Move jinx to system and assign postgres database
We wanted an easy way to view the jinx logs and to avoid using a
separate user account which is more complicated to operate, and has more
challenges in deployment, than a normal systemd service
Change-Id: I436247a14925316ec3dcd77fb18875dc35c69560
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/398
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>
diff --git a/modules/common/jinx.nix b/modules/common/jinx.nix
new file mode 100644
index 0000000..33f8a49
--- /dev/null
+++ b/modules/common/jinx.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, lib, ... }: {
+ systemd.services.jinx = { # running for Pinea
+ serviceConfig = {
+ User = "jinx";
+ ExecStart = "${pkgs.nix}/bin/nix develop --command pnpm start";
+ WorkingDirectory = "/services/jinx/Jinx";
+ LoadCredential = "postgres_password:${config.sops.secrets.clicks_jinx_db_password.path}";
+ Environment = [
+ "PATH=${pkgs.git}/bin"
+ "DATABASE_PASSWORD_FILE=%d/postgres_password"
+ ];
+ };
+ wantedBy = [ "default.target" ];
+ description = "Run Jinx";
+ };
+}
diff --git a/modules/common/mailcow.nix b/modules/common/mailcow.nix
index 9073d56..f046684 100644
--- a/modules/common/mailcow.nix
+++ b/modules/common/mailcow.nix
@@ -24,7 +24,12 @@
certs = lib.pipe mailACMEHosts [
(map (name: { inherit name; value = {}; }))
builtins.listToAttrs
- ];
+ ] // {
+ "mail.clicks.codes".postRun = ''
+ cp -r $(pwd) /opt/mailcow-dockerized/data/assets/ssl/
+ cp -r $(pwd)/* /opt/mailcow-dockerized/data/assets/ssl/
+ '';
+ };
defaults.postRun = "cp -r $(pwd) /opt/mailcow-dockerized/data/assets/ssl/";
};
}
diff --git a/modules/common/postgres.nix b/modules/common/postgres.nix
index a4e107e..7955bc2 100644
--- a/modules/common/postgres.nix
+++ b/modules/common/postgres.nix
@@ -15,8 +15,7 @@
log_destination = lib.mkForce "syslog";
};
- ensureDatabases =
- [ "vaultwarden" "gerrit" "privatebin" "keycloak" "nextcloud" "synapse" "taiga" ];
+ ensureDatabases = [ "vaultwarden" "gerrit" "privatebin" "keycloak" "nextcloud" "synapse" "taiga" "jinx" ];
ensureUsers = [
{
@@ -45,6 +44,14 @@
name = "taiga";
ensureDBOwnership = true;
}
+ {
+ name = "taiga";
+ ensureDBOwnership = true;
+ }
+ {
+ name = "jinx";
+ ensureDBOwnership = true;
+ }
] ++ (map (name: ({
inherit name;
})) [ "minion" "coded" "pineafan" ]);
@@ -53,6 +60,9 @@
authentication = "host all all samenet scram-sha-256";
};
+ systemd.services.postgresql.restartTriggers = [
+ config.systemd.services.postgresql.postStart
+ ];
systemd.services.postgresql.postStart = lib.mkMerge [
(let
database = "synapse";
@@ -93,6 +103,10 @@
user = "taiga";
passwordFile = config.sops.secrets.clicks_taiga_db_password.path;
}
+ {
+ user = "jinx";
+ passwordFile = config.sops.secrets.clicks_jinx_db_password.path;
+ }
] [
(map (userData: ''
$PSQL -tAc "ALTER USER ${userData.user} PASSWORD '$(cat ${userData.passwordFile})';"
@@ -121,6 +135,7 @@
"clicks_privatebin_db_password"
"clicks_nextcloud_db_password"
"clicks_taiga_db_password"
+ "clicks_jinx_db_password"
] [
(map (name: {
inherit name;