rachel/nixos-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backups

Browse Source
This commit is contained in:
Rachel Lambda Samuelsson 2024-05-31 10:36:14 +02:00
parent 9a451889a3
commit b81084b65c
6 changed files with 171 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
flake.lock
View File

@ -95,6 +95,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -204,10 +222,32 @@
"type": "github" "type": "github"
} }
}, },
"rachelcafe": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705262863,
"narHash": "sha256-gAn/k4uHl+qiZY3l4gtQd4RZ/QJSSYCqrDu/9JdzTMo=",
"ref": "refs/heads/master",
"rev": "b01d01e7b5e43424440dba2f732610710698e8e6",
"revCount": 88,
"type": "git",
"url": "https://githug.xyz/rachel/rachel.cafe"
},
"original": {
"type": "git",
"url": "https://githug.xyz/rachel/rachel.cafe"
}
},
"root": { "root": {
"inputs": { "inputs": {
"nixos-config": "nixos-config", "nixos-config": "nixos-config",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3",
"rachelcafe": "rachelcafe"
} }
}, },
"slippi-desktop": { "slippi-desktop": {
@ -259,6 +299,21 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

10
flake.nix
View File

@ -4,9 +4,11 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOs/nixpkgs/nixos-23.11"; nixpkgs.url = "github:NixOs/nixpkgs/nixos-23.11";
nixos-config.url = "git+https://githug.xyz/rachel/nixos-config"; nixos-config.url = "git+https://githug.xyz/rachel/nixos-config";
rachelcafe.url = "git+https://githug.xyz/rachel/rachel.cafe";
rachelcafe.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, nixos-config, ... }: outputs = inputs@{ self, nixpkgs, nixos-config, rachelcafe, ... }:
let nix-config-module = let nix-config-module =
{ {
nix.registry.nixpkgs.flake = nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;
@ -26,8 +28,7 @@
]; ];
}; };
}; };
keyboard-module = keyboard-module = {
{
console = { console = {
useXkbConfig = true; useXkbConfig = true;
}; };
@ -47,8 +48,9 @@
modules = [ modules = [
nix-config-module nix-config-module
keyboard-module keyboard-module
(import ./host.nix state-version { (import ./host.nix {
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
inherit inputs state-version;
}) })
]; ];
in { in {

57
host.nix
View File

@ -1,5 +1,9 @@
state-version: { pkgs, ... }: { pkgs, state-version, inputs, ... }:
let lib = import ./lib.nix { inherit pkgs; }; let hostVolumeDir = "/var/lib/container-storage/";
hostBackupDir = "/mnt/backup";
lib = import ./lib.nix { inherit pkgs; } // inputs // {
inherit hostVolumeDir hostBackupDir;
};
services = with builtins; services = with builtins;
let services_no_ip = let services_no_ip =
map (s: import (./services + "/${s}") { inherit pkgs lib; }) map (s: import (./services + "/${s}") { inherit pkgs lib; })
@ -10,7 +14,6 @@ let lib = import ./lib.nix { inherit pkgs; };
secrets = import ./secrets/secrets.nix; secrets = import ./secrets/secrets.nix;
hostIp = "10.10.0.1"; hostIp = "10.10.0.1";
hostVolumeDir = "/var/lib/container-storage/";
in in
{ {
@ -23,7 +26,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
privateNetwork = true; privateNetwork = true;
hostAddress = hostIp; hostAddress = hostIp;
localAddress = ip; localAddress = ip;
bindMounts = lib.flatMap (volume@{ name, mountPoint }: bindMounts = lib.flatMap (volume@{ name, mountPoint, ... }:
{ {
"${name}" = { "${name}" = {
inherit mountPoint; inherit mountPoint;
@ -79,6 +82,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedOptimisation = true;
virtualHosts = virtualHosts =
lib.flatMap ({ ports, hosts, ip, ... }: lib.flatMap ({ ports, hosts, ip, ... }:
lib.flatMap (host: lib.flatMap (host:
@ -86,6 +90,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
then {} then {}
else { else {
"${host}" = { "${host}" = {
# enableACME = true;
locations."/".proxyPass = locations."/".proxyPass =
"http://${ip}:${builtins.toString ports.http}"; "http://${ip}:${builtins.toString ports.http}";
}; };
@ -132,6 +137,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
# [SOFTWARE] # [SOFTWARE]
programs.bash.interactiveShellInit = '' programs.bash.interactiveShellInit = ''
set -o vi set -o vi
alias doas=sudo
''; '';
# [NIX] # [NIX]
@ -147,8 +153,47 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
}; };
}; };
security.sudo.enable = false; # [BACKUPS]
security.doas.enable = true; systemd = {
timers.backup-container-storage = {
enable = true;
description = "Backup container volumes";
wantedBy = ["multi-user.target"];
timerConfig = {
OnCalendar = "*-*-* 02:00:00";
Unit = "backup-container-storage.service";
};
};
services.backup-container-storage = {
description = "Backup container volumes";
startLimitBurst = 1;
startLimitIntervalSec = 1800;
script = with builtins; let
volumes = concatMap (s: s.volumes) services;
backupVolumes = filter (v: if v ? backup then v.backup else true) volumes;
backupMountpoints = map (v: hostVolumeDir + v.name) backupVolumes;
in ''
PATH="$PATH:${pkgs.lib.makeBinPath [
pkgs.gnutar
pkgs.gzip
]}"
mountpoint ${hostBackupDir} || {
echo "${hostBackupDir} is not a mountpoint!"
exit 7
}
echo "Starting Backup"
# 7 days of backups
rm -rf ${hostBackupDir}/backup.7.tgz
for x in $(seq 6); do
mv "${hostBackupDir}/backup.$x.tgz" "${hostBackupDir}/backup.$((x+1)).tgz"
done
tar -zcvpf ${hostBackupDir}/backup.1.tgz ${toString backupMountpoints}
'';
};
};
# [SECURITY]
security.sudo.execWheelOnly = true;
system.stateVersion = state-version; system.stateVersion = state-version;

