darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Add replicated postgresql

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2022-12-15 19:31:16 +01:00
parent d4ead83c80
commit 3cb2a7e000
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
11 changed files with 183 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/instance-20221213-1915.nix
View file

@ -14,6 +14,7 @@
./server.nix
./wireguard/public-server.nix
./services/named-submissive.nix
./services/postgres/high-available.nix
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"];
@ -75,6 +76,7 @@
systemd.tmpfiles.rules = [
"L /var/lib/acme - - - - /persist/var/lib/acme"
"L /var/lib/postgresql - - - - /persist/var/lib/postgresql"
];
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453/64"];

3
config/nixos-8gb-fsn1-1.nix
View file

@ -15,7 +15,7 @@
./services/named.nix
./services/grafana.nix
./users/miifox.nix
./services/postgres.nix
./services/postgres
./services/gitea.nix
./services/old-homepage.nix
./services/postfixadmin.nix
@ -30,6 +30,7 @@
./services/peertube
./services/rspamd.nix
./wireguard/public-server.nix
./services/postgres/high-available.nix
];
boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod"];

2
config/nutty-noon.nix
View file

@ -18,7 +18,7 @@
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
./services/postgres.nix
./services/postgres
./services/drone-runner-docker.nix
./services/gitlab-runner
];

2
config/services/hydra.nix
View file

@ -18,7 +18,7 @@
'';
in {
imports = [
./postgres.nix
./postgres
../../modules/hydra.nix
];
services.hydra = {

2
config/services/postgres.nix → config/services/postgres/default.nix
View file

@ -19,7 +19,7 @@
services.prometheus.exporters.postgres = {
enable = true;
user = "postgres";
listenAddress = (import ../../utils/getInternalIP.nix config).listenIP;
listenAddress = (import ../../../utils/getInternalIP.nix config).listenIP;
};
networking.firewall.interfaces."wg0".allowedTCPPorts = [9187];
}

49
config/services/postgres/high-available.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
pkgs,
lib,
hapsql,
...
}: let
internalIP = (import ../../../utils/getInternalIP.nix config).listenIP;
haNodes = ["[fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49]" "[fd0d:a262:1fa6:e621:746d:4523:5c04:1453]"];
in {
imports = [
hapsql.nixosModule
];
services.hapsql = {
enable = true;
nodeName = config.networking.hostName;
nodeAddress = internalIP;
cluster = {
scope = "chirrs";
nodes = builtins.filter (a: a != internalIP) haNodes;
ports = {
raft = 49921;
postgres = 2428;
restApi = 56708;
};
};
postgresqlPackage = pkgs.postgresql_15.withPackages (ps: with ps; [rum]);
prometheus = {
enable-postgres-exporter = true;
};
};
services.patroni2 = {
postgresql.data_dir = "/var/lib/postgresql/15";
bootstrap = {
pg_hba = [
"host replication replicator fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49/128 md5"
"host replication replicator fd0d:a262:1fa6:e621:746d:4523:5c04:1453/128 md5"
"host all all 0.0.0.0/0 md5"
"host all all ::/0 md5"
];
};
};
networking.firewall.interfaces."wg0".allowedTCPPorts = [
49921
2428
56708
];
users.users.postgres.home = lib.mkForce "/var/lib/postgresql";
}

2
config/thinkrac.nix
View file

@ -18,7 +18,7 @@
nixos-hardware.nixosModules.lenovo-thinkpad-t470s
nixos-hardware.nixosModules.common-cpu-intel-kaby-lake
nixos-hardware.nixosModules.common-pc-ssd
./services/postgres.nix
./services/postgres
];
hardware.cpu.intel.updateMicrocode = true;

102
flake.lock
View file

@ -143,6 +143,31 @@
"type": "github"
}
},
"hapsql": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"patroni": "patroni",
"prometheus-keepalived-exporter": "prometheus-keepalived-exporter",
"sops-nix": [
"sops-nix"
]
},
"locked": {
"lastModified": 1668373073,
"narHash": "sha256-jevN2P7euK8hWc7iEF40cW2UfQsqurHL2Ccw4vz0S6s=",
"ref": "refs/heads/master",
"rev": "daf95d1e1e7f0270ac82edd7231d9daed0106a0d",
"revCount": 21,
"type": "git",
"url": "https://git.sr.ht/~bwolf/hapsql.nix"
},
"original": {
"type": "git",
"url": "https://git.sr.ht/~bwolf/hapsql.nix"
}
},
"haskell-flake": {
"locked": {
"lastModified": 1668096377,
@ -210,7 +235,7 @@
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
"utils": "utils_3"
},
"locked": {
"lastModified": 1670970889,
@ -484,6 +509,28 @@
"type": "github"
}
},
"patroni": {
"inputs": {
"nixpkgs": [
"hapsql",
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1668372943,
"narHash": "sha256-JSbuXzu1cHuu3NbQzRDs3ExPUP89xTNWfTRJG/vzOqg=",
"ref": "refs/heads/master",
"rev": "0e0e7c4e82f6583efc8cec47904e0a8deb92191f",
"revCount": 16,
"type": "git",
"url": "https://git.sr.ht/~bwolf/patroni.nix"
},
"original": {
"type": "git",
"url": "https://git.sr.ht/~bwolf/patroni.nix"
}
},
"plasma-manager": {
"inputs": {
"home-manager": [
@ -530,6 +577,28 @@
"type": "github"
}
},
"prometheus-keepalived-exporter": {
"inputs": {
"nixpkgs": [
"hapsql",
"nixpkgs"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1662960295,
"narHash": "sha256-4nOsFasQ463Zf8TAlUBydtr5FS+ivpNNcfyWeAdsyNw=",
"ref": "refs/heads/master",
"rev": "52fe5366dde3d5a9ee8562fff5b0502544921dd0",
"revCount": 5,
"type": "git",
"url": "https://git.sr.ht/~bwolf/prometheus-keepalived-exporter.nix"
},
"original": {
"type": "git",
"url": "https://git.sr.ht/~bwolf/prometheus-keepalived-exporter.nix"
}
},
"root": {
"inputs": {
"dns": "dns",
@ -537,6 +606,7 @@
"emanote": "emanote",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils",
"hapsql": "hapsql",
"haskell-flake": "haskell-flake_2",
"home-manager": "home-manager",
"hosts-list": "hosts-list",
@ -622,6 +692,36 @@
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

5
flake.nix
View file

@ -22,6 +22,11 @@ rec {
inputs.nixpkgs-lib.follows = "nixpkgs";
};
flake-utils.url = "github:numtide/flake-utils";
hapsql = {
url = "git+https://git.sr.ht/~bwolf/hapsql.nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.sops-nix.follows = "sops-nix";
};
haskell-flake.url = "github:srid/haskell-flake";
home-manager = {
url = "github:nix-community/home-manager";

