diff options
author | Pjotr Prins | 2024-02-20 16:41:04 +0100 |
---|---|---|
committer | Pjotr Prins | 2024-02-20 16:41:04 +0100 |
commit | 9c622fbc58af9e70fdd91bc071057b0f9f5e64e6 (patch) | |
tree | ae1023018ae6b6a59fddc46dcb9e759312c9f162 | |
parent | e033d0bd8d83124ef61a4dd00a3d11954b1abc23 (diff) | |
download | gn-gemtext-9c622fbc58af9e70fdd91bc071057b0f9f5e64e6.tar.gz |
Mariadb setup
-rw-r--r-- | topics/deploy/installation.gmi | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/topics/deploy/installation.gmi b/topics/deploy/installation.gmi index 5a077c4..53e0e0c 100644 --- a/topics/deploy/installation.gmi +++ b/topics/deploy/installation.gmi @@ -260,6 +260,58 @@ ft_min_word_len = 3 Note that we handle IP restrictions through the nftables firewall. +The systemd config is + +``` +[Unit] +Description=MariaDB database server +Documentation=man:mysqld(8) +Documentation=https://mariadb.com/kb/en/library/systemd/ +After=network.target + +[Install] +WantedBy=multi-user.target +Alias=mysqld.service + +[Service] +TimeoutStartSec=infinity +TimeoutStopSec=infinity +LimitNOFILE=infinity +LimitMEMLOCK=infinity + +Type=simple +PrivateNetwork=false + +User=mariadb +Group=mariadb + +CapabilityBoundingSet=CAP_IPC_LOCK # Prevent writes to /usr, /boot, and /etc +ProtectSystem=true + PrivateDevices=true +# Prevent accessing /home, /root and /run/user +ProtectHome=false + +# Execute pre and post scripts as root, otherwise it does it as User= +PermissionsStartOnly=true + +ExecStartPre=/usr/bin/install -m 755 -o mariadb -g root -d /var/run/mysqld + +ExecStart=/usr/local/guix-profiles/gn-latest/bin/mariadbd --datadir=/export/mariadb/tux01_mariadb/latest $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WS +REP_START_POSITION -W + +ExecStartPost=/bin/sh -c "systemctl unset-environment _WSREP_START_POSITION" + +KillSignal=SIGTERM + +SendSIGKILL=no +Restart=on-abort +RestartSec=15s + +UMask=007 + +PrivateTmp=false +``` + ** Load the small database in MySQL Currently we have two databases for deployment, |