From 9c622fbc58af9e70fdd91bc071057b0f9f5e64e6 Mon Sep 17 00:00:00 2001 From: Pjotr Prins Date: Tue, 20 Feb 2024 16:41:04 +0100 Subject: Mariadb setup --- topics/deploy/installation.gmi | 52 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'topics/deploy') diff --git a/topics/deploy/installation.gmi b/topics/deploy/installation.gmi index 5a077c4..53e0e0c 100644 --- a/topics/deploy/installation.gmi +++ b/topics/deploy/installation.gmi @@ -260,6 +260,58 @@ ft_min_word_len = 3 Note that we handle IP restrictions through the nftables firewall. +The systemd config is + +``` +[Unit] +Description=MariaDB database server +Documentation=man:mysqld(8) +Documentation=https://mariadb.com/kb/en/library/systemd/ +After=network.target + +[Install] +WantedBy=multi-user.target +Alias=mysqld.service + +[Service] +TimeoutStartSec=infinity +TimeoutStopSec=infinity +LimitNOFILE=infinity +LimitMEMLOCK=infinity + +Type=simple +PrivateNetwork=false + +User=mariadb +Group=mariadb + +CapabilityBoundingSet=CAP_IPC_LOCK # Prevent writes to /usr, /boot, and /etc +ProtectSystem=true + PrivateDevices=true +# Prevent accessing /home, /root and /run/user +ProtectHome=false + +# Execute pre and post scripts as root, otherwise it does it as User= +PermissionsStartOnly=true + +ExecStartPre=/usr/bin/install -m 755 -o mariadb -g root -d /var/run/mysqld + +ExecStart=/usr/local/guix-profiles/gn-latest/bin/mariadbd --datadir=/export/mariadb/tux01_mariadb/latest $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WS +REP_START_POSITION -W + +ExecStartPost=/bin/sh -c "systemctl unset-environment _WSREP_START_POSITION" + +KillSignal=SIGTERM + +SendSIGKILL=no +Restart=on-abort +RestartSec=15s + +UMask=007 + +PrivateTmp=false +``` + ** Load the small database in MySQL Currently we have two databases for deployment, -- cgit v1.2.3