xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

a

Browse source
This commit is contained in:
Lucy Hochkamp 2023-10-24 18:42:46 +02:00
parent de33341053
commit 8627a33aa5
No known key found for this signature in database
3 changed files with 37 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

24
hosts/daedalus/default.nix
View file

@ -52,15 +52,15 @@ with lib.my;
tmMountPath = "/tmp/timeMachineSnapshotForBorg"; tmMountPath = "/tmp/timeMachineSnapshotForBorg";
in in
{ {
enable = true; enable = false;
configurations."daedalus-ds9" = { configurations."daedalus-ds9" = {
source_directories = [ tmMountPath ]; source_directories = [ tmMountPath ];
exclude_if_present = [ ".nobackup" ]; exclude_if_present = [ ".nobackup" ];
repositories = [ repositories = [
"ssh://ragon@ds9/backups/daedalus/borgmatic" { path = "ssh://ragon@ds9/backups/daedalus/borgmatic"; label = "ds9"; }
"ssh://root@gatebridge/media/backup/daedalus" { path = "ssh://root@gatebridge/media/backup/daedalus"; label = "gatebridge"; }
]; ];
encryption_passcommand = ''security find-generic-password -a daedalus -s borgmaticKey -g 2>&1 | grep -E 'password' | sed 's/^.*"\(.*\)"$/\1/g' ''; encryption_passcommand = pkgs.writeShellScript "getBorgmaticPw" ''security find-generic-password -a daedalus -s borgmaticKey -g 2>&1 | grep -E 'password' | sed 's/^.*"\(.*\)"$/\1/g' '';
compression = "auto,zstd,10"; compression = "auto,zstd,10";
#ssh_command = "ssh -o GlobalKnownHostsFile=${config.age.secrets.gatebridgeHostKeys.path} -i ${config.age.secrets.picardResticSSHKey.path}"; #ssh_command = "ssh -o GlobalKnownHostsFile=${config.age.secrets.gatebridgeHostKeys.path} -i ${config.age.secrets.picardResticSSHKey.path}";
keep_hourly = 24; keep_hourly = 24;
@ -73,9 +73,9 @@ with lib.my;
"apfsSnapshot" "apfsSnapshot"
'' ''
tmutil localsnapshot tmutil localsnapshot
SNAPSHOT=$(tmutil listlocalsnapshots / | tail -n 1) SNAPSHOT=$(tmutil listlocalsnapshots / | grep TimeMachine | tail -n 1)
mkdir -p "${tmMountPath}" mkdir -p "${tmMountPath}"
mount -t apfs -r -o -s=$SNAPSHOT / "${tmMountPath}" mount_apfs -s $SNAPSHOT /System/Volumes/Data "${tmMountPath}"
'') '')
]; ];
after_backup = [ after_backup = [
@ -83,8 +83,16 @@ with lib.my;
"apfsSnapshotUnmount" "apfsSnapshotUnmount"
'' ''
diskutil unmount "${tmMountPath}" diskutil unmount "${tmMountPath}"
SNAPSHOT=$(tmutil listlocalsnapshots / | tail -n 1) SNAPSHOT=$(tmutil listlocalsnapshots / | grep TimeMachine | tail -n 1)
tmutil deletelocalsnapshots $(echo $SNAPSHOT | sed 's/com\.apple\.TimeMachine\.//g') tmutil deletelocalsnapshots $(echo $SNAPSHOT | sed 's/com\.apple\.TimeMachine\.\(.*\)\.local/\1/g')
'')
];
on_error = [
(pkgs.writeShellScript
"apfsSnapshotUnmountError"
''
diskutil unmount "${tmMountPath}"
'') '')
]; ];
}; };

8
hosts/picard/default.nix
View file

@ -75,6 +75,12 @@
locations."/".return = "307 https://xyno.space$request_uri"; locations."/".return = "307 https://xyno.space$request_uri";
} // (lib.my.findOutTlsConfig "xyno.systems" config); } // (lib.my.findOutTlsConfig "xyno.systems" config);
services.nginx.virtualHosts."czi.dating" = {
locations."/".return = "307 https://foss-ag.de$request_uri";
forceSSL = true;
enableACME = true;
};
security.acme.certs."xyno.space" = { security.acme.certs."xyno.space" = {
dnsProvider = "ionos"; dnsProvider = "ionos";
dnsResolver = "1.1.1.1:53"; dnsResolver = "1.1.1.1:53";
@ -187,7 +193,7 @@
ts3.enable = true; ts3.enable = true;
nginx.enable = true; nginx.enable = true;
nginx.domain = "ragon.xyz"; nginx.domain = "ragon.xyz";
nginx.domains = [ "xyno.space" "xyno.systems" ]; nginx.domains = [ "xyno.space" "xyno.systems" "czi.dating" ];
}; };
}; };

28
hosts/picard/xynospace-matrix.nix
View file

@ -28,20 +28,20 @@ in
users.users.slidingsync = { isSystemUser = true; group = "slidingsync"; uid = 990; }; users.users.slidingsync = { isSystemUser = true; group = "slidingsync"; uid = 990; };
users.groups.slidingsync = { gid = 988; }; users.groups.slidingsync = { gid = 988; };
virtualisation.oci-containers.containers."matrix-sliding-sync" = { # virtualisation.oci-containers.containers."matrix-sliding-sync" = {
image = "ghcr.io/matrix-org/sliding-sync:latest"; # image = "ghcr.io/matrix-org/sliding-sync:latest";
ports = [ "127.0.0.1:8009:8008" ]; # ports = [ "127.0.0.1:8009:8008" ];
user = "${toString config.users.users.slidingsync.uid}:${toString config.users.groups.slidingsync.gid}"; # user = "${toString config.users.users.slidingsync.uid}:${toString config.users.groups.slidingsync.gid}";
volumes = [ # volumes = [
"/run/postgresql:/run/postgresql" # "/run/postgresql:/run/postgresql"
]; # ];
environmentFiles = [ config.age.secrets.picardSlidingSyncSecret.path ]; # environmentFiles = [ config.age.secrets.picardSlidingSyncSecret.path ];
environment = { # environment = {
SYNCV3_SERVER = "https://${fqdn}"; # SYNCV3_SERVER = "https://${fqdn}";
SYNCV3_BINDADDR = ":8008"; # SYNCV3_BINDADDR = ":8008";
SYNCV3_DB = "host=/run/postgresql user=slidingsync dbname=slidingsync password=slidingsync"; # SYNCV3_DB = "host=/run/postgresql user=slidingsync dbname=slidingsync password=slidingsync";
}; # };
}; # };
services.postgresql = { services.postgresql = {
ensureDatabases = [ "slidingsync" ]; ensureDatabases = [ "slidingsync" ];
ensureUsers = [ ensureUsers = [