Home Explore Blog CI



nixpkgs
5th chunk of `nixos/modules/services/databases/foundationdb.md`
fc0d4f530e6d537701c0406d70258d0fd1cefc2ce411cf7e0000000100000c7c
will configure all clients and server processes to use TLS from now on.

## Backups and Disaster Recovery {#module-services-foundationdb-disaster-recovery}

The usual rules for doing FoundationDB backups apply on NixOS as written in
the FoundationDB manual. However, one important difference is the security
profile for NixOS: by default, the {command}`foundationdb` systemd
unit uses *Linux namespaces* to restrict write access to
the system, except for the log directory, data directory, and the
{command}`/etc/foundationdb/` directory. This is enforced by default
and cannot be disabled.

However, a side effect of this is that the {command}`fdbbackup`
command doesn't work properly for local filesystem backups: FoundationDB
uses a server process alongside the database processes to perform backups
and copy the backups to the filesystem. As a result, this process is put
under the restricted namespaces above: the backup process can only write to
a limited number of paths.

In order to allow flexible backup locations on local disks, the FoundationDB
NixOS module supports a
{option}`services.foundationdb.extraReadWritePaths` option. This
option takes a list of paths, and adds them to the systemd unit, allowing
the processes inside the service to write (and read) the specified
directories.

For example, to create backups in {command}`/opt/fdb-backups`, first
set up the paths in the module options:

```nix
{
  services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ];
}
```

Restart the FoundationDB service, and it will now be able to write to this
directory (even if it does not yet exist.) Note: this path
*must* exist before restarting the unit. Otherwise,
systemd will not include it in the private FoundationDB namespace (and it
will not add it dynamically at runtime).

You can now perform a backup:

```ShellSession
$ sudo -u foundationdb fdbbackup start  -t default -d file:///opt/fdb-backups
$ sudo -u foundationdb fdbbackup status -t default
```

## Known limitations {#module-services-foundationdb-limitations}

The FoundationDB setup for NixOS should currently be considered beta.
FoundationDB is not new software, but the NixOS compilation and integration
has only undergone fairly basic testing of all the available functionality.

  - There is no way to specify individual parameters for individual
    {command}`fdbserver` processes. Currently, all server processes
    inherit all the global {command}`fdbmonitor` settings.
  - Ruby bindings are not currently installed.
  - Go bindings are not currently installed.

## Options {#module-services-foundationdb-options}

NixOS's FoundationDB module allows you to configure all of the most relevant
configuration options for {command}`fdbmonitor`, matching it quite
closely. A complete list of options for the FoundationDB module may be found
[here](#opt-services.foundationdb.enable). You should
also read the FoundationDB documentation as well.

## Full documentation {#module-services-foundationdb-full-docs}

FoundationDB is a complex piece of software, and requires careful
administration to properly use. Full documentation for administration can be
found here: <https://apple.github.io/foundationdb/>.
Title: FoundationDB Backups, Limitations, and Options in NixOS
Summary
This section explains how to configure FoundationDB backups on NixOS by using `services.foundationdb.extraReadWritePaths` to grant the `fdbbackup` command access to local backup directories. It also lists current limitations, such as the inability to specify individual parameters for `fdbserver` processes and the absence of Ruby and Go bindings. The section concludes by pointing to the comprehensive list of NixOS module options for FoundationDB and the official FoundationDB documentation.