a

2023-10-24 18:42:46 +02:00 · 2023-10-24 18:42:46 +02:00 · 8627a33aa5
commit 8627a33aa5
parent de33341053
3 changed files with 37 additions and 23 deletions
--- a/hosts/daedalus/default.nix
+++ b/hosts/daedalus/default.nix
@ -52,15 +52,15 @@ with lib.my;
      tmMountPath = "/tmp/timeMachineSnapshotForBorg";
    in
    {
-      enable = true;
+      enable = false;
      configurations."daedalus-ds9" = {
        source_directories = [ tmMountPath ];
        exclude_if_present = [ ".nobackup" ];
        repositories = [
-          "ssh://ragon@ds9/backups/daedalus/borgmatic"
-          "ssh://root@gatebridge/media/backup/daedalus"
+          { path = "ssh://ragon@ds9/backups/daedalus/borgmatic"; label = "ds9"; }
+          { path = "ssh://root@gatebridge/media/backup/daedalus"; label = "gatebridge"; }
        ];
-        encryption_passcommand = ''security find-generic-password -a daedalus -s borgmaticKey -g 2>&1 | grep -E 'password' | sed 's/^.*"\(.*\)"$/\1/g' '';
+        encryption_passcommand = pkgs.writeShellScript "getBorgmaticPw" ''security find-generic-password -a daedalus -s borgmaticKey -g 2>&1 | grep -E 'password' | sed 's/^.*"\(.*\)"$/\1/g' '';
        compression = "auto,zstd,10";
        #ssh_command = "ssh -o GlobalKnownHostsFile=${config.age.secrets.gatebridgeHostKeys.path} -i ${config.age.secrets.picardResticSSHKey.path}";
        keep_hourly = 24;
@ -73,9 +73,9 @@ with lib.my;
            "apfsSnapshot"
            ''
              tmutil localsnapshot
-              SNAPSHOT=$(tmutil listlocalsnapshots / | tail -n 1)
+              SNAPSHOT=$(tmutil listlocalsnapshots / | grep TimeMachine | tail -n 1)
              mkdir -p "${tmMountPath}"
-              mount -t apfs -r -o -s=$SNAPSHOT / "${tmMountPath}"
+              mount_apfs -s $SNAPSHOT /System/Volumes/Data "${tmMountPath}"
            '')
        ];
        after_backup = [
@ -83,8 +83,16 @@ with lib.my;
            "apfsSnapshotUnmount"
            ''
              diskutil unmount "${tmMountPath}"
-              SNAPSHOT=$(tmutil listlocalsnapshots / | tail -n 1)
-              tmutil deletelocalsnapshots $(echo $SNAPSHOT | sed 's/com\.apple\.TimeMachine\.//g')
+              SNAPSHOT=$(tmutil listlocalsnapshots / | grep TimeMachine | tail -n 1)
+              tmutil deletelocalsnapshots $(echo $SNAPSHOT | sed 's/com\.apple\.TimeMachine\.\(.*\)\.local/\1/g')
+            '')
+        ];
+        on_error = [
+
+          (pkgs.writeShellScript
+            "apfsSnapshotUnmountError"
+            ''
+              diskutil unmount "${tmMountPath}"
            '')
        ];
      };
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -75,6 +75,12 @@
    locations."/".return = "307 https://xyno.space$request_uri";
  } // (lib.my.findOutTlsConfig "xyno.systems" config);

+  services.nginx.virtualHosts."czi.dating" = {
+    locations."/".return = "307 https://foss-ag.de$request_uri";
+    forceSSL = true;
+    enableACME = true;
+  };
+
  security.acme.certs."xyno.space" = {
    dnsProvider = "ionos";
    dnsResolver = "1.1.1.1:53";
@ -187,7 +193,7 @@
      ts3.enable = true;
      nginx.enable = true;
      nginx.domain = "ragon.xyz";
-      nginx.domains = [ "xyno.space" "xyno.systems" ];
+      nginx.domains = [ "xyno.space" "xyno.systems" "czi.dating" ];
    };

  };
--- a/hosts/picard/xynospace-matrix.nix
+++ b/hosts/picard/xynospace-matrix.nix
@ -28,20 +28,20 @@ in

  users.users.slidingsync = { isSystemUser = true; group = "slidingsync"; uid = 990; };
  users.groups.slidingsync = { gid = 988; };
-  virtualisation.oci-containers.containers."matrix-sliding-sync" = {
-    image = "ghcr.io/matrix-org/sliding-sync:latest";
-    ports = [ "127.0.0.1:8009:8008" ];
-    user = "${toString config.users.users.slidingsync.uid}:${toString config.users.groups.slidingsync.gid}";
-    volumes = [
-      "/run/postgresql:/run/postgresql"
-    ];
-    environmentFiles = [ config.age.secrets.picardSlidingSyncSecret.path ];
-    environment = {
-      SYNCV3_SERVER = "https://${fqdn}";
-      SYNCV3_BINDADDR = ":8008";
-      SYNCV3_DB = "host=/run/postgresql user=slidingsync dbname=slidingsync password=slidingsync";
-    };
-  };
+  # virtualisation.oci-containers.containers."matrix-sliding-sync" = {
+  #   image = "ghcr.io/matrix-org/sliding-sync:latest";
+  #   ports = [ "127.0.0.1:8009:8008" ];
+  #   user = "${toString config.users.users.slidingsync.uid}:${toString config.users.groups.slidingsync.gid}";
+  #   volumes = [
+  #     "/run/postgresql:/run/postgresql"
+  #   ];
+  #   environmentFiles = [ config.age.secrets.picardSlidingSyncSecret.path ];
+  #   environment = {
+  #     SYNCV3_SERVER = "https://${fqdn}";
+  #     SYNCV3_BINDADDR = ":8008";
+  #     SYNCV3_DB = "host=/run/postgresql user=slidingsync dbname=slidingsync password=slidingsync";
+  #   };
+  # };
  services.postgresql = {
    ensureDatabases = [ "slidingsync" ];
    ensureUsers = [