stuff
This commit is contained in:
parent
b7e93fc970
commit
ebf2035c54
30 changed files with 305 additions and 462 deletions
|
|
@ -12,6 +12,12 @@
|
|||
paths = [
|
||||
config.services.vaultwarden.backupDir
|
||||
config.services.syncthing.dataDir
|
||||
config.services.forgejo.stateDir
|
||||
config.services.postgresqlBackup.location
|
||||
config.services.postgresqlBackup.location
|
||||
# TODO: Add stateDir options for these
|
||||
"/var/lib/headscale"
|
||||
"/var/lib/navidrome"
|
||||
];
|
||||
passwordFile = config.age.secrets."restic-${attrName}".path;
|
||||
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
|
||||
|
|
|
|||
37
hosts/headless/abacus/firefox-syncserver.nix
Normal file
37
hosts/headless/abacus/firefox-syncserver.nix
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
# TODO: do this via tailscale?
|
||||
# {
|
||||
# config,
|
||||
# lib,
|
||||
# pkgs,
|
||||
# ...
|
||||
# }: let
|
||||
# virtualHostName = "syncserver.helveticanonstandard.net";
|
||||
# in {
|
||||
# age.secrets = lib.mkSecrets {syncserver = {};};
|
||||
#
|
||||
# services.firefox-syncserver = {
|
||||
# enable = true;
|
||||
# secrets = config.age.secrets.syncserver.path;
|
||||
# singleNode = {
|
||||
# enable = true;
|
||||
# hostname = virtualHostName;
|
||||
# url = "https://${virtualHostName}";
|
||||
# };
|
||||
# settings = {
|
||||
# port = 8070;
|
||||
# };
|
||||
# };
|
||||
#
|
||||
# services.nginx.virtualHosts.${config.services.firefox-syncserver.singleNode.hostname} = {
|
||||
# enableACME = true;
|
||||
# forceSSL = true;
|
||||
#
|
||||
# locations."/".proxyPass = let
|
||||
# host = "127.0.0.1";
|
||||
# port = builtins.toString config.services.firefox-syncserver.settings.port;
|
||||
# in "http://${host}:${port}";
|
||||
# };
|
||||
#
|
||||
# services.mysql.package = pkgs.mariadb;
|
||||
# }
|
||||
{}
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
virtualHostName = "forgejo.helveticanonstandard.net";
|
||||
|
|
@ -50,24 +51,26 @@ in {
|
|||
secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer.path;
|
||||
};
|
||||
|
||||
systemd.services.forgejo.preStart = let
|
||||
forgejo = lib.getExe config.services.forgejo.package;
|
||||
passwordFile = config.age.secrets.forgejo-admin.path;
|
||||
user = "helvetica";
|
||||
email = "helvetica@helveticanonstandard.net";
|
||||
in ''
|
||||
if ! \
|
||||
${forgejo} admin user change-password \
|
||||
--username ${lib.escapeShellArg user} \
|
||||
--password "$(cat -- ${lib.escapeShellArg passwordFile})"
|
||||
then
|
||||
${forgejo} admin user create \
|
||||
--admin \
|
||||
--email ${lib.escapeShellArg email} \
|
||||
--username ${lib.escapeShellArg user} \
|
||||
--password "$(cat -- ${lib.escapeShellArg passwordFile})"
|
||||
fi
|
||||
'';
|
||||
systemd.services.forgejo.preStart = lib.getExe pkgs.writeShellApplication {
|
||||
name = "forgejo-init-admin";
|
||||
runtimeInputs = [
|
||||
config.services.forgejo.package
|
||||
];
|
||||
text = let
|
||||
passwordFile = config.age.secrets.forgejo-admin.path;
|
||||
in ''
|
||||
admins=$(admin user list --admin)
|
||||
admins=$((admins - 1))
|
||||
|
||||
if ((admins < 1)); then
|
||||
gitea admin user create \
|
||||
--admin \
|
||||
--email helvetica@helveticanonstandard.net \
|
||||
--username helvetica \
|
||||
--password "$(cat -- ${passwordFile})"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${virtualHostName} = {
|
||||
enableACME = true;
|
||||
|
|
|
|||
10
hosts/headless/abacus/mariadb.nix
Normal file
10
hosts/headless/abacus/mariadb.nix
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# {pkgs, ...}: {
|
||||
# services.mysql.package = pkgs.mariadb;
|
||||
#
|
||||
# services.mysqlBackup = {
|
||||
# enable = true;
|
||||
# startAt = "*-*-* 02:00:00";
|
||||
# location = "/srv/backup/postgresql";
|
||||
# };
|
||||
# }
|
||||
{}
|
||||
23
hosts/headless/abacus/mealie.nix
Normal file
23
hosts/headless/abacus/mealie.nix
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
{config, ...}: let
|
||||
virtualHostName = "mealie.helveticanonstandard.net";
|
||||
in {
|
||||
services.mealie = {
|
||||
enable = true;
|
||||
settings = {
|
||||
BASE_URL = "https://${virtualHostName}";
|
||||
ALLOW_SIGNUP = false;
|
||||
};
|
||||
listenAddress = "127.0.0.1";
|
||||
port = 8040;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${virtualHostName} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/".proxyPass = let
|
||||
host = config.services.mealie.listenAddress;
|
||||
port = builtins.toString config.services.mealie.port;
|
||||
in "http://${host}:${port}";
|
||||
};
|
||||
}
|
||||
8
hosts/headless/abacus/postgresql.nix
Normal file
8
hosts/headless/abacus/postgresql.nix
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
startAt = "*-*-* 02:00:00";
|
||||
location = "/srv/backup/postgresql";
|
||||
backupAll = true;
|
||||
};
|
||||
}
|
||||
|
|
@ -1,9 +1,14 @@
|
|||
{
|
||||
inputs,
|
||||
self,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
inputs.musicomp.nixosModules.default
|
||||
];
|
||||
|
||||
services.musicomp.jobs.main = {
|
||||
music = "/srv/music";
|
||||
comp = "/srv/compmusic";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue