fixed systemd sandboxing

2026-04-17 04:58:19 -04:00 · 2026-03-30 12:59:54 -04:00
parent 93fc700fa2
commit 26e4620f8f
3 changed files with 16 additions and 10 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -308,6 +308,7 @@
    "usernamehw",
    "userprefs",
    "vaninventory",
+    "vdev",
    "vfat",
    "victron",
    "virt",
--- a/systems/jeeves/services/postgress.nix
+++ b/systems/jeeves/services/postgress.nix
@@ -5,6 +5,10 @@ in
 {
  networking.firewall.allowedTCPPorts = [ 5432 ];

+  # Symlink pg_wal to a ZFS dataset on the special (metadata) vdev for fast WAL writes
+  # this is required for systemd sandboxing
+  systemd.services.postgresql.serviceConfig.ReadWritePaths = [ "/zfs/media/database/postgres-wal" ];
+
  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_17_jit;
--- a/users/richie/home/gui/vscode/settings.json
+++ b/users/richie/home/gui/vscode/settings.json
@@ -20,15 +20,15 @@
  // turns off all sounds and announcements
  "accessibility.signals.terminalCommandFailed": {
    "sound": "off",
-    "announcement": "off"
+    "announcement": "off",
  },
  "accessibility.signals.terminalQuickFix": {
    "sound": "off",
-    "announcement": "off"
+    "announcement": "off",
  },
  "accessibility.signals.terminalBell": {
    "sound": "off",
-    "announcement": "off"
+    "announcement": "off",
  },

  // database settings
@@ -41,8 +41,8 @@
      "driver": "PostgreSQL",
      "name": "main",
      "database": "postgres",
-      "username": "richie"
-    }
+      "username": "richie",
+    },
  ],

  // formatters
@@ -55,7 +55,7 @@
  "[yaml]": { "editor.defaultFormatter": "redhat.vscode-yaml" },
  "[javascriptreact]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
  "[github-actions-workflow]": {
-    "editor.defaultFormatter": "redhat.vscode-yaml"
+    "editor.defaultFormatter": "redhat.vscode-yaml",
  },
  "[dockercompose]": {
    "editor.insertSpaces": true,
@@ -64,9 +64,9 @@
    "editor.quickSuggestions": {
      "other": true,
      "comments": false,
-      "strings": true
+      "strings": true,
    },
-    "editor.defaultFormatter": "redhat.vscode-yaml"
+    "editor.defaultFormatter": "redhat.vscode-yaml",
  },

  // spell check
@@ -78,7 +78,8 @@
    "Corvidae",
    "drivername",
    "fastapi",
-    "syncthing"
+    "sandboxing",
+    "syncthing",
  ],

  // nix
@@ -96,5 +97,5 @@
  // new
  "hediet.vscode-drawio.resizeImages": null,
  "hediet.vscode-drawio.appearance": "automatic",
-  "claudeCode.preferredLocation": "panel"
+  "claudeCode.preferredLocation": "panel",
 }