preparing for deployment

2024-06-21 13:48:12 +02:00 · 2024-06-21 13:48:12 +02:00 · 9af033b5f3
commit 9af033b5f3
parent 1b33d42ae7
2 changed files with 40 additions and 39 deletions
--- a/host.nix
+++ b/host.nix
@ -90,7 +90,8 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
            then {}
            else {
              "${host}" = {
-                # enableACME = true;
+                enableACME = true;
                forceSSL = true;
                locations."/".proxyPass = 
                  "http://${ip}:${builtins.toString ports.http}";
              };
@ -155,43 +156,43 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
  };
  # [BACKUPS]
-  systemd = {
+  # systemd = {
-    timers.backup-container-storage = {
+  #   timers.backup-container-storage = {
-      enable = true;
+  #     enable = true;
-      description = "Backup container volumes";
+  #     description = "Backup container volumes";
-      wantedBy = ["multi-user.target"];
+  #     wantedBy = ["multi-user.target"];
-      timerConfig = {
+  #     timerConfig = {
-        OnCalendar = "*-*-* 02:00:00";
+  #       OnCalendar = "*-*-* 02:00:00";
-        Unit = "backup-container-storage.service";
+  #       Unit = "backup-container-storage.service";
-      };
+  #     };
-    };
+  #   };
-    services.backup-container-storage = {
+  #   services.backup-container-storage = {
-      description = "Backup container volumes";
+  #     description = "Backup container volumes";
-      startLimitBurst = 1;
+  #     startLimitBurst = 1;
-      startLimitIntervalSec = 1800;
+  #     startLimitIntervalSec = 1800;
-      script = with builtins; let
+  #     script = with builtins; let
-          volumes = concatMap (s: s.volumes) services;
+  #         volumes = concatMap (s: s.volumes) services;
-          backupVolumes = filter (v: if v ? backup then v.backup else true) volumes;
+  #         backupVolumes = filter (v: if v ? backup then v.backup else true) volumes;
-          backupMountpoints = map (v: hostVolumeDir + v.name) backupVolumes;
+  #         backupMountpoints = map (v: hostVolumeDir + v.name) backupVolumes;
-        in ''
+  #       in ''
-        PATH="$PATH:${pkgs.lib.makeBinPath [
+  #       PATH="$PATH:${pkgs.lib.makeBinPath [
-          pkgs.gnutar
+  #         pkgs.gnutar
-          pkgs.gzip
+  #         pkgs.gzip
-        ]}"
+  #       ]}"
-        mountpoint ${hostBackupDir} || {
+  #       mountpoint ${hostBackupDir} || {
-          echo "${hostBackupDir} is not a mountpoint!"
+  #         echo "${hostBackupDir} is not a mountpoint!"
-          exit 7
+  #         exit 7
-        }
+  #       }
-        echo "Starting Backup"
+  #       echo "Starting Backup"
-        # 7 days of backups
+  #       # 7 days of backups
-        rm -rf ${hostBackupDir}/backup.7.tgz
+  #       rm -rf ${hostBackupDir}/backup.7.tgz
-        for x in $(seq 6); do
+  #       for x in $(seq 6); do
-          mv "${hostBackupDir}/backup.$x.tgz" "${hostBackupDir}/backup.$((x+1)).tgz"
+  #         mv "${hostBackupDir}/backup.$x.tgz" "${hostBackupDir}/backup.$((x+1)).tgz"
-        done
+  #       done
-        tar -zcvpf ${hostBackupDir}/backup.1.tgz ${toString backupMountpoints}
+  #       tar -zcvpf ${hostBackupDir}/backup.1.tgz ${toString backupMountpoints}
-      '';
+  #     '';
-    };
+  #   };
-  };
+  # };
  # [SECURITY]
  security.sudo.execWheelOnly = true;
--- a/services/gitea.nix
+++ b/services/gitea.nix
@ -20,7 +20,7 @@
        server = {
          DOMAIN = "githug.xyz";
          ROOT_URL = "https://githug.xyz/";
-          # COOKIE_SECURE = true;
+          COOKIE_SECURE = true;
          HTTP_PORT = 3001;
          OFFLINE_MODE = true;
        };