hacc/haccfiles
8
0
Fork 1
Code Issues 1 Pull requests Projects Releases Wiki Activity

Compare commits

base: hacc:0a208223c824b66934d059971a311921e1aa98e2
Branches Tags
hacc:main
hacc:nixos-24.11
hacc:mattermost-9.11
hacc:24_04-remove-nftables_ruleset
hacc:nicer-nftables
hacc:monit-onlyoffice-restart
hacc:mattermost-kanidm
hacc:mattermost-update
hacc:removing-nix-hexchen
hacc:onlyoffice-nix
hacc:nextcloud-docs-on-website
..
compare: hacc:285a8e6a8e73dd1e102b5402fba2c76dcf70575a
Branches Tags
hacc:nixos-24.11
hacc:main
hacc:mattermost-9.11
hacc:24_04-remove-nftables_ruleset
hacc:nicer-nftables
hacc:monit-onlyoffice-restart
hacc:mattermost-kanidm
hacc:mattermost-update
hacc:removing-nix-hexchen
hacc:onlyoffice-nix
hacc:nextcloud-docs-on-website

3 commits
0a208223c8 ... 285a8e6a8e

Author SHA1 Message Date
stuebinm
285a8e6a8e mattermost: switch to postgresql 
this depends on a whole lot of imperative nonsense being done at the
same time, which i have done.

of special interest to anyone attempting to understand this is
 https://docs.mattermost.com/deploy/postgres-migration.html
for the general shape of incompetence at work,
 https://docs.mattermost.com/install/setting-up-socket-based-mattermost-database.html#with-unix-socket
for yet another interesting syntax for database connection strings, and
 https://github.com/dimitri/pgloader/issues/782#issuecomment-502323324
for a truly astonishing take on how to do database migrations, which
unfortunately i have followed.

As far as I can tell, everything has kept working. Downtime was mostly
spent understanding connection string syntax and their horribly buggy
parsers.

Note for people with server access:
 - i have kept the temporary files (including logs) around in
   /persist/migration inside the container should we ever need them
   again
 - there's a zfs snapshot @pre-postgres with the old state
 2024-05-19 23:26:53 +02:00
stuebinm
ed667e15e9 mattermost: packages required for migration 2024-05-19 23:24:26 +02:00
stuebinm
75cc371c01 pkgs: add morph, a mattermost migration tool 
this is preliminary work for migrating mattermost from mysql to
postgresql.

This tool is specific to mattermost, but at least it's easy enough to
build. I'm not sure if it makes sense to upstream, but I guess we can
keep it around here.
 2024-05-19 23:23:30 +02:00
4 changed files with 60 additions and 9 deletions
Show stats Expand all files Collapse all files

26
parsons/mattermost.nix
View file

@ -9,6 +9,8 @@
bindSecrets = true;
config = { config, lib, pkgs, ... }: {
environment.systemPackages = [ pkgs.morph pkgs.pgloader ];
systemd.services.mattermost.serviceConfig.EnvironmentFile =
lib.mkForce "/secrets/env";
@ -162,7 +164,8 @@
MetricsSettings.Enable = false;
GuestAccountsSettings.Enable = false;
FeatureFlags.CollapsedThreads = true;
SqlSettings.DriverName = "mysql";
SqlSettings.DriverName = "postgres";
SqlSettings.DataSource = "postgres:///mattermost?host=/run/postgresql";
};
# turn of the weirder parts of this module (which insist on passwords
@ -173,15 +176,26 @@
localDatabaseCreate = false;
};
services.mysql = {
enable = true;
services.postgresql = {
enable = lib.mkForce true; # mattermost sets this to false. wtf.
package = pkgs.postgresql_15;
ensureDatabases = [ "mattermost" ];
ensureUsers = [ {
name = "mattermost";
ensurePermissions = { "mattermost.*" = "ALL PRIVILEGES"; };
ensureDBOwnership = true;
} ];
package = pkgs.mysql80;
dataDir = "/persist/mysql";
authentication = lib.mkForce ''
# Generated file; do not edit!
local all all trust
'';
};
services.postgresqlBackup = {
enable = true;
databases = [ "mattermost" ];
startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres";
};
};
};

4
pkgs/default.nix
View file

@ -13,6 +13,10 @@ let
buildGoModule = unstable.buildGo122Module;
};
morph = callPackage ./morph.nix {
buildGoModule = unstable.buildGo122Module;
};
forgejo = callPackage ./forgejo {
buildGoModule = unstable.buildGo122Module;
};

33
pkgs/morph.nix Normal file
View file

@ -0,0 +1,33 @@
{ buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "mattermost-morph";
version = "1.1.0";
src = fetchFromGitHub {
owner = "mattermost";
repo = "morph";
rev = "v${version}";
hash = "sha256-Orh/a9OlUVIlDdLXRpDAnHUmWRiM1N2oO+dijbuJzx8=";
};
vendorHash = null;
subPackages = [ "cmd/morph" ];
tags = [ "production" ];
ldflags = [
"-s"
"-w"
"-X github.com/mattermost/mattermost/server/public/model.Version=${version}"
"-X github.com/mattermost/mattermost/server/public/model.BuildNumber=${version}-nixpkgs"
"-X github.com/mattermost/mattermost/server/public/model.BuildDate=1970-01-01"
"-X github.com/mattermost/mattermost/server/public/model.BuildHash=v${version}"
"-X github.com/mattermost/mattermost/server/public/model.BuildHashEnterprise=none"
"-X github.com/mattermost/mattermost/server/public/model.BuildEnterpriseReady=false"
];
}

