add rudiger

This commit is contained in:
Emelie 2021-09-28 11:55:33 +02:00
parent 20862be062
commit 9bf719ab23
Signed by: emelie
GPG key ID: 49D33365A7E22D12
8 changed files with 68 additions and 8 deletions

View file

@ -6,9 +6,12 @@
./hardware-configuration.nix
./data/secrets/secrets.nix
../../common/services/ssh.nix
./services/acme.nix
./services/nextcloud.nix
./services/nginx.nix
./services/postgres.nix
./services/redis.nix
./services/restic.nix
];
boot.loader.grub.enable = true;
@ -70,10 +73,13 @@
security.sudo.wheelNeedsPassword = false;
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
requires = [ "postgresql.service" "redis.service" ];
after = [ "postgresql.service" "redis.service" ];
};
users.groups.redis.members = [ "nextcloud" ];
users.groups.backup.members = [ "nextcloud" "postgres" ];
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
# networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "21.05";

View file

@ -0,0 +1,9 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
email = "admin+certs@graven.dev";
};
}

View file

@ -8,11 +8,13 @@
autoUpdateApps.enable = true;
maxUploadSize = "10G";
webfinger = true;
caching.redis = true;
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
defaultPhoneRegion = "DK";
adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file;
adminuser = "root";
};

View file

@ -1,4 +1,8 @@
{ ... }:
{
imports = [ ../../../common/services/nginx.nix ];
services.nginx.virtualHosts."cloud.graven.dev" = {
enableACME = true;
forceSSL = true;
};
}

View file

@ -9,4 +9,13 @@
}
];
};
services.postgresqlBackup = {
enable = true;
location = "/var/lib/postgresql/backup";
databases = [ "synapse" ];
startAt = "02:30";
compression = "none";
};
}

View file

@ -0,0 +1,10 @@
{ config, ... }:
{
services.redis = {
enable = true;
unixSocket = "/run/redis/redis.sock";
vmOverCommit = true;
unixSocketPerm = 770;
#requirePassfile = config.secrets.files.redis_pass.file;
};
}

View file

@ -0,0 +1,26 @@
{ config, ... }:
{
services.restic.backups = {
"postgres" = {
paths = [ "/var/lib/postgresql/backup" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/postgres";
initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "04:15"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "postgres";
};
"nextcloud" = {
paths = [ "/var/lib/nextcloud/data" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/nextcloud";
initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "04:30"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "nextcloud";
};
};
}

View file

@ -15,20 +15,14 @@ in import "${sources.nixus}" {} ({ config, ... }: {
wind = { lib, config, ... }: {
host = "emelie@graven.dev";
configuration = ../config/hosts/wind/configuration.nix;
switchTimeout = 300;
successTimeout = 300;
};
grondahl = { lib, config, ... }: {
host = "emelie@anarkafem.dev";
configuration = ../config/hosts/grondahl/configuration.nix;
switchTimeout = 300;
successTimeout = 300;
};
rudiger = { lib, config, ... }: {
host = "emelie@cloud.graven.dev";
configuration = ../config/hosts/rudiger/configuration.nix;
switchTimeout = 300;
successTimeout = 300;
};
};
})