rachel/nixos-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

preparing for deployment

Browse Source
This commit is contained in:
Rachel Lambda Samuelsson 2024-06-21 13:48:12 +02:00
parent 1b33d42ae7
commit 9af033b5f3
2 changed files with 40 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
host.nix
View File

@ -90,7 +90,8 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
then {} then {}
else { else {
"${host}" = { "${host}" = {
# enableACME = true; enableACME = true;
forceSSL = true;
locations."/".proxyPass = locations."/".proxyPass =
"http://${ip}:${builtins.toString ports.http}"; "http://${ip}:${builtins.toString ports.http}";
}; };
@ -155,43 +156,43 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
}; };
# [BACKUPS] # [BACKUPS]
systemd = { # systemd = {
timers.backup-container-storage = { # timers.backup-container-storage = {
enable = true; # enable = true;
description = "Backup container volumes"; # description = "Backup container volumes";
wantedBy = ["multi-user.target"]; # wantedBy = ["multi-user.target"];
timerConfig = { # timerConfig = {
OnCalendar = "*-*-* 02:00:00"; # OnCalendar = "*-*-* 02:00:00";
Unit = "backup-container-storage.service"; # Unit = "backup-container-storage.service";
}; # };
}; # };
services.backup-container-storage = { # services.backup-container-storage = {
description = "Backup container volumes"; # description = "Backup container volumes";
startLimitBurst = 1; # startLimitBurst = 1;
startLimitIntervalSec = 1800; # startLimitIntervalSec = 1800;
script = with builtins; let # script = with builtins; let
volumes = concatMap (s: s.volumes) services; # volumes = concatMap (s: s.volumes) services;
backupVolumes = filter (v: if v ? backup then v.backup else true) volumes; # backupVolumes = filter (v: if v ? backup then v.backup else true) volumes;
backupMountpoints = map (v: hostVolumeDir + v.name) backupVolumes; # backupMountpoints = map (v: hostVolumeDir + v.name) backupVolumes;
in '' # in ''
PATH="$PATH:${pkgs.lib.makeBinPath [ # PATH="$PATH:${pkgs.lib.makeBinPath [
pkgs.gnutar # pkgs.gnutar
pkgs.gzip # pkgs.gzip
]}" # ]}"
mountpoint ${hostBackupDir} || { # mountpoint ${hostBackupDir} || {
echo "${hostBackupDir} is not a mountpoint!" # echo "${hostBackupDir} is not a mountpoint!"
exit 7 # exit 7
} # }
echo "Starting Backup" # echo "Starting Backup"
# 7 days of backups # # 7 days of backups
rm -rf ${hostBackupDir}/backup.7.tgz # rm -rf ${hostBackupDir}/backup.7.tgz
for x in $(seq 6); do # for x in $(seq 6); do
mv "${hostBackupDir}/backup.$x.tgz" "${hostBackupDir}/backup.$((x+1)).tgz" # mv "${hostBackupDir}/backup.$x.tgz" "${hostBackupDir}/backup.$((x+1)).tgz"
done # done
tar -zcvpf ${hostBackupDir}/backup.1.tgz ${toString backupMountpoints} # tar -zcvpf ${hostBackupDir}/backup.1.tgz ${toString backupMountpoints}
''; # '';
}; # };
}; # };
# [SECURITY] # [SECURITY]
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;

2
services/gitea.nix
View File

@ -20,7 +20,7 @@
server = { server = {
DOMAIN = "githug.xyz"; DOMAIN = "githug.xyz";
ROOT_URL = "https://githug.xyz/"; ROOT_URL = "https://githug.xyz/";
# COOKIE_SECURE = true; COOKIE_SECURE = true;
HTTP_PORT = 3001; HTTP_PORT = 3001;
OFFLINE_MODE = true; OFFLINE_MODE = true;
}; };