improvements

2024-03-08 22:46:46 +01:00 · 2024-03-08 22:46:46 +01:00 · 9dffcd14b7
commit 9dffcd14b7
parent 48dcdc5a44
32 changed files with 640 additions and 623 deletions
--- a/hosts/abacus/atuin.nix
+++ b/hosts/abacus/atuin.nix
@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  services = {
+    postgresql = {
+      enable = lib.mkDefault true;
+
+      ensureDatabases = ["atuin"];
+      ensureUsers = [
+        {
+          name = "atuin";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+
+    atuin = {
+      enable = true;
+      openRegistration = false;
+      database.uri = "postgresql:///atuin?host=/run/postgresql&user=atuin";
+    };
+
+    nginx.virtualHosts."atuin.${config.networking.domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      quic = true;
+
+      locations."/".proxyPass = "http://${config.services.atuin.host}:${builtins.toString config.services.atuin.port}";
+    };
+  };
+}
--- a/hosts/abacus/default.nix
+++ b/hosts/abacus/default.nix
@ -2,6 +2,7 @@
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")

+    ./atuin.nix
    ./conduit.nix
    ./forgejo.nix
    ./mailserver.nix
--- a/hosts/glacier/default.nix
+++ b/hosts/glacier/default.nix
@ -1,5 +1,4 @@
 {
-  attrName,
  inputs,
  modulesPath,
  ...
--- a/hosts/vessel/backup.nix
+++ b/hosts/vessel/backup.nix
@ -7,23 +7,33 @@
 }: let
  safePath = "/srv/storage/safe";
 in {
-  systemd.timers.local-backup = {
-    description = "Local rsync Backup";
-    wantedBy = ["timers.target"];
-    timerConfig = {
-      OnCalendar = "*-*-* 00:00:00";
-      Persistent = true;
-      Unit = "local-backup.service";
+  systemd = {
+    timers.local-backup = {
+      description = "Local rsync Backup";
+      wantedBy = ["timers.target"];
+      timerConfig = {
+        OnCalendar = "*-*-* 03:00:00";
+        Persistent = true;
+        Unit = "local-backup.service";
+      };
    };
-  };

-  systemd.services.local-backup = {
-    description = "Local rsync Backup";
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = "${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/";
-      User = "root";
-      Group = "root";
+    services.local-backup = {
+      description = "Local rsync Backup";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/";
+        User = "root";
+        Group = "root";
+      };
+    };
+
+    tmpfiles.settings = {
+      "10-storage-safe".${safePath}.d = {
+        user = "root";
+        group = "root";
+        mode = "0755";
+      };
    };
  };

@ -41,14 +51,10 @@ in {
    paths = [safePath];
    passwordFile = config.age.secrets."restic-${attrName}".path;
    pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
-    extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key'"];
-  };
-
-  systemd.tmpfiles.settings = {
-    "10-storage-safe".${safePath}.d = {
-      user = "root";
-      group = "root";
-      mode = "0755";
+    timerConfig = {
+      OnCalendar = "*-*-* 03:00:00";
+      Persistent = true;
    };
+    extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'"];
  };
 }