From fb00ef99dbb77b7783c956397e91c99ef405ec55 Mon Sep 17 00:00:00 2001
From: Minijackson <minijackson@riseup.net>
Date: Mon, 29 Apr 2024 14:25:28 +0200
Subject: [PATCH 1/2] nixos/phoebus-olog: don't automatically enable
 elasticsearch

see #75, #54, follow-up of #60
---
 nixos/modules/phoebus/olog.nix | 12 +-----------
 nixos/tests/phoebus/olog.nix   |  7 ++++++-
 2 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/nixos/modules/phoebus/olog.nix b/nixos/modules/phoebus/olog.nix
index 63740dc4..0ac3a078 100644
--- a/nixos/modules/phoebus/olog.nix
+++ b/nixos/modules/phoebus/olog.nix
@@ -113,18 +113,8 @@ in {
         # TODO: systemd hardening. Currently level 8.2 EXPOSED
       };
     };
-
-    services.elasticsearch = {
-      enable = true;
-      # Should be kept in sync with the phoebus-alarm-logger and phoebus-save-and-restore services
-      package = pkgs.elasticsearch7;
-    };
     services.mongodb.enable = true;
   };
 
-  meta = {
-    maintainers = with epnixLib.maintainers; [minijackson];
-    # TODO:
-    # doc = ./olog.md;
-  };
+  meta.maintainers = with epnixLib.maintainers; [minijackson];
 }
diff --git a/nixos/tests/phoebus/olog.nix b/nixos/tests/phoebus/olog.nix
index 7adca693..3538ca30 100644
--- a/nixos/tests/phoebus/olog.nix
+++ b/nixos/tests/phoebus/olog.nix
@@ -7,12 +7,17 @@
   meta.maintainers = with epnixLib.maintainers; [minijackson];
 
   nodes = {
-    server = {
+    server = {pkgs, ...}: {
       services.phoebus-olog = {
         enable = true;
         settings."demo_auth.enabled" = true;
       };
 
+      services.elasticsearch = {
+        enable = true;
+        package = pkgs.elasticsearch7;
+      };
+
       nixpkgs.config.allowUnfreePredicate = pkg:
         builtins.elem (lib.getName pkg) [
           # Elasticsearch can be used as an SSPL-licensed software, which is

From 366ba04f1336b665f791e44a06547b3d83d965ee Mon Sep 17 00:00:00 2001
From: Minijackson <minijackson@riseup.net>
Date: Mon, 29 Apr 2024 14:49:46 +0200
Subject: [PATCH 2/2] nixos/phoebus-save-and-restore: don't automatically
 enable elasticsearch

see #75, #54, follow-up of #60

Specify in documentation that enabling ElasticSearch needs to be done
only once.
---
 docs/nixos-services/user-guides/phoebus-alarm.rst      |  7 ++++++-
 .../user-guides/phoebus-save-and-restore.rst           |  8 ++++++++
 docs/release-notes/2405.rst                            |  8 ++++++++
 nixos/modules/phoebus/save-and-restore.nix             | 10 +---------
 nixos/tests/phoebus/save-and-restore.nix               |  7 ++++++-
 5 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/docs/nixos-services/user-guides/phoebus-alarm.rst b/docs/nixos-services/user-guides/phoebus-alarm.rst
index 48a2d7c9..e0716015 100644
--- a/docs/nixos-services/user-guides/phoebus-alarm.rst
+++ b/docs/nixos-services/user-guides/phoebus-alarm.rst
@@ -52,7 +52,9 @@ and Kafka’s ``clusterId``:
 
      services.phoebus-alarm-logger.settings."bootstrap.servers" = kafkaListenSockAddr;
 
-     # Single-server Kafka setup
+     # Phoebus alarm needs Kafka.
+     # If not already enabled elsewhere in your configuration,
+     # the code below shows a single-server Kafka setup:
      services.apache-kafka = {
        enable = true;
        # Replace with a randomly generated uuid. You can get one by running:
@@ -89,6 +91,9 @@ and Kafka’s ``clusterId``:
      # Open kafka to the outside world
      networking.firewall.allowedTCPPorts = [9092];
 
+     # Phoebus alarm needs ElasticSearch.
+     # If not already enabled elsewhere in your configuration,
+     # Enable it with the code below:
      services.elasticsearch = {
        enable = true;
        package = pkgs.elasticsearch7;
diff --git a/docs/nixos-services/user-guides/phoebus-save-and-restore.rst b/docs/nixos-services/user-guides/phoebus-save-and-restore.rst
index c48bcbd6..5dd1c43c 100644
--- a/docs/nixos-services/user-guides/phoebus-save-and-restore.rst
+++ b/docs/nixos-services/user-guides/phoebus-save-and-restore.rst
@@ -29,6 +29,14 @@ add this to your configuration:
        openFirewall = true;
      };
 
+     # Phoebus save-and-restore needs ElasticSearch.
+     # If not already enabled elsewhere in your configuration,
+     # Enable it with the code below:
+     services.elasticsearch = {
+       enable = true;
+       package = pkgs.elasticsearch7;
+     };
+
      # Elasticsearch, needed by Phoebus Save-and-restore, is not free software (SSPL | Elastic License).
      # To accept the license, add the code below:
      nixpkgs.config.allowUnfreePredicate = pkg:
diff --git a/docs/release-notes/2405.rst b/docs/release-notes/2405.rst
index 6c8cc205..6debc952 100644
--- a/docs/release-notes/2405.rst
+++ b/docs/release-notes/2405.rst
@@ -9,3 +9,11 @@ Breaking changes
 
 - The :nix:`config.epnix.outputs.mdbook` and :nix:`config.epnix.outputs.manpages` options
   from the IOC module options, previously deprecated, are now removed.
+
+- The :ref:`opt-services.phoebus-alarm-server.enable`,
+  :ref:`opt-services.phoebus-olog.enable`,
+  and :ref:`opt-services.phoebus-save-and-restore.enable` options
+  don't enable ElasticSearch automatically anymore.
+  See :doc:`../nixos-services/user-guides/phoebus-alarm`
+  and :doc:`../nixos-services/user-guides/phoebus-save-and-restore`
+  for how to enable it yourself on the same server.
diff --git a/nixos/modules/phoebus/save-and-restore.nix b/nixos/modules/phoebus/save-and-restore.nix
index 220ce101..60004872 100644
--- a/nixos/modules/phoebus/save-and-restore.nix
+++ b/nixos/modules/phoebus/save-and-restore.nix
@@ -8,8 +8,6 @@
   cfg = config.services.phoebus-save-and-restore;
   settingsFormat = pkgs.formats.javaProperties {};
   configFile = settingsFormat.generate "phoebus-save-and-restore.properties" cfg.settings;
-
-  localElasticsearch = cfg.settings."elasticsearch.network.host" == "localhost";
 in {
   options.services.phoebus-save-and-restore = {
     enable = lib.mkEnableOption ''
@@ -81,7 +79,7 @@ in {
       description = "Phoebus Save-and-restore";
 
       wantedBy = ["multi-user.target"];
-      after = lib.mkIf localElasticsearch ["elasticsearch.service"];
+      after = ["elasticsearch.service"];
 
       serviceConfig = {
         ExecStart = "${lib.getExe pkgs.epnix.phoebus-save-and-restore} --spring.config.location=file://${configFile}";
@@ -140,12 +138,6 @@ in {
       };
     };
 
-    services.elasticsearch = lib.mkIf localElasticsearch {
-      enable = true;
-      # Should be kept in sync with the phoebus-alarm-logger and phoebus-olog services
-      package = pkgs.elasticsearch7;
-    };
-
     networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [
       (lib.toInt cfg.settings."server.port")
     ];
diff --git a/nixos/tests/phoebus/save-and-restore.nix b/nixos/tests/phoebus/save-and-restore.nix
index 5ac36e6e..6b626c23 100644
--- a/nixos/tests/phoebus/save-and-restore.nix
+++ b/nixos/tests/phoebus/save-and-restore.nix
@@ -7,12 +7,17 @@
   meta.maintainers = with epnixLib.maintainers; [minijackson];
 
   nodes = {
-    server = {
+    server = {pkgs, ...}: {
       services.phoebus-save-and-restore = {
         enable = true;
         openFirewall = true;
       };
 
+      services.elasticsearch = {
+        enable = true;
+        package = pkgs.elasticsearch7;
+      };
+
       nixpkgs.config.allowUnfreePredicate = pkg:
         builtins.elem (lib.getName pkg) [
           # Elasticsearch can be used as an SSPL-licensed software, which is