From b9db4fa6c097fb9385b59ddcc78776123f334368 Mon Sep 17 00:00:00 2001 From: Lukas Wurzinger Date: Sun, 18 May 2025 16:51:40 +0200 Subject: [PATCH] stuff --- hosts/abacus/forgejo.nix | 9 +- hosts/abacus/vaultwarden.nix | 4 +- hosts/vessel/musicomp.nix | 6 +- modules/rsync.nix | 208 ----------------------------------- 4 files changed, 10 insertions(+), 217 deletions(-) delete mode 100644 modules/rsync.nix diff --git a/hosts/abacus/forgejo.nix b/hosts/abacus/forgejo.nix index 41ad4f5..249e923 100644 --- a/hosts/abacus/forgejo.nix +++ b/hosts/abacus/forgejo.nix @@ -64,23 +64,20 @@ in secrets.mailer.PASSWD = secrets.forgejo-mailer.path; }; - # TODO systemd.services.forgejo.preStart = lib.getExe ( pkgs.writeShellApplication { name = "forgejo-init-admin"; - runtimeInputs = [ - cfg.package - ]; text = let + forgejoExe = lib.getExe cfg.package; passwordFile = secrets.forgejo-admin.path; in '' - admins=$(gitea admin user list --admin | wc --lines) + admins=$(${forgejoExe} admin user list --admin | wc --lines) admins=$((admins - 1)) if ((admins < 1)); then - gitea admin user create \ + ${forgejoExe} admin user create \ --admin \ --email helvetica@helveticanonstandard.net \ --username helvetica \ diff --git a/hosts/abacus/vaultwarden.nix b/hosts/abacus/vaultwarden.nix index af5b45b..22f076c 100644 --- a/hosts/abacus/vaultwarden.nix +++ b/hosts/abacus/vaultwarden.nix @@ -4,9 +4,11 @@ ... }: let - virtualHostName = "vault.wrz.one"; + virtualHostName = "vault.helveticanonstandard.net"; in { + # TODO: tailscale + age.secrets = lib.mkSecrets { vaultwarden = { }; }; services.vaultwarden = { diff --git a/hosts/vessel/musicomp.nix b/hosts/vessel/musicomp.nix index 4d61a8a..3cbb39e 100644 --- a/hosts/vessel/musicomp.nix +++ b/hosts/vessel/musicomp.nix @@ -20,7 +20,9 @@ inhibitsSleep = true; post = let - remoteDir = self.nixosConfigurations.abacus.config.services.navidrome.settings.MusicFolder; + abacusConfig = self.nixosConfigurations.abacus.config; + remoteDir = abacusConfig.services.navidrome.settings.MusicFolder; + remoteDomain = abacusConfig.networking.domain; package = pkgs.writeShellApplication { name = "sync"; runtimeInputs = [ @@ -36,7 +38,7 @@ --mkpath \ --verbose --verbose \ --rsh 'ssh -i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \ - /srv/void/compmusic/ root@wrz.one:${lib.escapeShellArg remoteDir} + /srv/void/compmusic/ root@${lib.escapeShellArg remoteDomain}:${lib.escapeShellArg remoteDir}/ ''; }; in diff --git a/modules/rsync.nix b/modules/rsync.nix deleted file mode 100644 index d5d7a55..0000000 --- a/modules/rsync.nix +++ /dev/null @@ -1,208 +0,0 @@ -{ - config, - lib, - pkgs, - utils, - ... -}: -let - cfg = config.services.rsync; - inherit (lib) types; - inherit (utils.systemdUtils.unitOptions) unitOption; - settingsToShell = lib.cli.toGNUCommandLineShell { - mkOptionName = k: "--${k}"; - }; - settingsType = - let - simples = [ - types.bool - types.str - types.int - types.float - ]; - in - types.attrsOf ( - types.oneOf ( - simples - ++ [ - (types.listOf (types.oneOf simples)) - ] - ) - ); -in -{ - options.services.rsync = { - enable = lib.mkEnableOption "periodic directory syncing via rsync"; - - package = lib.mkPackageOption pkgs "rsync" { }; - - # commonSettings = lib.mkOption { - # type = settingsType; - # default = { }; - # example = { - # archive = true; - # update = true; - # delete = true; - # mkpath = true; - # }; - # description = '' - # Common arguments to pass to the rsync command. - # ''; - # }; - - jobs = lib.mkOption { - description = '' - Synchronization jobs to run. - ''; - default = { }; - type = types.attrsOf ( - types.submodule { - options = { - sources = lib.mkOption { - type = types.listOf types.str; - example = [ - "/srv/src1/" - "/srv/src2/" - ]; - description = '' - Source directories. - ''; - }; - - destination = lib.mkOption { - type = types.str; - example = "/srv/dst/"; - description = '' - Destination directory. - ''; - }; - - settings = lib.mkOption { - type = settingsType; - default = { }; - example = { - verbose = true; - }; - description = '' - Extra arguments to pass to the rsync command. - ''; - }; - - user = lib.mkOption { - type = types.str; - default = "root"; - description = '' - The name of an existing user account under which the rsync process should run. - ''; - }; - - group = lib.mkOption { - type = types.str; - default = "root"; - description = '' - The name of an existing user group under which the rsync process should run. - ''; - }; - - timerConfig = lib.mkOption { - type = lib.types.nullOr (lib.types.attrsOf unitOption); - default = { - OnCalendar = "daily"; - Persistent = true; - }; - description = '' - When to run the job. - ''; - }; - - inhibit = lib.mkOption { - default = [ ]; - type = types.listOf types.str; - example = [ - "sleep" - ]; - description = '' - Run the rsync process with an inhibition lock taken; - see {manpage}`systemd-inhibit(1)` for a list of possible operations. - ''; - }; - }; - } - ); - }; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = lib.all (job: job.sources != [ ]) (lib.attrValues cfg.jobs); - message = '' - At least one source directory must be provided to rsync. - ''; - } - ]; - - systemd = lib.mkMerge ( - lib.mapAttrsToList ( - jobName: job: - let - systemdName = "rsync-job-${jobName}"; - description = "Directory syncing via rsync job ${jobName}"; - in - { - timers.${systemdName} = { - wantedBy = [ - "timers.target" - ]; - inherit description; - inherit (job) timerConfig; - }; - - services.${systemdName} = { - inherit description; - - serviceConfig = { - Type = "oneshot"; - User = job.user; - Group = job.group; - - NoNewPrivileges = true; - PrivateDevices = true; - ProtectSystem = "full"; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectControlGroups = true; - MemoryDenyWriteExecute = true; - LockPersonality = true; - }; - - script = - let - settingsShell = settingsToShell job.settings; - inhibitString = lib.concatStringsSep ":" job.inhibit; - in - '' - ${ - lib.optionalString (job.inhibit != [ ]) '' - ${lib.getExe' config.systemd.package "systemd-inhibit"} \ - --mode block \ - --who ${lib.escapeShellArg description} \ - --what ${lib.escapeShellArg inhibitString} \ - --why ${lib.escapeShellArg "Scheduled rsync job ${jobName}"} \ - -- \ - '' - } \ - ${lib.getExe cfg.package} ${settingsShell} -- \ - ${lib.escapeShellArgs job.sources} \ - ${lib.escapeShellArg job.destination} - ''; - }; - } - ) cfg.jobs - ); - }; - - meta.maintainers = [ - lib.maintainers.lukaswrz - ]; -}