Skip to content
Snippets Groups Projects
Commit 6deadb95 authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

Set up the voucher-database fileSystem in just the right place

The hardware modules can now configure this fileSystem in a way appropriate
for themselves and the issuer module can enable that configuration when it is
enabled itself.
parent b06aa0c9
No related branches found
No related tags found
No related merge requests found
......@@ -37,12 +37,15 @@
# (maybe it could? but why bother?) we do a bind-mount here so there is a
# configured value readable. The database won't really have a dedicated
# volume but it will sort of appear as if it does.
fileSystems."voucher-database" = {
services.private-storage-issuer.voucherFileSystem = {
device = "/var/lib/origin-zkapissuer-vouchers";
mountPoint = "/var/lib/zkapissuer-vouchers";
options = ["bind"];
};
# XXX This should be handled by the storage module like voucher-database
# is handled by the issuer module.
fileSystems."/storage" = { fsType = "tmpfs"; };
fileSystems."/" =
{ device = "/dev/sda1";
fsType = "ext4";
......
......@@ -18,15 +18,12 @@
# <https://github.com/DBCDK/morph/issues/146>.
networking.hostName = name;
fileSystems = {
# Mount a dedicated filesystem (ideally on a dedicated volume, but that's
# beyond control of this particular part of the system) for the
# PaymentServer voucher database. This makes it easier to manage for
# tasks like backup/recovery and encryption.
"voucher-database" = {
label = "voucher-database";
mountPoint = "/var/lib/zkapissuer-vouchers";
};
# Mount a dedicated filesystem (ideally on a dedicated volume, but that's
# beyond control of this particular part of the system) for the
# PaymentServer voucher database. This makes it easier to manage for
# tasks like backup/recovery and encryption.
services.private-storage-issuer.voucherFileSystem = {
label = "voucher-database";
};
# Clean up packages after a while
......
......@@ -81,6 +81,15 @@ in {
The kind of voucher database to use.
'';
};
services.private-storage-issuer.voucherFileSystem = lib.mkOption {
# Logically, the type is the type of an entry in fileSystems - but we'll
# just let the type system enforce that when we pass the value on to
# fileSystems.
description = ''
Configuration for a filesystem to mount which will hold the voucher
database.
'';
};
services.private-storage-issuer.databasePath = lib.mkOption {
default = null;
type = lib.types.str;
......@@ -115,6 +124,17 @@ in {
internalHttpPort = "1061";
in lib.mkIf cfg.enable {
# Make sure the voucher database filesystem is mounted.
fileSystems = {
"voucher-database" = cfg.voucherFileSystem // {
# Note that this path coincides with the StateDirectory we configure
# the systemd service with and the database path we configure
# PaymentServer with. It is probably possible to have less repetition
# and more value sharing here.
mountPoint = "/var/lib/zkapissuer-vouchers";
};
};
# Add a systemd service to run PaymentServer.
systemd.services.zkapissuer = {
enable = true;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment