Add postgres, fix hedgedoc, various cleanups

This commit is contained in:
Felix Albrigtsen 2023-05-03 17:49:50 +02:00
parent 9e64e2dd1f
commit 8386bcad09
5 changed files with 54 additions and 16 deletions

View File

@ -18,16 +18,6 @@
keyMap = "no";
};
system.autoUpgrade = {
enable = true;
flake = "github:felixalbrigtsen/nixos-server-conf";
flags = [
"--update-input" "nixpkgs"
"--update-input" "unstable"
"--no-write-lock-file"
];
};
nix = {
gc = {
automatic = true;
@ -56,6 +46,13 @@
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding yes
AuthenticationMethods publickey
'';
};
users.users.felixalb = {

View File

@ -11,6 +11,7 @@
#./vms.nix
./services/nginx
./services/postgres.nix
./services/kanidm.nix
./services/jellyfin.nix
./services/metrics
@ -26,7 +27,7 @@
# - Transmission
# x Jellyfin
# x NFS imports
# - NFS exports
# x NFS exports
# - FreeBSD VM
# - Kali VM
# x Kerberos / IPA / Kanidm
@ -36,7 +37,7 @@
networking = {
hostName = "voyager";
defaultGateway = "192.168.10.1";
nameservers = [ "192.168.10.1" "1.1.1.1" ];
nameservers = [ "192.168.11.100" "1.1.1.1" ];
interfaces.eno1.ipv4 = {
addresses = [
{ address = "192.168.10.165"; prefixLength = 24; }

View File

@ -29,6 +29,11 @@
in ["${automount_opts},credentials=/etc/feal-syn1-credentials"];
};
"/var/backup" = {
device = "/tank/backup/voyager";
options = [ "bind "];
};
};
# Network mounts (export)

View File

@ -20,10 +20,10 @@ in {
sessionSecret = "$CMD_SESSION_SECRET";
allowFreeURL = true;
db = {
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
};
allowAnonymous = false;
allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
dbURL = "postgres://hedgedoc:@localhost/hedgedoc";
email = false;
oauth2 = {
@ -51,4 +51,15 @@ in {
};
networking.firewall.allowedTCPPorts = [ port ];
services.postgresql = {
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{
name = "hedgedoc";
ensurePermissions = {
"DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
};
}];
};
}

View File

@ -0,0 +1,24 @@
{ config, pkgs, lib, ... }:
{
services.postgresql = {
enable = true;
/* enableTCPIP = true; # Expose on the network */
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
services.postgresqlBackup = {
enable = true;
location = "/var/backup/postgres";
startAt = "*-*-* 03:15:00";
backupAll = true;
};
environment.systemPackages = [ config.services.postgresql.package ];
}