add database host

2022-10-01 14:43:26 +02:00 · 2022-10-01 14:43:26 +02:00 · 01e86c277b
commit 01e86c277b
parent b30161c739
5 changed files with 58 additions and 22 deletions
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@ -1,9 +1,6 @@
-{ config, lib, pkgs, inputs, ... }:
-
-{
+{ config, lib, pkgs, inputs, ... }: {
  imports = [
    inputs.vault-secrets.nixosModules.vault-secrets
-    # User account definitions
    ./users
    ./modules
  ];
@ -67,16 +64,20 @@
    MaxFileSec=7day
  '';

-  # Enable SSH daemon support.
+  # Enable SSH
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
    permitRootLogin = "no";
  };

-  vault-secrets = lib.mkIf (config.networking.domain == "olympus") {
-    vaultPrefix = "olympus_secrets/nixos";
-    vaultAddress = "http://vault.olympus:8200/";
-    approlePrefix = "olympus-${config.networking.hostName}";
+  # Configure vault-secrets based on domain
+  vault-secrets = let
+    inherit (config.networking) domain hostName;
+    server = if domain == "olympus" then "vault" else "vault-0";
+  in lib.mkIf (domain == "olympus" || domain == "hades") {
+    vaultPrefix = "${domain}_secrets/nixos";
+    vaultAddress = "http://${server}.${domain}:8200/";
+    approlePrefix = "${domain}-${hostName}";
  };
 }
--- a/nixos/hosts/hades/database/configuration.nix
+++ b/nixos/hosts/hades/database/configuration.nix
@ -0,0 +1,35 @@
+{ config, pkgs, ... }:
+let vs = config.vault-secrets.secrets;
+in {
+  networking.interfaces.eth0.useDHCP = true;
+
+  networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ];
+
+  vault-secrets.secrets.database = {
+    user = "postgres";
+    group = "postgres";
+  };
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_13;
+    enableTCPIP = true;
+    extraPlugins = [ ];
+    initdbArgs = [
+      "--encoding 'UTF-8'"
+      "--lc-collate='en_US.UTF-8'"
+      "--lc-ctype='en_US.UTF-8'"
+    ];
+    authentication = ''
+      host all all 192.168.0.1/23 md5
+      host all all  10.10.10.0/24 md5
+    '';
+    initialScript = "${vs.database}/initialScript";
+    settings = {
+      shared_preload_libraries = "pg_stat_statements";
+      "pg_stat_statements.track" = "all";
+      "pg_stat_statements.max" = 10000;
+      track_activity_query_size = 2048;
+    };
+  };
+}
--- a/nixos/hosts/hades/default.nix
+++ b/nixos/hosts/hades/default.nix
@ -121,7 +121,6 @@
    hostname = "database";
    ip = "192.168.0.126";
    mac = "82:e8:71:7f:37:b4";
-    nix = false;
  }
  {
    hostname = "dn42";
--- a/nixos/hosts/thalassa/null/home/default.nix
+++ b/nixos/hosts/thalassa/null/home/default.nix
@ -98,6 +98,7 @@ in {
    package = pkgs.gitAndTools.gitFull;
    userName = "Victor";
    userEmail = "victor@xirion.net";
+    lfs.enable = true;
  };

  programs.mako = {