6
secrets.yaml
View file

@ -1,7 +1,7 @@
hedgedoc-hacc:
env: ENC[AES256_GCM,data:e2vSolxJNucya9QNs28gAVDBJQq5AJh7jS1nBh0UTkDnhNL8NPW1KTxcun4rM99EhiNZsz6Z9qHRMejmP4frQw==,iv:DqAGhGWYf/EpGnI79MxKmBlHMhK26zx50vXb1TbvESw=,tag:Xix499XAcAmxhNuGr2ApcA==,type:str]
mattermost:
env: ENC[AES256_GCM,data:L9GBhCvdHUKlDQ1J3uvEqVziv9yCCISycexyTo/U0Hx8vPVk3TAEOk8zP23XAUsHNEE2L0ibzHBTVAMiXMmFkiuyxlmLqfRemZ3cm4eXMPP8Wks+5d9yFKLYAaQgjpFUEOX5k+FHvN3+ADs/zTBT7LRWIKtga4yr14VfXAzmde2TFZM30Fdoj24EBdgaCjuh4FC9GMmivT/PtCX5s87c3O48EM993llhINVtnYxCLItunBCax/PQX2duVrvYg8FA6ldH6rUOy1fPtWVR8Vs9loSsTnK2AkrRKOzqKxU+lkQENHIGrHWhcl2toPAgeE5on//9tMpZVwYwJrubvAa2luikVEdAnjSQh3Co4bVSECzQTqp6pkm4gzgwagn3rSdbR40=,iv:auCnnA6+35LTW7E/0AWWwjh6Jmq/Y57MjiBKI8aJb9U=,tag:/7fAqyG87CxekN/QVKrLsg==,type:str]
env: ENC[AES256_GCM,data:ftWpGl6+sUMzJJKgfcPLvbFGGn16AKUPzPn8X6DNVMLrxZIkQ23Tk3ekKLKFpQEUtQfFjVlrTfFZezWKs4nVNLg2LmQqJNGMCCax5PRwAgoAsJ7pa9ewNmHT+EIXtZEjQgVfN5786Yno5n/6JJ1lz6EiGmdn7/0rF5TLGjzig17azazS1+lkIYY=,iv:SZvGGKpVRI/odHbmgY8M6t6zCk8RgM+7EQEgRiizglA=,tag:cInsVo/QD85m+LxldyRlnA==,type:str]
tracktrain:
env: ENC[AES256_GCM,data:W3+8qWomPgGJt5u50aAm9x/dilMpqKY11I2AdaIBTz5posc25ts0LB5S/Sxe1ROz4itpDK3QvjoFUTRhS39k4dwMr5lqXV8Ln4B+sPpvh7oBM8A5zydP8Jj1J1YqRt8++RTUmb4z41DIwb/yaZKMu6z0guXIu1yuYzcbCuk0xe/iOp6UUpfjOzzWTvxY54zY6kWcjHLiCSwD31Cd+MxMPfbUEkHt+0W+sBmYXGeEFI/6ULSB6FnGjNW6F9g=,iv:3ymah8HG+Yg6VYZZA/MRRjHDYvYJz01ezvhfQiftegg=,tag:trht+PRYfKgWJkg2wRwISQ==,type:str]
vaultwarden:
@ -100,8 +100,8 @@ sops:
bndBTXJhQVE2OVlKeGNTbzJlL0duUzAKIWdesesYvBIN/m36fhzxq30+IT8qp/pF
S6i7QqZF75y2BpEoupRCqNIAsHrouUE+U9ZQJZO8m9J591mWvbVJIw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-08T12:29:13Z"
mac: ENC[AES256_GCM,data:Gt1UQy531A9YguKSWzgq2+EKATY2yqE7lCtG9+BYCCB2idMq6bNbKoLn5+kUTv/4y4P/4mgeTdMqdUDrF3nUTqpyyiE0U1I/B9z05iN1Xo5rnEOswX2TvT+br838vw4ueIk/4EmXlRyYRYJi/kTRtBcnYfDjbIYVE0JVkHutjmc=,iv:xsZAJlZCvGWoov1DRx4obt+OQeDMnU+OqCI3/1mzz5c=,tag:+MALy05C1hEUeODC0VcUEg==,type:str]
lastmodified: "2024-05-19T21:17:46Z"
mac: ENC[AES256_GCM,data:rzxX2fl+EQbhQUcmr6lKoYcUpAb1G3IKjsJJjCrMKN5t4oevI85GtTU3Q+pLrIFLjfkgIV8yiNH4usg0ghtoahQUkrnlZxkOoCktfgM67hRcUniY8UUxY4HqFFK3KzXFqc8Q4vXrerQgJy87Xg+ret9wCQXBbM3AB+B1fsmLE9s=,iv:pm1FakBlOFibps6R5kXMUq+IEl074mEmRIQmdeDxPs4=,tag:hQsV0NZNgDGYjFOK7+SKqg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1