12
secrets/instance-20221213-1915.yaml
View file

@ -21,6 +21,14 @@ root:
password:
root: ENC[AES256_GCM,data:wGFQ73r7XiOQ5HTtVwZfJu10Y0ZkBQ4YWm2MUCXyJy0kS2lh942aCOOobn+ZgDwZe2/esaaZi3UZ1sjmAMsRe4E5Fv6eJRXeqa7Ym+3Wj8LsssWIWBX06CkCS/LADUIUekcmDfGq5KLvIA==,iv:lvcSkngLc7phKVsFO0QooID62iI7Cm+qoYvW2nRo9Js=,tag:jTOBdy+EBrxMm5jyy8m3PA==,type:str]
darkkirb: ENC[AES256_GCM,data:ji+aKSQgrVNSASAr23hRppGLnANXKD5CI+pRk6Lb4DHsVd+U0enDu68SAR6vh5xt5t2NlICdnN6K5IlS8DQvNWC+3X5IJb5F0dfBZYcTnu2FdmX1D2XyoniJw2z4Pd2YZLB6+fiVmgcL2g==,iv:GExkGbbImSDOXc8nGD3vGbBr7AIa0ArhaOaV8rOnWGk=,tag:pZB/IBZzNL9Cuv/xNRY3sA==,type:str]
patroni:
postgresql:
replication:
password: ENC[AES256_GCM,data:Rtvp3uFW5i8Ql2rmkqJEqwdePXvqcRH2pc1UVn1MIlBmbSupklkdnObnB6GHDPLpNB8e7WS3pg3DW7PoNCtTHQ==,iv:ON96cAS/TIxUwGePwhRQdwe/e4VEZ7AJrZbS5SpB5GY=,tag:qlUhxoGriNrYHnf8xJkK0Q==,type:str]
superuser:
password: ENC[AES256_GCM,data:biKsnCeSvrF+ALiflH0wbn+k9Lu+WUQinojSsRZKcQ3Btez/8x4BYM3FGekG+bKM+YGjYOb3hTEuElbes4KhLw==,iv:fhGxZ3RlRyJ0h+1m8pycHI+eHaYTZ6WUwJGiSNtyvdU=,tag:XLtU+ZhBz5Ea9K0iZpZVQg==,type:str]
rewind:
password: ENC[AES256_GCM,data:3SFUf/vesfzA8lM/ND/89yvJga5SNBFilRZNdDCw3wfCBmqtWnQB5P3BuEvR1Ccao6H9dKQuEn32EQVZcVqCrw==,iv:JiseXAZGflG3JtL+jMkZ4N1jAutTvyuAxIuGHbTMvZc=,tag:ZrVCC6M3xtXss5zXoFKtiQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -36,8 +44,8 @@ sops:
bVJUcDZLWTk3MiszOWp4enRRQmNsajQKF8QJs/Wb0SqnvsQEkRKlS1Ms9xLIdyvZ
QCFAPclaOfaTLTiRJWXjDneBkMBduYKkRPiXCR+Bn7i4z8ixLXFmWw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-14T15:34:13Z"
mac: ENC[AES256_GCM,data:9DHLfOjTVKWbsWiUDr7pu5pyh6dzoExcgjRsAd2HMtdu+R/Y04Zy5dbCJpFu4mvyRD9GJ5aI4hufYRLvFsTuO9k8aWNUbqb1IYnX+D6zzLlecCHxEJ6zhm0PhjkcuN0XxFhBQb/aCUaisP891PqHM8ZbXblIaCdl4FFX/me3Cls=,iv:MnMInA14AxnCPjLYvksSdZVfpvcIjpbLSQRMbzSYr2M=,tag:eQsCwg6S60FpZ4bxaBMiJg==,type:str]
lastmodified: "2022-12-15T18:48:50Z"
mac: ENC[AES256_GCM,data:Mg8cfwxhjPfJHHwEI3R+ZMeJUzl/caVc/V3UxDwV4VIeAT/d+WDVtdanF6ro4SyELbR9PdWC5q8wLTlpoz/CAjQvoPI3WEmYMtxmMBuZATy86EWz07FEltaod0yYcDvQ1RW24Km3gWrghHMBQUehijG+xHI84jvv8o+LL+ItktI=,iv:47ms+YmKjNC7wnox4Lpxp0m4eyMDJ+BNYI7JUokvyWk=,tag:sRL/JO7MKbFcf3gx064r9g==,type:str]
pgp:
- created_at: "2022-12-14T15:34:13Z"
enc: |

12
secrets/nixos-8gb-fsn1-1.yaml
View file

@ -73,6 +73,14 @@ email:
password:
root: ENC[AES256_GCM,data:AmwmR4I14s8mGTJidm4yEys1pPlLSRWoL9632IZSM1pAgV1H27KZIi+z00JUqnkvaCwuOsUH77tl9cSIK3UN1GUMbMaev3Ltln8hshRIYXN/bgg7K2JlZ5rwjLYjvxbwEBGEG8mBubHSvg==,iv:uoUiZ7t0u2ezAI1cwf86YxQ30hTlu6o7g3avzyBKWn8=,tag:Agn3UgC6PO5TdegGNHiZPw==,type:str]
darkkirb: ENC[AES256_GCM,data:DSecZ2Fw8akFfzor30x/lPVztZcaxM5YT2gTsFYJxV/GQHODy9htHT7blTU4tWzAJsUXqFo/GzcBIwyJZ1ox3jVpAqznaBuQxslrgMurb6T47wsUcbjmX6bkDGra4iQEYrRPyXlJgKpmlw==,iv:XY4S3skY2zbq771Y3Tva2povZRfcXEOhweajzvI1ebk=,tag:DrHRNFgYpNWCPIY1zbURKg==,type:str]
patroni:
postgresql:
replication:
password: ENC[AES256_GCM,data:iMbwJTCn0IQ7rm/W5+vVLyHCKQfFpkGDXb0lNQJtAO/GBioQ8TLcp5djhAlHljCt6uKCPqkQaN5PxRvAijUQUw==,iv:rmbgTxYEL5ANJqoDZatzXGflg9nDbbsD9/1jb26RFME=,tag:wB9YV997ForDjJxZWSYaig==,type:str]
superuser:
password: ENC[AES256_GCM,data:dxAfTgyDtiNNhFfjmfgZIdTZf4H4RktD7uX7ywKSOOkLkrQRbbrM43voxC4hiCPNKfDXOKODLTYKdoFz0UZQBw==,iv:sT44JwP4dNIfE9ImohTvPt0XNlFucJCHIsALZ8oT/O0=,tag:XCxegdIMJhwLLejv1RpQFg==,type:str]
rewind:
password: ENC[AES256_GCM,data:8svavhNeEtOTKfoUNmlEamlGy0bS1GnefUvTpPs624ied3nXc9lhOyg1ZT4tXY5OmL9Qy7Xzr0YgTLJt19dQVA==,iv:y8+Pl251pHoZQK70uJQ44odKSXTcBSyEykprQOyHN08=,tag:BbZJnEQOiTol+UrrzQnoHw==,type:str]
sops:
kms: []
gcp_kms: []
@ -88,8 +96,8 @@ sops:
N1lNTTRhSDFsczd4VjNudUU2NEt4MUEKdVJIJmaoGcwUHa0BGB45jqYnm9aPVZxP
dl1vkMx8EAiKhWKbBwQm5fFZcNh371rspGE7KOXmwNbNWef5bVfHpQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-14T16:46:00Z"
mac: ENC[AES256_GCM,data:SZUAvmTDVMfzCU8j9FS4zGIHUpwyHFYC2ybPrgiISOO4ka1LAR+8FgsY9SAkI0to6BV/Ha6sf8GyTYzJhtwnhDiTzsd0nmi+ZRJHVb7wZfvUEsKr69XoYhjx4cO3hhCIhBgminxqctSnx4wtR4mxtoisTImm6hxbZOW4FL3Tbu4=,iv:5Qo/fYBph6pbhNTS44ibuyMbli4ojMeGQkQVdtMveRo=,tag:w4xzhjFXiuJT9Jw0ELUXTg==,type:str]
lastmodified: "2022-12-15T18:49:04Z"
mac: ENC[AES256_GCM,data:WyZHDnHUtzyD7G9B1pZ61u4RdMf3TkQK8DUFNS1+fnT5ix0T9N/tMq9xgD1xvkey8PJpoSXeAPcCGlom8VwyWOw0reiJXGIgXd5jW28YSOlP8Sqtq+G37vSavCFfvtEI0ZwCt9mtB+hPvzGQK5n0mRb8LvuQQlZThji+yMSDPfo=,iv:trpJ/FVMlbGXkvwTRJjiu/ewfs8uq5twkj26gmPrVd8=,tag:U7km68CPWBu/QQlnhbRMCw==,type:str]
pgp:
- created_at: "2022-02-02T17:50:42Z"
enc: |