WITH "
-                + (concatStringsSep " " (map
-                  (flag: ''${flag.name} = "${flag.value}"'')
-                  (attrsToList db.value.initializeFlags)))
-              else "";
-          in
-          # create database if not exist
-          "$PSQL -tAc \"SELECT 1 FROM pg_database WHERE datname = '${db.value.database}'\" | grep -q 1"
-            + " || $PSQL -tAc 'CREATE DATABASE \"${db.value.database}\"${initializeFlag}'"
-          # set user password
-            + "\n"
-            + "$PSQL -tAc \"ALTER USER ${db.value.user} with encrypted password '$(cat ${passwordFile})'\""
-          # set db owner
-            + "\n"
-            + "$PSQL -tAc \"select pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d"
-            + " WHERE d.datname = '${db.value.database}' ORDER BY 1\""
-            + " | grep -E '^${db.value.user}$' -q"
-            + " || $PSQL -tAc \"ALTER DATABASE ${db.value.database} OWNER TO ${db.value.user}\"")
-        (attrsToList postgresql.instances)));
-      sops.secrets = listToAttrs (map
-        (db: { name = "postgresql/${db.value.user}"; value.owner = inputs.config.users.users.postgres.name; })
-        (filter (db: db.value.passwordFile == null) (attrsToList postgresql.instances)));
+        database = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
+        user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
+        passwordFile = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
+        initializeFlags = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
+      };}));
+      default = {};
    };
+  };
+  config = let inherit (inputs.config.nixos.services) postgresql; in inputs.lib.mkIf postgresql.enable
+  {
+    services =
+    {
+      postgresql =
+      {
+        enable = true;
+        package = inputs.pkgs.postgresql_15;
+        enableTCPIP = true;
+        authentication = "host all all 0.0.0.0/0 md5";
+        settings =
+        {
+          unix_socket_permissions = "0700";
+          shared_buffers = "8192MB";
+          work_mem = "512MB";
+          autovacuum = "on";
+        };
+        # log_timezone = 'Asia/Shanghai'
+        # datestyle = 'iso, mdy'
+        # timezone = 'Asia/Shanghai'
+        # lc_messages = 'en_US.utf8'
+        # lc_monetary = 'en_US.utf8'
+        # lc_numeric = 'en_US.utf8'
+        # lc_time = 'en_US.utf8'
+        # default_text_search_config = 'pg_catalog.english'
+        # plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+        # mv /path/to/dir /path/to/dir_old
+        # mkdir /path/to/dir
+        # chattr +C /path/to/dir
+        # cp -a --reflink=never /path/to/dir_old/. /path/to/dir
+        # rm -rf /path/to/dir_old
+        ensureUsers = builtins.map (db: { name = db.value.user; }) (builtins.attrsToList postgresql.instances);
+      };
+      postgresqlBackup =
+      {
+        enable = true;
+        pgdumpOptions = "-Fc";
+        compression = "none";
+        databases = builtins.map (db: db.value.database) (builtins.attrsToList postgresql.instances);
+      };
+    };
+    systemd.services.postgresql.postStart = inputs.lib.mkAfter (builtins.concatStringsSep "\n" (builtins.map
+      (db:
+        let
+          passwordFile =
+            if db.value.passwordFile or null != null then db.value.passwordFile
+            else inputs.config.sops.secrets."postgresql/${db.value.user}".path;
+          initializeFlag =
+            if db.value.initializeFlags != {} then
+              " WITH "
+              + (builtins.concatStringsSep " " (map
+                (flag: ''${flag.name} = "${flag.value}"'')
+                (builtins.attrsToList db.value.initializeFlags)))
+            else "";
+        in
+        # create database if not exist
+        "$PSQL -tAc \"SELECT 1 FROM pg_database WHERE datname = '${db.value.database}'\" | grep -q 1"
+          + " || $PSQL -tAc 'CREATE DATABASE \"${db.value.database}\"${initializeFlag}'"
+        # set user password
+          + "\n"
+          + "$PSQL -tAc \"ALTER USER ${db.value.user} with encrypted password '$(cat ${passwordFile})'\""
+        # set db owner
+          + "\n"
+          + "$PSQL -tAc \"select pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d"
+          + " WHERE d.datname = '${db.value.database}' ORDER BY 1\""
+          + " | grep -E '^${db.value.user}$' -q"
+          + " || $PSQL -tAc \"ALTER DATABASE ${db.value.database} OWNER TO ${db.value.user}\"")
+      (builtins.attrsToList postgresql.instances)));
+    sops.secrets = inputs.localLib.listToAttrs (builtins.map
+      (db: { name = "postgresql/${db.value.user}"; value.owner = inputs.config.users.users.postgres.name; })
+      (builtins.filter (db: db.value.passwordFile == null) (builtins.attrsToList postgresql.instances)));
+    environment.persistence =
+      let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
+      {
+        "${impermanence.nodatacow}" = let user = inputs.config.users.users.postgres; in
+          [{ directory = "/var/lib/postgresql"; user = user.name; group = user.group; mode = "0750"; }];
+      };
+  };
 }
-  # sops.secrets.drone-agent = {
-  #   owner = config.systemd.services.drone-agent.serviceConfig.User;
-  #   key = "drone";
-  # };
-# pg_dump -h 127.0.0.1 -U synapse -Fc -f synaps.dump synapse
-# pg_restore -h 127.0.0.1 -U misskey -d misskey --data-only --jobs=4 misskey.dump
--- a/modules/services/synapse.nix
+++ b/modules/services/synapse.nix
@ -258,7 +258,7 @@ inputs:
        (attrsToList synapse.instances));
      nixos.services =
      {
-        postgresql = mkIf (synapse.instances != {}) { instances = listToAttrs (concatLists (map
+        postgresql.instances = listToAttrs (concatLists (map
          (instance:
          [
            {
@ -270,7 +270,7 @@ inputs:
              value.user = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
            }
          ])
-          (attrsToList synapse.instances)));};
+          (attrsToList synapse.instances)));
        redis = mkIf (synapse.instances != {}) { instances = listToAttrs (map
          (instance: { name = "synapse-${instance.name}"; value.port = instance.value.redisPort; })
          (attrsToList synapse.instances));};
--- a/modules/system/impermanence.nix
+++ b/modules/system/impermanence.nix
@ -64,11 +64,6 @@ inputs:
          hideMounts = true;
          directories =
            [{ directory = "/var/log/journal"; user = "root"; group = "systemd-journal"; mode = "u=rwx,g=rx+s,o=rx"; }]
-            ++ (
-              if inputs.config.nixos.services.postgresql != null then let user = inputs.config.users.users.postgres; in
-                [{ directory = "/var/lib/postgresql"; user = user.name; group = user.group; mode = "0750"; }]
-              else []
-            )
            ++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else [])
            ++ (
              if inputs.config.nixos.virtualization.kvmHost.enable then
--- a/setup.md
+++ b/setup.md
@ -19,4 +19,6 @@ systemd-cryptsetup attach root /dev/vda2
 ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key
 ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key
 systemd-machine-id-setup --root=/mnt/nix/persistent
+pg_dump -h 127.0.0.1 -U synapse -Fc -f synaps.dump synapse
+pg_restore -h 127.0.0.1 -U misskey -d misskey --data-only --jobs=4 misskey.dump
 ```