Add postgres, fix hedgedoc, various cleanups

This commit is contained in:
Felix Albrigtsen 2023-05-03 17:49:50 +02:00
parent 617b76b273
commit 85331ae32b
5 changed files with 54 additions and 16 deletions

View File

@ -18,16 +18,6 @@
keyMap = "no"; keyMap = "no";
}; };
system.autoUpgrade = {
enable = true;
flake = "github:felixalbrigtsen/nixos-server-conf";
flags = [
"--update-input" "nixpkgs"
"--update-input" "unstable"
"--no-write-lock-file"
];
};
nix = { nix = {
gc = { gc = {
automatic = true; automatic = true;
@ -56,6 +46,13 @@
enable = true; enable = true;
permitRootLogin = "no"; permitRootLogin = "no";
passwordAuthentication = false; passwordAuthentication = false;
kbdInteractiveAuthentication = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding yes
AuthenticationMethods publickey
'';
}; };
users.users.felixalb = { users.users.felixalb = {

View File

@ -11,6 +11,7 @@
#./vms.nix #./vms.nix
./services/nginx ./services/nginx
./services/postgres.nix
./services/kanidm.nix ./services/kanidm.nix
./services/jellyfin.nix ./services/jellyfin.nix
./services/metrics ./services/metrics
@ -26,7 +27,7 @@
# - Transmission # - Transmission
# x Jellyfin # x Jellyfin
# x NFS imports # x NFS imports
# - NFS exports # x NFS exports
# - FreeBSD VM # - FreeBSD VM
# - Kali VM # - Kali VM
# x Kerberos / IPA / Kanidm # x Kerberos / IPA / Kanidm
@ -36,7 +37,7 @@
networking = { networking = {
hostName = "voyager"; hostName = "voyager";
defaultGateway = "192.168.10.1"; defaultGateway = "192.168.10.1";
nameservers = [ "192.168.10.1" "1.1.1.1" ]; nameservers = [ "192.168.11.100" "1.1.1.1" ];
interfaces.eno1.ipv4 = { interfaces.eno1.ipv4 = {
addresses = [ addresses = [
{ address = "192.168.10.165"; prefixLength = 24; } { address = "192.168.10.165"; prefixLength = 24; }

View File

@ -29,6 +29,11 @@
in ["${automount_opts},credentials=/etc/feal-syn1-credentials"]; in ["${automount_opts},credentials=/etc/feal-syn1-credentials"];
}; };
"/var/backup" = {
device = "/tank/backup/voyager";
options = [ "bind "];
};
}; };
# Network mounts (export) # Network mounts (export)

View File

@ -20,10 +20,10 @@ in {
sessionSecret = "$CMD_SESSION_SECRET"; sessionSecret = "$CMD_SESSION_SECRET";
allowFreeURL = true; allowFreeURL = true;
db = { allowAnonymous = false;
dialect = "sqlite"; allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
}; dbURL = "postgres://hedgedoc:@localhost/hedgedoc";
email = false; email = false;
oauth2 = { oauth2 = {
@ -51,4 +51,15 @@ in {
}; };
networking.firewall.allowedTCPPorts = [ port ]; networking.firewall.allowedTCPPorts = [ port ];
services.postgresql = {
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{
name = "hedgedoc";
ensurePermissions = {
"DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
};
}];
};
} }

View File

@ -0,0 +1,24 @@
{ config, pkgs, lib, ... }:
{
services.postgresql = {
enable = true;
/* enableTCPIP = true; # Expose on the network */
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
services.postgresqlBackup = {
enable = true;
location = "/var/backup/postgres";
startAt = "*-*-* 03:15:00";
backupAll = true;
};
environment.systemPackages = [ config.services.postgresql.package ];
}