docs: add database information

[awful.systems.git] / README.md

# awful.systems infrastructure flake

This is the Nix flake that deploys the awful.systems server infrastructure. It
provides a set of files and commands that allow you to deploy the full set of
awful.systems software and configuration for each host to anything running NixOS
(though the provided commands default to the static IPs of the current
awful.systems machines).

## Requirements

To use this flake, you'll want a [Nix evaluator](https://nixos.org/download) --
that is, you'll want the Nix package manager (either on NixOS or in an
environment where it's installed). This is a
[dependency-free](https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html)
stateless deployment mechanism, so this git repo and an authorized ssh key are
all you need to deploy the whole stack.

This flake builds everything locally for speed and then uploads it, so you'll
want a fair bit of available disk space (20GB is safe) and the ability to upload
a lot of data.

*If you're not on x86_64-linux or you're limited on disk or upload*: you should
use the deployment hosts to build. First, use `df -h` to make sure they've got
enough disk space, then use the deployment command with the argument
`--build-host root@<hostname>`, where `<hostname>` is the full domain name of
the host you want to deploy to.

## Optional Dependencies

[nix-direnv](https://github.com/nix-community/nix-direnv) is convenient, since
it'll make all of the awful.systems commands available in your shell with no
other setup, and I use that to cache some larger dependencies as well.

## Hosts
### `more.awful.systems`
- Hosts the production Lemmy server at https://awful.systems (`lemmy-prod`).
- Proxies https://awful.systems/git and https://awful.systems/archives to
  `these.awful.systems`.
- Assumes it's running being a load balancer that terminates SSL, so it doesn't
  handle anything related to HTTPS itself.

### `these.awful.systems`
- Hosts the development Lemmy server at https://making.awful.systems (`lemmy-dev`).
- Hosts the r/SneerClub archive (`sneer-archive`).
- Stores git repos in `/home/git/repos`.
- Hosts `gitweb`.
- Runs a git daemon for pull-only access to the git repos.

## Commands

If you have `nix-direnv`, these commands will be available in your shell after
it finishes a build. Otherwise, run `nix develop` to kick off a build, and the
resulting shell will have all of these commands available.

Deployment hosts are very thin and don't have a lot of commands available, so
use `nix run nixpkgs#<command>` in an SSH session where `<command>` is the
command you'd like to run in order to have Nix pull in and run a command line
program.

- `deploy-these`: Kick off a deployment to the host `these`. Any arguments are
  passed to `nixos-rebuild`.
- `deploy-more`: Same as above for `more`.
- `go-these`: Use your SSH key to log into `these` as `root`. Any arguments are
  treated as commands for SSH to run; IE `go-these df -h` will run `df -h` on
  `these`, display its output, and exit.
- `go-more`: Same as above for `more`.
- `rekey-secrets`: With a file argument, tells `sops` to re-encrypt the secrets
  in that file with the currently configured encryption keys. Will definitely
  need to be run by someone who previously has access to the secrets in order to
  succeed.

## Services

These can be administrated via `systemctl` and monitored via `journalctl` or
your chosen log monitoring software.

- `lemmy-prod`: The production Lemmy server.
- `lemmy-ui-prod`: The Web frontend to the production Lemmy server.
- `lemmy-dev`: The development Lemmy server.
- `lemmy-ui-dev`: The Web frontend to the development Lemmy server.

## Databases

- For development, the database user is `lemmy_dev` and the Postgres database is
  `lemmy_dev` on `these.awful.systems`. Use `sudo -u lemmy_dev psql` on that
  host to access the database. 
- For production, the database user is `lemmy` and the Postgres database is
  `lemmy` on `more.awful.systems`. Use `sudo -u lemmy_dev psql` on that host to
  access the database.