helvetica/puter
1
0
Fork 0
Code Activity

stuff

Browse source
This commit is contained in:
Lukas Wurzinger 2025-04-08 23:27:00 +02:00
parent b7e93fc970
commit ebf2035c54
No known key found for this signature in database
30 changed files with 305 additions and 462 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/headless/abacus/backup.nix
View file

@ -12,6 +12,12 @@
paths = [
config.services.vaultwarden.backupDir
config.services.syncthing.dataDir
config.services.forgejo.stateDir
config.services.postgresqlBackup.location
config.services.postgresqlBackup.location
# TODO: Add stateDir options for these
"/var/lib/headscale"
"/var/lib/navidrome"
];
passwordFile = config.age.secrets."restic-${attrName}".path;
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];

37
hosts/headless/abacus/firefox-syncserver.nix Normal file
View file

@ -0,0 +1,37 @@
# TODO: do this via tailscale?
# {
# config,
# lib,
# pkgs,
# ...
# }: let
# virtualHostName = "syncserver.helveticanonstandard.net";
# in {
# age.secrets = lib.mkSecrets {syncserver = {};};
#
# services.firefox-syncserver = {
# enable = true;
# secrets = config.age.secrets.syncserver.path;
# singleNode = {
# enable = true;
# hostname = virtualHostName;
# url = "https://${virtualHostName}";
# };
# settings = {
# port = 8070;
# };
# };
#
# services.nginx.virtualHosts.${config.services.firefox-syncserver.singleNode.hostname} = {
# enableACME = true;
# forceSSL = true;
#
# locations."/".proxyPass = let
# host = "127.0.0.1";
# port = builtins.toString config.services.firefox-syncserver.settings.port;
# in "http://${host}:${port}";
# };
#
# services.mysql.package = pkgs.mariadb;
# }
{}

39
hosts/headless/abacus/forgejo.nix
View file

@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
virtualHostName = "forgejo.helveticanonstandard.net";
@ -50,24 +51,26 @@ in {
secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer.path;
};
systemd.services.forgejo.preStart = let
forgejo = lib.getExe config.services.forgejo.package;
passwordFile = config.age.secrets.forgejo-admin.path;
user = "helvetica";
email = "helvetica@helveticanonstandard.net";
in ''
if ! \
${forgejo} admin user change-password \
--username ${lib.escapeShellArg user} \
--password "$(cat -- ${lib.escapeShellArg passwordFile})"
then
${forgejo} admin user create \
--admin \
--email ${lib.escapeShellArg email} \
--username ${lib.escapeShellArg user} \
--password "$(cat -- ${lib.escapeShellArg passwordFile})"
fi
'';
systemd.services.forgejo.preStart = lib.getExe pkgs.writeShellApplication {
name = "forgejo-init-admin";
runtimeInputs = [
config.services.forgejo.package
];
text = let
passwordFile = config.age.secrets.forgejo-admin.path;
in ''
admins=$(admin user list --admin)
admins=$((admins - 1))
if ((admins < 1)); then
gitea admin user create \
--admin \
--email helvetica@helveticanonstandard.net \
--username helvetica \
--password "$(cat -- ${passwordFile})"
fi
'';
};
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;

10
hosts/headless/abacus/mariadb.nix Normal file
View file

@ -0,0 +1,10 @@
# {pkgs, ...}: {
# services.mysql.package = pkgs.mariadb;
#
# services.mysqlBackup = {
# enable = true;
# startAt = "*-*-* 02:00:00";
# location = "/srv/backup/postgresql";
# };
# }
{}

23
hosts/headless/abacus/mealie.nix Normal file
View file

@ -0,0 +1,23 @@
{config, ...}: let
virtualHostName = "mealie.helveticanonstandard.net";
in {
services.mealie = {
enable = true;
settings = {
BASE_URL = "https://${virtualHostName}";
ALLOW_SIGNUP = false;
};
listenAddress = "127.0.0.1";
port = 8040;
};
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = let
host = config.services.mealie.listenAddress;
port = builtins.toString config.services.mealie.port;
in "http://${host}:${port}";
};
}

8
hosts/headless/abacus/postgresql.nix Normal file
View file

@ -0,0 +1,8 @@
{
services.postgresqlBackup = {
enable = true;
startAt = "*-*-* 02:00:00";
location = "/srv/backup/postgresql";
backupAll = true;
};
}