From 285a8e6a8e73dd1e102b5402fba2c76dcf70575a Mon Sep 17 00:00:00 2001 From: stuebinm Date: Sun, 19 May 2024 23:26:53 +0200 Subject: [PATCH] mattermost: switch to postgresql this depends on a whole lot of imperative nonsense being done at the same time, which i have done. of special interest to anyone attempting to understand this is https://docs.mattermost.com/deploy/postgres-migration.html for the general shape of incompetence at work, https://docs.mattermost.com/install/setting-up-socket-based-mattermost-database.html#with-unix-socket for yet another interesting syntax for database connection strings, and https://github.com/dimitri/pgloader/issues/782#issuecomment-502323324 for a truly astonishing take on how to do database migrations, which unfortunately i have followed. As far as I can tell, everything has kept working. Downtime was mostly spent understanding connection string syntax and their horribly buggy parsers. Note for people with server access: - i have kept the temporary files (including logs) around in /persist/migration inside the container should we ever need them again - there's a zfs snapshot @pre-postgres with the old state --- parsons/mattermost.nix | 24 ++++++++++++++++++------ secrets.yaml | 6 +++--- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/parsons/mattermost.nix b/parsons/mattermost.nix index 56883a0..2b32b49 100644 --- a/parsons/mattermost.nix +++ b/parsons/mattermost.nix @@ -164,7 +164,8 @@ MetricsSettings.Enable = false; GuestAccountsSettings.Enable = false; FeatureFlags.CollapsedThreads = true; - SqlSettings.DriverName = "mysql"; + SqlSettings.DriverName = "postgres"; + SqlSettings.DataSource = "postgres:///mattermost?host=/run/postgresql"; }; # turn of the weirder parts of this module (which insist on passwords @@ -175,15 +176,26 @@ localDatabaseCreate = false; }; - services.mysql = { - enable = true; + services.postgresql = { + enable = lib.mkForce true; # mattermost sets this to false. wtf. + package = pkgs.postgresql_15; ensureDatabases = [ "mattermost" ]; ensureUsers = [ { name = "mattermost"; - ensurePermissions = { "mattermost.*" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; - package = pkgs.mysql80; - dataDir = "/persist/mysql"; + + authentication = lib.mkForce '' + # Generated file; do not edit! + local all all trust + ''; + }; + + services.postgresqlBackup = { + enable = true; + databases = [ "mattermost" ]; + startAt = "*-*-* 23:45:00"; + location = "/persist/backups/postgres"; }; }; }; diff --git a/secrets.yaml b/secrets.yaml index 75263e7..e9e82ca 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -1,7 +1,7 @@ hedgedoc-hacc: env: ENC[AES256_GCM,data:e2vSolxJNucya9QNs28gAVDBJQq5AJh7jS1nBh0UTkDnhNL8NPW1KTxcun4rM99EhiNZsz6Z9qHRMejmP4frQw==,iv:DqAGhGWYf/EpGnI79MxKmBlHMhK26zx50vXb1TbvESw=,tag:Xix499XAcAmxhNuGr2ApcA==,type:str] mattermost: - env: ENC[AES256_GCM,data:L9GBhCvdHUKlDQ1J3uvEqVziv9yCCISycexyTo/U0Hx8vPVk3TAEOk8zP23XAUsHNEE2L0ibzHBTVAMiXMmFkiuyxlmLqfRemZ3cm4eXMPP8Wks+5d9yFKLYAaQgjpFUEOX5k+FHvN3+ADs/zTBT7LRWIKtga4yr14VfXAzmde2TFZM30Fdoj24EBdgaCjuh4FC9GMmivT/PtCX5s87c3O48EM993llhINVtnYxCLItunBCax/PQX2duVrvYg8FA6ldH6rUOy1fPtWVR8Vs9loSsTnK2AkrRKOzqKxU+lkQENHIGrHWhcl2toPAgeE5on//9tMpZVwYwJrubvAa2luikVEdAnjSQh3Co4bVSECzQTqp6pkm4gzgwagn3rSdbR40=,iv:auCnnA6+35LTW7E/0AWWwjh6Jmq/Y57MjiBKI8aJb9U=,tag:/7fAqyG87CxekN/QVKrLsg==,type:str] + env: ENC[AES256_GCM,data:ftWpGl6+sUMzJJKgfcPLvbFGGn16AKUPzPn8X6DNVMLrxZIkQ23Tk3ekKLKFpQEUtQfFjVlrTfFZezWKs4nVNLg2LmQqJNGMCCax5PRwAgoAsJ7pa9ewNmHT+EIXtZEjQgVfN5786Yno5n/6JJ1lz6EiGmdn7/0rF5TLGjzig17azazS1+lkIYY=,iv:SZvGGKpVRI/odHbmgY8M6t6zCk8RgM+7EQEgRiizglA=,tag:cInsVo/QD85m+LxldyRlnA==,type:str] tracktrain: env: ENC[AES256_GCM,data:W3+8qWomPgGJt5u50aAm9x/dilMpqKY11I2AdaIBTz5posc25ts0LB5S/Sxe1ROz4itpDK3QvjoFUTRhS39k4dwMr5lqXV8Ln4B+sPpvh7oBM8A5zydP8Jj1J1YqRt8++RTUmb4z41DIwb/yaZKMu6z0guXIu1yuYzcbCuk0xe/iOp6UUpfjOzzWTvxY54zY6kWcjHLiCSwD31Cd+MxMPfbUEkHt+0W+sBmYXGeEFI/6ULSB6FnGjNW6F9g=,iv:3ymah8HG+Yg6VYZZA/MRRjHDYvYJz01ezvhfQiftegg=,tag:trht+PRYfKgWJkg2wRwISQ==,type:str] vaultwarden: @@ -100,8 +100,8 @@ sops: bndBTXJhQVE2OVlKeGNTbzJlL0duUzAKIWdesesYvBIN/m36fhzxq30+IT8qp/pF S6i7QqZF75y2BpEoupRCqNIAsHrouUE+U9ZQJZO8m9J591mWvbVJIw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-08T12:29:13Z" - mac: ENC[AES256_GCM,data:Gt1UQy531A9YguKSWzgq2+EKATY2yqE7lCtG9+BYCCB2idMq6bNbKoLn5+kUTv/4y4P/4mgeTdMqdUDrF3nUTqpyyiE0U1I/B9z05iN1Xo5rnEOswX2TvT+br838vw4ueIk/4EmXlRyYRYJi/kTRtBcnYfDjbIYVE0JVkHutjmc=,iv:xsZAJlZCvGWoov1DRx4obt+OQeDMnU+OqCI3/1mzz5c=,tag:+MALy05C1hEUeODC0VcUEg==,type:str] + lastmodified: "2024-05-19T21:17:46Z" + mac: ENC[AES256_GCM,data:rzxX2fl+EQbhQUcmr6lKoYcUpAb1G3IKjsJJjCrMKN5t4oevI85GtTU3Q+pLrIFLjfkgIV8yiNH4usg0ghtoahQUkrnlZxkOoCktfgM67hRcUniY8UUxY4HqFFK3KzXFqc8Q4vXrerQgJy87Xg+ret9wCQXBbM3AB+B1fsmLE9s=,iv:pm1FakBlOFibps6R5kXMUq+IEl074mEmRIQmdeDxPs4=,tag:hQsV0NZNgDGYjFOK7+SKqg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1