felixalb/nixos-config
felixalb/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: felixalb:e92e999d2bf7ceab58d3f338dcb031734224958a
Branches Tags
felixalb:main
...
compare: felixalb:3ef7bf6496ccbaf2c39f9956d3fd3f8cbb2cf895
Branches Tags
felixalb:main

3 Commits
e92e999d2b ... 3ef7bf6496

Author SHA1 Message Date
Felix Albrigtsen
3ef7bf6496 defiant: Enable postgresql backups 2024-03-07 23:52:36 +01:00
Felix Albrigtsen
556bd25ce3 defiant: open loki port in the firewall 2024-03-07 23:52:36 +01:00
Felix Albrigtsen
f0173ad68e defiant: update microbin settings 2024-03-07 23:52:36 +01:00
8 changed files with 22 additions and 14 deletions
Show Stats Expand all files Collapse all files

2
hosts/defiant/services/gitea.nix
View File

@ -58,5 +58,7 @@ in {
systemd.services.gitea.serviceConfig.WorkingDirectory = lib.mkForce "${cfg.stateDir}/work"; systemd.services.gitea.serviceConfig.WorkingDirectory = lib.mkForce "${cfg.stateDir}/work";
services.postgresqlBackup.databases = [ "gitea" ];
networking.firewall.allowedTCPPorts = [ sshPort ]; networking.firewall.allowedTCPPorts = [ sshPort ];
} }

2
hosts/defiant/services/hedgedoc.nix
View File

@ -95,6 +95,8 @@ in {
}]; }];
}; };
services.postgresqlBackup.databases = [ "hedgedoc" ];
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
listen = [ listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; } { addr = "192.168.10.175"; port = 43443; ssl = true; }

2
hosts/defiant/services/matrix/synapse.nix
View File

@ -72,6 +72,8 @@
}; };
}; };
services.postgresqlBackup.databases = [ "matrix-synapse" ];
services.redis.servers."".enable = true; services.redis.servers."".enable = true;
services.nginx.virtualHosts."matrix.feal.no" = { services.nginx.virtualHosts."matrix.feal.no" = {

4
hosts/defiant/services/metrics/loki.nix
View File

@ -71,4 +71,8 @@ in {
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [
cfg.configuration.server.http_listen_port
];
} }

12
hosts/defiant/services/microbin.nix
View File

@ -3,7 +3,6 @@ let
cfg = config.services.microbin; cfg = config.services.microbin;
domain = "p.feal.no"; domain = "p.feal.no";
address = "127.0.1.2"; address = "127.0.1.2";
max_upload_mb = 1024;
port = 5006; port = 5006;
in { in {
@ -14,14 +13,13 @@ in {
MICROBIN_BIND = address; MICROBIN_BIND = address;
MICROBIN_DISABLE_TELEMETRY = true; MICROBIN_DISABLE_TELEMETRY = true;
MICROBIN_ENABLE_BURN_AFTER = true; MICROBIN_ENABLE_BURN_AFTER = true;
MICROBIN_ETERNAL_PASTA = true;
MICROBIN_FOOTER_TEXT = "Be nice or go away"; MICROBIN_FOOTER_TEXT = "Be nice or go away";
MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB = max_upload_mb; MICROBIN_NO_FILE_UPLOAD = true;
MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB = max_upload_mb; MICROBIN_NO_LISTING = true;
MICROBIN_PORT = port; MICROBIN_PORT = port;
MICROBIN_PUBLIC_PATH = "https://${domain}/"; MICROBIN_PUBLIC_PATH = "https://${domain}/";
MICROBIN_QR = true; MICROBIN_QR = true;
MICROBIN_TITLE = "felixalbs pasta collection"; MICROBIN_TITLE = "Temporary pasta collection";
}; };
}; };
@ -36,10 +34,6 @@ in {
{ addr = "192.168.10.175"; port = 43080; ssl = false; } { addr = "192.168.10.175"; port = 43080; ssl = false; }
]; ];
extraConfig = ''
client_max_body_size ${toString max_upload_mb}M;
'';
locations."/" = { locations."/" = {
proxyPass = "http://${address}:${toString port}"; proxyPass = "http://${address}:${toString port}";
}; };

6
hosts/defiant/services/postgresql.nix
View File

@ -6,10 +6,12 @@
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
# enable = true; enable = true;
location = "/data/backup/postgresql/"; location = "/data/backup/postgresql/";
startAt = "*-*-* 03:15:00"; startAt = "*-*-* 03:15:00";
backupAll = true;
# Each service is registered in its own configuration file
databases = [ ];
}; };
environment.systemPackages = [ config.services.postgresql.package ]; environment.systemPackages = [ config.services.postgresql.package ];

2
hosts/defiant/services/vaultwarden.nix
View File

@ -35,6 +35,8 @@ in {
}]; }];
}; };
services.postgresqlBackup.databases = [ "vaultwarden" ];
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

6
secrets/defiant/defiant.yaml
View File

@ -6,7 +6,7 @@ hedgedoc:
vaultwarden: vaultwarden:
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str] admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
microbin: microbin:
secrets: ENC[AES256_GCM,data:GaEbiNENeLnVrqcJBHCks844WiYtVmU3yeGTLdrhPhPCfdgMiGst2nwIeTAGxqcy2Wn3Jo6hsGsHaGnFVgZ8+6Ej8rAU2Q==,iv:0EPKzBU/iy8YWZhJDF/iPCpfOneiLgf27XHby89RvB8=,tag:4oNhGEFjz4GylUXH/UuF+Q==,type:str] secrets: ENC[AES256_GCM,data:B2yOSEXFyge7fgphtKcy8CjaeEiwmHAxgGoiqa4lmQtRtnxy5UuH3dFuCXHvbd3n6YA24zX3ANIQpj6ilT4I96+P+L9TjA==,iv:3mryQf3GdKCqBkLsfyqJk5ZN+/gOEbL/LmEzreINGME=,tag:YD8uvkS23c5B7J9srRrU9w==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -31,8 +31,8 @@ sops:
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ== fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-21T21:11:56Z" lastmodified: "2024-02-28T16:10:53Z"
mac: ENC[AES256_GCM,data:NBmL+eOcavjU/xhQZtDvuJvvG+wXjU+PGayaNuTDdbo4zk1j8twoVrLCSOLVZuCFO88/2YEtmMJkNOEsPO2hbDhJl5k20g1880rQt4LhPn5sdHyxzrPL3ehDWNLyZy+JMl0SbDI/yjNRH/jX7UxjcBjMCW4WVQpqFK2na20PYfI=,iv:A9h6ziIZUDbtzTmTeSFYZcBKQ1KMkEkQe7PW6ahW/XQ=,tag:VfYygPnzeTMDUXyyNlCcZg==,type:str] mac: ENC[AES256_GCM,data:Yid2Q5JTjWTLeh3qR2K0cX/Fk2p78Asj3x+kCDLtwJoULiZ+7xJKi/h2X4sRYw+vUou7HO3u+b8/MPvEapNjvqLyf4gseuvqdr2m/vR8DqxOdtl0xvrMoE8bTTR6tuCCIGIKEcEA7VviU+aCIm68CLkgq03DkF3g3hyC/VSKo9Y=,iv:66FpFV7mdTv1r+o3p4cK7CigDxGJOW70JZaEJE+fSLA=,tag:gNyPFbRc8VP9vOYdTt2YZg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1