From 01e86c277ba614a5b67be1905fbeb6fc852e6257 Mon Sep 17 00:00:00 2001 From: victor Date: Sat, 1 Oct 2022 14:43:26 +0200 Subject: [PATCH] add database host --- flake.lock | 24 +++++++------- nixos/common/default.nix | 19 ++++++----- nixos/hosts/hades/database/configuration.nix | 35 ++++++++++++++++++++ nixos/hosts/hades/default.nix | 1 - nixos/hosts/thalassa/null/home/default.nix | 1 + 5 files changed, 58 insertions(+), 22 deletions(-) create mode 100644 nixos/hosts/hades/database/configuration.nix diff --git a/flake.lock b/flake.lock index f2e720c..243434e 100644 --- a/flake.lock +++ b/flake.lock @@ -420,11 +420,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1664449551, - "narHash": "sha256-iTStJtZB1+MppkT+95Ckqy2NDaISb+QcUkOAa0DS0io=", + "lastModified": 1664573442, + "narHash": "sha256-AovlSIuJfMf8n9QLNUVtsCul+NVHIoen7APH2fLls3k=", "owner": "nix-community", "repo": "home-manager", - "rev": "864ff685fe6443101a0a8f3950d21bcb4330e56a", + "rev": "a7f0cc2d7b271b4a5df9b9e351d556c172f7e903", "type": "github" }, "original": { @@ -439,11 +439,11 @@ "wlroots": "wlroots" }, "locked": { - "lastModified": 1664477193, - "narHash": "sha256-W8pe+3wrAUjtexyd6ve4qZGLOWzfqqXKyieY3Q3ntsY=", + "lastModified": 1664617133, + "narHash": "sha256-ogDblDyvM8KgJEmidcmrQbBEFVYleAPLeoyuioCXYa4=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "da40bf823f2f307e439f4bd85c405d9e612c2df5", + "rev": "590fbf808b60baceef3b021050dae4c409121bf5", "type": "github" }, "original": { @@ -550,11 +550,11 @@ "utils": "utils_5" }, "locked": { - "lastModified": 1664416713, - "narHash": "sha256-EBlFsuwJKak5l9UpSXKgTiUL30kjuKeWMNsJZOGbhA8=", + "lastModified": 1664504390, + "narHash": "sha256-H7p9P2oxLiPYCYpbFFkECJ95+dwR0g83rYJJhYIbo/E=", "owner": "jyooru", "repo": "nix-minecraft-servers", - "rev": "520d55ed44be7806138216e9ebe84bfcf641e999", + "rev": "d3eed15d776fe50786913047f0764efd917ea351", "type": "github" }, "original": { @@ -826,11 +826,11 @@ ] }, "locked": { - "lastModified": 1664388710, - "narHash": "sha256-SbaZu/HVBVelLGYFPdZ2IteHS6rBaa8as/iEIvEmNz4=", + "lastModified": 1664557358, + "narHash": "sha256-ok/e+vBUyt3OhdG0ND7d0INxAA5w9+SRxGlUtao0nv4=", "owner": "DeterminateSystems", "repo": "riff", - "rev": "c47ff5c960f11c372a5b6d96182a88ee22dc30dd", + "rev": "8a11573a00386a5849af5534b5d0336092299eef", "type": "github" }, "original": { diff --git a/nixos/common/default.nix b/nixos/common/default.nix index 6b834dd..584ca31 100644 --- a/nixos/common/default.nix +++ b/nixos/common/default.nix @@ -1,9 +1,6 @@ -{ config, lib, pkgs, inputs, ... }: - -{ +{ config, lib, pkgs, inputs, ... }: { imports = [ inputs.vault-secrets.nixosModules.vault-secrets - # User account definitions ./users ./modules ]; @@ -67,16 +64,20 @@ MaxFileSec=7day ''; - # Enable SSH daemon support. + # Enable SSH services.openssh = { enable = true; passwordAuthentication = false; permitRootLogin = "no"; }; - vault-secrets = lib.mkIf (config.networking.domain == "olympus") { - vaultPrefix = "olympus_secrets/nixos"; - vaultAddress = "http://vault.olympus:8200/"; - approlePrefix = "olympus-${config.networking.hostName}"; + # Configure vault-secrets based on domain + vault-secrets = let + inherit (config.networking) domain hostName; + server = if domain == "olympus" then "vault" else "vault-0"; + in lib.mkIf (domain == "olympus" || domain == "hades") { + vaultPrefix = "${domain}_secrets/nixos"; + vaultAddress = "http://${server}.${domain}:8200/"; + approlePrefix = "${domain}-${hostName}"; }; } diff --git a/nixos/hosts/hades/database/configuration.nix b/nixos/hosts/hades/database/configuration.nix new file mode 100644 index 0000000..d4459c2 --- /dev/null +++ b/nixos/hosts/hades/database/configuration.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: +let vs = config.vault-secrets.secrets; +in { + networking.interfaces.eth0.useDHCP = true; + + networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ]; + + vault-secrets.secrets.database = { + user = "postgres"; + group = "postgres"; + }; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_13; + enableTCPIP = true; + extraPlugins = [ ]; + initdbArgs = [ + "--encoding 'UTF-8'" + "--lc-collate='en_US.UTF-8'" + "--lc-ctype='en_US.UTF-8'" + ]; + authentication = '' + host all all 192.168.0.1/23 md5 + host all all 10.10.10.0/24 md5 + ''; + initialScript = "${vs.database}/initialScript"; + settings = { + shared_preload_libraries = "pg_stat_statements"; + "pg_stat_statements.track" = "all"; + "pg_stat_statements.max" = 10000; + track_activity_query_size = 2048; + }; + }; +} diff --git a/nixos/hosts/hades/default.nix b/nixos/hosts/hades/default.nix index e2a7fb1..731d29a 100644 --- a/nixos/hosts/hades/default.nix +++ b/nixos/hosts/hades/default.nix @@ -121,7 +121,6 @@ hostname = "database"; ip = "192.168.0.126"; mac = "82:e8:71:7f:37:b4"; - nix = false; } { hostname = "dn42"; diff --git a/nixos/hosts/thalassa/null/home/default.nix b/nixos/hosts/thalassa/null/home/default.nix index a0397c0..04de3b2 100644 --- a/nixos/hosts/thalassa/null/home/default.nix +++ b/nixos/hosts/thalassa/null/home/default.nix @@ -98,6 +98,7 @@ in { package = pkgs.gitAndTools.gitFull; userName = "Victor"; userEmail = "victor@xirion.net"; + lfs.enable = true; }; programs.mako = {