xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

a

Browse source
This commit is contained in:
xyno (Philipp Hochkamp) 2023-09-16 16:13:13 +02:00
parent beec0badfb
commit c5ee7d11e0
1 changed files with 26 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

23
hosts/picard/default.nix
View file

@ -112,15 +112,22 @@
ragon.agenix.secrets."picardResticSSHKey" = { }; ragon.agenix.secrets."picardResticSSHKey" = { };
ragon.agenix.secrets."picardResticHealthCheckUrl" = { }; ragon.agenix.secrets."picardResticHealthCheckUrl" = { };
ragon.agenix.secrets."picardSlidingSyncSecret" = { }; ragon.agenix.secrets."picardSlidingSyncSecret" = { };
services.postgresql.ensureUsers = [
{
name = "root";
ensureClauses.superuser = true;
}
];
services.borgmatic = { services.borgmatic = {
enable = true; enable = true;
configurations."picard-ds9" = { configurations."picard-ds9" = {
location = { location = {
source_directories = [ "/persistent" ]; source_directories = [ "/persistent" ];
repositories = [ "picardbackup@ds9:/backups/picard/borgmatic" ]; repositories = [ "picardbackup@ds9:/backups/picard/borgmatic" ];
};
exclude_if_present = [ ".nobackup" ]; exclude_if_present = [ ".nobackup" ];
encryption_passcommand = "cat ${config.age.secrets.picardResticPassword.path}"; };
storage = {
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.picardResticPassword.path}";
compression = "auto,zstd,10"; compression = "auto,zstd,10";
ssh_command = ssh_command =
let let
@ -131,17 +138,19 @@
fl = pkgs.writeText "ds9-offsite-ssh-known-hosts" s; fl = pkgs.writeText "ds9-offsite-ssh-known-hosts" s;
in in
"ssh -o GlobalKnownHostsFile=${fl} -i ${config.age.secrets.picardResticSSHKey.path}"; "ssh -o GlobalKnownHostsFile=${fl} -i ${config.age.secrets.picardResticSSHKey.path}";
before_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(cat ${config.age.secrets.picardResticHealthCheckUrl.path})/start" ]; };
after_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(cat ${config.age.secrets.picardResticHealthCheckUrl.path})" ]; hooks = {
on_error = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(cat ${config.age.secrets.picardResticHealthCheckUrl.path})/fail" ]; before_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.picardResticHealthCheckUrl.path})/start" ];
postgresql_databases = [ "all" ]; after_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.picardResticHealthCheckUrl.path})" ];
on_error = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.picardResticHealthCheckUrl.path})/fail" ];
postgresql_databases = [{ name = "all"; }];
};
}; };
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { (self: super: {
zfs = super.zfs.override { enableMail = true; }; zfs = super.zfs.override { enableMail = true; };
borgmatic = pkgs.unstable.borgmatic;
}) })
]; ];
services.xynoblog.enable = true; services.xynoblog.enable = true;