emelie/nix-deploy
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Wiki Activity

Add mail server

Browse source
This commit is contained in:
Emelie Graven 2021-11-23 15:29:23 +01:00
parent 90eb0c3708
commit eb91a3beaf
Signed by: emelie
GPG key ID: C11123726DBB55A1
5 changed files with 13 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
stable/config/common/services/nginx.nix
View file

@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
services.nginx = { services.nginx = {
#enable = true; enable = true;
# Use recommended settings # Use recommended settings
recommendedGzipSettings = true; recommendedGzipSettings = true;

38
stable/config/hosts/mail/services/restic.nix
View file

@ -3,45 +3,15 @@
{ {
services.restic.backups = { services.restic.backups = {
"gitea" = { "mail" = {
paths = [ "/var/lib/gitea" ]; paths = [ "/var/vmail" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/gitea"; repository = "sftp:restic@despondos.nao.sh:/etheria/backup/mail/mail";
initialize = true; initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "02:15"; }; timerConfig = { "OnCalendar" = "02:15"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file; passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "gitea"; user = "virtualMail";
};
"postgres" = {
paths = [ "/var/lib/postgresql/backup" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/postgres";
initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "03:00"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "postgres";
};
"synapse" = {
paths = [ "/var/lib/matrix-synapse" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/synapse";
initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "03:30"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "matrix-synapse";
};
"vaultwarden" = {
paths = [ "/var/lib/bitwarden_rs" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/vaultwarden";
initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "23:45"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "vaultwarden";
}; };
}; };
} }

2
unstable/config/common/services/nginx.nix
View file

@ -24,7 +24,7 @@
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header 'Referrer-Policy' 'same-origin';
# Disable embedding as a frame # Disable embedding as a frame
add_header X-Frame-Options DENY; add_header X-Frame-Options DENY;

12
unstable/config/sources/nix/sources.json
View file

@ -17,10 +17,10 @@
"homepage": "", "homepage": "",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "4045d5f43aff4440661d8912fc6e373188d15b5b", "rev": "08cda8e3a5a4e685af525e5a589dfeb74267d505",
"sha256": "1f07p7awpxwg8f9ps5ncvnpkh9ny3aj2n28gqqhafdk9i6f9zkfi", "sha256": "0bf3mbss7c3lyf5h8g1vwjbs0cg4h0c8ixbaz1kv24ahyy8n61y3",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixos-hardware/archive/4045d5f43aff4440661d8912fc6e373188d15b5b.tar.gz", "url": "https://github.com/NixOS/nixos-hardware/archive/08cda8e3a5a4e685af525e5a589dfeb74267d505.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixpkgs": { "nixpkgs": {
@ -29,10 +29,10 @@
"homepage": "", "homepage": "",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0b239a479cd2c6246195f76244d0939845f82634", "rev": "d00918ccaf7e1532d35db2f1e3d44db3da39b851",
"sha256": "0p1x6zmsh5yfz0xrkvi9nrymznnaz8l46srib271bzmcbbd2fb21", "sha256": "0ynxk7vacv8nljkr60f1sdyh0a65lb6w8kzv5m30hy2qba7samrf",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/0b239a479cd2c6246195f76244d0939845f82634.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/d00918ccaf7e1532d35db2f1e3d44db3da39b851.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixus": { "nixus": {

2
unstable/deploy/default.nix
View file

@ -1,5 +1,5 @@
let let
sources = import ../unstable/config/sources; sources = import ../config/sources;
in import "${sources.nixus}" {} ({ config, ... }: { in import "${sources.nixus}" {} ({ config, ... }: {
defaults = { name, ... }: { defaults = { name, ... }: {