From 229e9cfbd22be1ba2860186f02229f1f5bd1edbb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 10 Jun 2020 14:40:01 +0200
Subject: [PATCH 1/4] Add the kosmos_encfs recipe to centaurus

---
 nodes/centaurus.kosmos.org.json | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/nodes/centaurus.kosmos.org.json b/nodes/centaurus.kosmos.org.json
index abd2780..777e9cd 100644
--- a/nodes/centaurus.kosmos.org.json
+++ b/nodes/centaurus.kosmos.org.json
@@ -12,16 +12,18 @@
     "hostname": "centaurus",
     "ipaddress": "78.46.59.98",
     "roles": [
-      "postgresql_replica",
-      "gitea"
+      "gitea",
+      "postgresql_replica"
     ],
     "recipes": [
       "kosmos-base",
       "kosmos-base::default",
-      "kosmos-postgresql::replica",
+      "kosmos_encfs",
+      "kosmos_encfs::default",
       "kosmos_gitea",
       "kosmos_gitea::default",
       "kosmos_gitea::backup",
+      "kosmos-postgresql::replica",
       "apt::default",
       "timezone_iii::default",
       "timezone_iii::debian",
@@ -35,8 +37,6 @@
       "postfix::_attributes",
       "postfix::sasl_auth",
       "hostname::default",
-      "firewall::default",
-      "chef-sugar::default",
       "kosmos-nginx::default",
       "nginx::default",
       "nginx::package",
@@ -46,10 +46,12 @@
       "nginx::commons_dir",
       "nginx::commons_script",
       "nginx::commons_conf",
+      "firewall::default",
+      "chef-sugar::default",
       "backup::default",
       "logrotate::default",
-      "build-essential::default",
-      "kosmos-base::letsencrypt"
+      "kosmos-base::letsencrypt",
+      "build-essential::default"
     ],
     "platform": "ubuntu",
     "platform_version": "18.04",
@@ -67,7 +69,8 @@
   },
   "run_list": [
     "recipe[kosmos-base]",
-    "role[postgresql_replica]",
-    "role[gitea]"
+    "recipe[kosmos_encfs]",
+    "role[gitea]",
+    "role[postgresql_replica]"
   ]
 }
\ No newline at end of file

From dba662986941735f1b3fb67f38b42a323bb3d421 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 10 Jun 2020 14:40:16 +0200
Subject: [PATCH 2/4] Use the attribute from the encfs recipe for the data
 directory

---
 site-cookbooks/kosmos-postgresql/recipes/replica.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-postgresql/recipes/replica.rb b/site-cookbooks/kosmos-postgresql/recipes/replica.rb
index 8a3f7d5..9c6102e 100644
--- a/site-cookbooks/kosmos-postgresql/recipes/replica.rb
+++ b/site-cookbooks/kosmos-postgresql/recipes/replica.rb
@@ -41,7 +41,7 @@ postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
 primary = postgresql_primary
 
 unless primary.nil?
-  postgresql_data_dir = "/var/lib/postgresql/#{postgresql_version}/main"
+  postgresql_data_dir = "#{node["kosmos_encfs"]["data_directory"]}/postgresql/#{postgresql_version}/main"
 
   if node['kosmos-postgresql']['ready_to_set_up_replica']
     execute "set up replication" do

From e3e726097f105004f45a634467c57452e00f8dfa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Mon, 8 Jun 2020 18:38:32 +0200
Subject: [PATCH 3/4] Do not enable the postgresql@12-main service

We want it to run only once the encrypted data directory has been
mounted
---
 site-cookbooks/kosmos-postgresql/recipes/replica.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/site-cookbooks/kosmos-postgresql/recipes/replica.rb b/site-cookbooks/kosmos-postgresql/recipes/replica.rb
index 9c6102e..b063edf 100644
--- a/site-cookbooks/kosmos-postgresql/recipes/replica.rb
+++ b/site-cookbooks/kosmos-postgresql/recipes/replica.rb
@@ -33,7 +33,6 @@ end
 
 service postgresql_service do
   supports restart: true, status: true, reload: true
-  action [:enable]
 end
 
 postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')

From a0db6adaf2141518d3529f499a3bd60404539af2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Mon, 8 Jun 2020 18:39:05 +0200
Subject: [PATCH 4/4] Pass the data_directory to the postgresql_server_conf
 resource

Previously we were passing it as an additional config, but it is set by
default. The last value was used, the custom one, so the server still
used the correct file
---
 site-cookbooks/kosmos-postgresql/resources/server.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/site-cookbooks/kosmos-postgresql/resources/server.rb b/site-cookbooks/kosmos-postgresql/resources/server.rb
index ba61142..b677c77 100644
--- a/site-cookbooks/kosmos-postgresql/resources/server.rb
+++ b/site-cookbooks/kosmos-postgresql/resources/server.rb
@@ -64,8 +64,7 @@ action :create do
     unix_socket_directories: "/var/run/postgresql",
     dynamic_shared_memory_type: "posix",
     timezone: "UTC", # default is GMT
-    listen_addresses: "0.0.0.0",
-    data_directory: postgresql_data_dir
+    listen_addresses: "0.0.0.0"
   }
 
   if new_resource.role == "replica"
@@ -101,6 +100,7 @@ action :create do
 
   postgresql_server_conf "main" do
     version postgresql_version
+    data_directory postgresql_data_dir
     additional_config additional_config
     notifies :reload, "service[#{postgresql_service}]", :delayed
   end