emelie/nix-deploy
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Wiki Activity

add rudiger

Browse source
This commit is contained in:
Emelie 2021-09-28 11:55:33 +02:00
parent 20862be062
commit 9bf719ab23
Signed by: emelie
GPG key ID: 49D33365A7E22D12
8 changed files with 68 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
config/hosts/rudiger/configuration.nix
View file

@ -6,9 +6,12 @@
./hardware-configuration.nix ./hardware-configuration.nix
./data/secrets/secrets.nix ./data/secrets/secrets.nix
../../common/services/ssh.nix ../../common/services/ssh.nix
./services/acme.nix
./services/nextcloud.nix ./services/nextcloud.nix
./services/nginx.nix ./services/nginx.nix
./services/postgres.nix ./services/postgres.nix
./services/redis.nix
./services/restic.nix
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -70,10 +73,13 @@
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
systemd.services."nextcloud-setup" = { systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"]; requires = [ "postgresql.service" "redis.service" ];
after = ["postgresql.service"]; after = [ "postgresql.service" "redis.service" ];
}; };
users.groups.redis.members = [ "nextcloud" ];
users.groups.backup.members = [ "nextcloud" "postgres" ];
networking.firewall.allowedTCPPorts = [ 22 80 443 ]; networking.firewall.allowedTCPPorts = [ 22 80 443 ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "21.05"; system.stateVersion = "21.05";

9
config/hosts/rudiger/services/acme.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
email = "admin+certs@graven.dev";
};
}

2
config/hosts/rudiger/services/nextcloud.nix
View file

@ -8,11 +8,13 @@
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
maxUploadSize = "10G"; maxUploadSize = "10G";
webfinger = true; webfinger = true;
caching.redis = true;
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
dbuser = "nextcloud"; dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud"; dbname = "nextcloud";
defaultPhoneRegion = "DK";
adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file; adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file;
adminuser = "root"; adminuser = "root";
}; };

4
config/hosts/rudiger/services/nginx.nix
View file

@ -1,4 +1,8 @@
{ ... }: { ... }:
{ {
imports = [ ../../../common/services/nginx.nix ]; imports = [ ../../../common/services/nginx.nix ];
services.nginx.virtualHosts."cloud.graven.dev" = {
enableACME = true;
forceSSL = true;
};
} }

9
config/hosts/rudiger/services/postgres.nix
View file

@ -9,4 +9,13 @@
} }
]; ];
}; };
services.postgresqlBackup = {
enable = true;
location = "/var/lib/postgresql/backup";
databases = [ "synapse" ];
startAt = "02:30";
compression = "none";
};
} }

10
config/hosts/rudiger/services/redis.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, ... }:
{
services.redis = {
enable = true;
unixSocket = "/run/redis/redis.sock";
vmOverCommit = true;
unixSocketPerm = 770;
#requirePassfile = config.secrets.files.redis_pass.file;
};
}

26
config/hosts/rudiger/services/restic.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, ... }:
{
services.restic.backups = {
"postgres" = {
paths = [ "/var/lib/postgresql/backup" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/postgres";
initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "04:15"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "postgres";
};
"nextcloud" = {
paths = [ "/var/lib/nextcloud/data" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/nextcloud";
initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "04:30"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "nextcloud";
};
};
}

6
deploy/default.nix
View file

@ -15,20 +15,14 @@ in import "${sources.nixus}" {} ({ config, ... }: {
wind = { lib, config, ... }: { wind = { lib, config, ... }: {
host = "emelie@graven.dev"; host = "emelie@graven.dev";
configuration = ../config/hosts/wind/configuration.nix; configuration = ../config/hosts/wind/configuration.nix;
switchTimeout = 300;
successTimeout = 300;
}; };
grondahl = { lib, config, ... }: { grondahl = { lib, config, ... }: {
host = "emelie@anarkafem.dev"; host = "emelie@anarkafem.dev";
configuration = ../config/hosts/grondahl/configuration.nix; configuration = ../config/hosts/grondahl/configuration.nix;
switchTimeout = 300;
successTimeout = 300;
}; };
rudiger = { lib, config, ... }: { rudiger = { lib, config, ... }: {
host = "emelie@cloud.graven.dev"; host = "emelie@cloud.graven.dev";
configuration = ../config/hosts/rudiger/configuration.nix; configuration = ../config/hosts/rudiger/configuration.nix;
switchTimeout = 300;
successTimeout = 300;
}; };
}; };
}) })