Greg Karékinian 55b1cbc1d7 Encrypt the Postgresql data dir on the replica (centaurus)
encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:

   systemctl stop postgresql@12-main
   mv /var/lib/postgresql /var/lib/postgresql.old
   encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice

   mv /var/lib/postgresql/* /var/lib/postgresql/
   systemctl start postgresql@12-main

This is running on centaurus and is mounted automatically on boot by a
system unit

Refs #129
2020-05-15 18:41:31 +02:00

11 lines
244 B
Desktop File

[Unit]
Description=EncFS for PostgreSQL data dir
Before=postgresql@12-main.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/bin/mount_pg_encfs
ExecStop=/bin/umount /var/lib/postgresql
[Install]
WantedBy=multi-user.target