2
services/gitea.nix
View File

@ -9,7 +9,7 @@
database = { database = {
type = "postgres"; type = "postgres";
host = "postgres.containers"; host = "postgres.containers";
port = 3306; port = 5432;
name = "gitea"; name = "gitea";
user = "gitea"; user = "gitea";
createDatabase = false; createDatabase = false;

31
services/nfs.nix Normal file
View File

@ -0,0 +1,31 @@
{ pkgs, lib, ... }:
{
name = "gitea";
config = {
services.nfs.server = {
enable = true;
createMountPoints = true;
exports = ''
/srv/nfs/music 192.168.0.0/16(rw,sync,no_subtree_check) *(ro,sync,no_subtree_check)
'';
};
};
ports = {
tcp = [ 111 2049 ];
udp = [ 111 2049 ];
http = null;
forward = [
{ container = 111; host = 111; proto = "tcp"; }
{ container = 111; host = 111; proto = "udp"; }
{ container = 2049; host = 2049; proto = "tcp"; }
{ container = 2049; host = 2049; proto = "udp"; }
];
};
hosts = [];
volumes = [{
name = "nfs";
mountPoint = "/srv/nfs/";
readOnly = false;
backup = false;
}];
}

33
services/postgres.nix
View File

@ -4,26 +4,45 @@
services.postgresql = { services.postgresql = {
enable = true; enable = true;
enableTCPIP = true; enableTCPIP = true;
port = 3306; port = 5432;
ensureDatabases = [ "gitea" ]; ensureDatabases = [ "gitea" ];
ensureUsers = [{ ensureUsers = [
{
name = "gitea"; name = "gitea";
ensureDBOwnership = true; ensureDBOwnership = true;
}]; }
{
name = "root";
ensureClauses.superuser = true;
}
];
authentication = '' authentication = ''
host all all 10.10.0.0/16 trust host all gitea 10.10.0.0/16 trust
local all root trust
''; '';
}; };
services.postgresqlBackup = {
enable = true;
backupAll = true;
compression = "gzip";
compressionLevel = 9;
};
}; };
ports = { ports = {
tcp = [ 3306 ]; tcp = [ 5432 ];
udp = []; udp = [];
http = null; http = null;
forward = []; forward = [];
}; };
hosts = [ ]; hosts = [ ];
volumes = [{ volumes = [
{
name = "postgres-storage"; name = "postgres-storage";
mountPoint = "/var/lib/postgresql"; mountPoint = "/var/lib/postgresql";
}]; }
{
name = "postgres-backup";
mountPoint = "/var/backup/postgresql";
}
];
} }