Usage: Add the kosmos_encfs::default recipe to the run list of a node.
Creating the encrypted directory will keep it mounted. After a reboot,
start the encfs service and enter the password:
```
$ systemctl start encfs
encfs password:
```
For now postgresql@12-main is a hardcoded dependency of the encfs
Systemd unit that is automatically started once the user inputs the
correct password. This list of dependency will need to be different for
every server, based on the services it is running
We will enable it again after we have a valid TLS cert generated with
Let's Encrypt. It prevents logins using http, and we will need that as
an admin account
The default recipe deploys the gitea binary, generates a config file and
our custom Kosmos label set. The service runs as a Systemd unit.
The pg_db recipe needs to run on the primary PostgreSQL (currently
andromeda).
The backup recipe is empty for now
Refs #147
encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:
systemctl stop postgresql@12-main
mv /var/lib/postgresql /var/lib/postgresql.old
encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice
mv /var/lib/postgresql/* /var/lib/postgresql/
systemctl start postgresql@12-main
This is running on centaurus and is mounted automatically on boot by a
system unit
Refs #129
Follow-up to #156
I found another issue with the initial ACI creation, while creating a
fresh VM. I thought I had fixed it in #156 but I was wrong. This time
the ACIs are really set and the code runs successfully.
The ACIs are set on the suffix, so modifying it is needed
This won't be executed on a server that is already running, this is only
done on the initial setup
Supports both primary and replica. The access rules and firewall have to
be set up outside of the custom resource, so they are part of the
recipes instead
Refs #160
