Add postgres, fix hedgedoc, various cleanups

hosts/voyager/configuration.nix

@@ -11,6 +11,7 @@
       #./vms.nix
 
       ./services/nginx
+      ./services/postgres.nix
       ./services/kanidm.nix
       ./services/jellyfin.nix
       ./services/metrics
@@ -26,7 +27,7 @@
   # - Transmission
   # x Jellyfin
   # x NFS imports
-  # - NFS exports
+  # x NFS exports
   # - FreeBSD VM
   # - Kali VM
   # x Kerberos / IPA / Kanidm
@@ -36,7 +37,7 @@
   networking = {
     hostName = "voyager";
     defaultGateway = "192.168.10.1";
-    nameservers = [ "192.168.10.1" "1.1.1.1" ];
+    nameservers = [ "192.168.11.100" "1.1.1.1" ];
     interfaces.eno1.ipv4 = {
       addresses = [
       { address = "192.168.10.165"; prefixLength = 24; }

hosts/voyager/filesystems.nix

@@ -29,6 +29,11 @@
 
       in ["${automount_opts},credentials=/etc/feal-syn1-credentials"];
     };
+
+    "/var/backup" = {
+      device = "/tank/backup/voyager";
+      options = [ "bind "];
+    };
   };
 
   # Network mounts (export)

hosts/voyager/services/hedgedoc.nix

@@ -20,10 +20,10 @@ in {
             sessionSecret = "$CMD_SESSION_SECRET";
 
             allowFreeURL = true;
-            db = {
-                dialect = "sqlite";
-                storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
-            };
+            allowAnonymous = false;
+            allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
+
+            dbURL = "postgres://hedgedoc:@localhost/hedgedoc";
 
             email = false;
             oauth2 = {
@@ -51,4 +51,15 @@ in {
     };
 
     networking.firewall.allowedTCPPorts = [ port ];
+
+    services.postgresql = {
+      ensureDatabases = [ "hedgedoc" ];
+      ensureUsers = [{
+        name = "hedgedoc";
+        ensurePermissions = {
+          "DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
+        };
+      }];
+    };
+
 }

hosts/voyager/services/postgres.nix

@@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }:
+{
+  services.postgresql = {
+    enable = true;
+    /* enableTCPIP = true; # Expose on the network */
+    authentication = pkgs.lib.mkOverride 10 ''
+     local all all trust
+     host all all 127.0.0.1/32 trust
+     host all all ::1/128 trust
+    '';
+  };
+
+  services.postgresqlBackup = {
+    enable = true;
+    location = "/var/backup/postgres";
+    startAt = "*-*-* 03:15:00";
+    backupAll = true;
+  };
+
+  
+  environment.systemPackages = [ config.services.postgresql.package ];
+}
+
+