add rudiger
This commit is contained in:
parent
20862be062
commit
9bf719ab23
|
@ -6,9 +6,12 @@
|
|||
./hardware-configuration.nix
|
||||
./data/secrets/secrets.nix
|
||||
../../common/services/ssh.nix
|
||||
./services/acme.nix
|
||||
./services/nextcloud.nix
|
||||
./services/nginx.nix
|
||||
./services/postgres.nix
|
||||
./services/redis.nix
|
||||
./services/restic.nix
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
|
@ -70,10 +73,13 @@
|
|||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
systemd.services."nextcloud-setup" = {
|
||||
requires = ["postgresql.service"];
|
||||
after = ["postgresql.service"];
|
||||
requires = [ "postgresql.service" "redis.service" ];
|
||||
after = [ "postgresql.service" "redis.service" ];
|
||||
};
|
||||
|
||||
users.groups.redis.members = [ "nextcloud" ];
|
||||
users.groups.backup.members = [ "nextcloud" "postgres" ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
system.stateVersion = "21.05";
|
||||
|
|
9
config/hosts/rudiger/services/acme.nix
Normal file
9
config/hosts/rudiger/services/acme.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
email = "admin+certs@graven.dev";
|
||||
};
|
||||
}
|
||||
|
|
@ -8,11 +8,13 @@
|
|||
autoUpdateApps.enable = true;
|
||||
maxUploadSize = "10G";
|
||||
webfinger = true;
|
||||
caching.redis = true;
|
||||
config = {
|
||||
dbtype = "pgsql";
|
||||
dbuser = "nextcloud";
|
||||
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
|
||||
dbname = "nextcloud";
|
||||
defaultPhoneRegion = "DK";
|
||||
adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file;
|
||||
adminuser = "root";
|
||||
};
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [ ../../../common/services/nginx.nix ];
|
||||
services.nginx.virtualHosts."cloud.graven.dev" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,4 +9,13 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
location = "/var/lib/postgresql/backup";
|
||||
databases = [ "synapse" ];
|
||||
startAt = "02:30";
|
||||
compression = "none";
|
||||
};
|
||||
|
||||
}
|
||||
|
|
10
config/hosts/rudiger/services/redis.nix
Normal file
10
config/hosts/rudiger/services/redis.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.redis = {
|
||||
enable = true;
|
||||
unixSocket = "/run/redis/redis.sock";
|
||||
vmOverCommit = true;
|
||||
unixSocketPerm = 770;
|
||||
#requirePassfile = config.secrets.files.redis_pass.file;
|
||||
};
|
||||
}
|
26
config/hosts/rudiger/services/restic.nix
Normal file
26
config/hosts/rudiger/services/restic.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.restic.backups = {
|
||||
"postgres" = {
|
||||
paths = [ "/var/lib/postgresql/backup" ];
|
||||
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/postgres";
|
||||
initialize = true;
|
||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
|
||||
timerConfig = { "OnCalendar" = "04:15"; };
|
||||
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
|
||||
passwordFile = builtins.toString config.secrets.files.restic_pass.file;
|
||||
user = "postgres";
|
||||
};
|
||||
"nextcloud" = {
|
||||
paths = [ "/var/lib/nextcloud/data" ];
|
||||
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/nextcloud";
|
||||
initialize = true;
|
||||
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
|
||||
timerConfig = { "OnCalendar" = "04:30"; };
|
||||
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
|
||||
passwordFile = builtins.toString config.secrets.files.restic_pass.file;
|
||||
user = "nextcloud";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -15,20 +15,14 @@ in import "${sources.nixus}" {} ({ config, ... }: {
|
|||
wind = { lib, config, ... }: {
|
||||
host = "emelie@graven.dev";
|
||||
configuration = ../config/hosts/wind/configuration.nix;
|
||||
switchTimeout = 300;
|
||||
successTimeout = 300;
|
||||
};
|
||||
grondahl = { lib, config, ... }: {
|
||||
host = "emelie@anarkafem.dev";
|
||||
configuration = ../config/hosts/grondahl/configuration.nix;
|
||||
switchTimeout = 300;
|
||||
successTimeout = 300;
|
||||
};
|
||||
rudiger = { lib, config, ... }: {
|
||||
host = "emelie@cloud.graven.dev";
|
||||
configuration = ../config/hosts/rudiger/configuration.nix;
|
||||
switchTimeout = 300;
|
||||
successTimeout = 300;
|
||||
};
|
||||
};
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue