xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

a

Browse source
This commit is contained in:
xyno (Philipp Hochkamp) 2023-09-16 16:13:13 +02:00
parent beec0badfb
commit c5ee7d11e0
1 changed files with 26 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

43
hosts/picard/default.nix
View file

@ -112,36 +112,45 @@
ragon.agenix.secrets."picardResticSSHKey" = { }; ragon.agenix.secrets."picardResticSSHKey" = { };
ragon.agenix.secrets."picardResticHealthCheckUrl" = { }; ragon.agenix.secrets."picardResticHealthCheckUrl" = { };
ragon.agenix.secrets."picardSlidingSyncSecret" = { }; ragon.agenix.secrets."picardSlidingSyncSecret" = { };
services.postgresql.ensureUsers = [
{
name = "root";
ensureClauses.superuser = true;
}
];
services.borgmatic = { services.borgmatic = {
enable = true; enable = true;
configurations."picard-ds9" = { configurations."picard-ds9" = {
location = { location = {
source_directories = [ "/persistent" ]; source_directories = [ "/persistent" ];
repositories = [ "picardbackup@ds9:/backups/picard/borgmatic" ]; repositories = [ "picardbackup@ds9:/backups/picard/borgmatic" ];
exclude_if_present = [ ".nobackup" ];
};
storage = {
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.picardResticPassword.path}";
compression = "auto,zstd,10";
ssh_command =
let
pks = import ../../data/pubkeys.nix;
hst = pks.ragon.host "ds9";
lst = map (h: "daedalus ${h}") hst;
s = lib.concatStringsSep "\n" lst;
fl = pkgs.writeText "ds9-offsite-ssh-known-hosts" s;
in
"ssh -o GlobalKnownHostsFile=${fl} -i ${config.age.secrets.picardResticSSHKey.path}";
};
hooks = {
before_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.picardResticHealthCheckUrl.path})/start" ];
after_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.picardResticHealthCheckUrl.path})" ];
on_error = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.picardResticHealthCheckUrl.path})/fail" ];
postgresql_databases = [{ name = "all"; }];
}; };
exclude_if_present = [ ".nobackup" ];
encryption_passcommand = "cat ${config.age.secrets.picardResticPassword.path}";
compression = "auto,zstd,10";
ssh_command =
let
pks = import ../../data/pubkeys.nix;
hst = pks.ragon.host "ds9";
lst = map (h: "daedalus ${h}") hst;
s = lib.concatStringsSep "\n" lst;
fl = pkgs.writeText "ds9-offsite-ssh-known-hosts" s;
in
"ssh -o GlobalKnownHostsFile=${fl} -i ${config.age.secrets.picardResticSSHKey.path}";
before_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(cat ${config.age.secrets.picardResticHealthCheckUrl.path})/start" ];
after_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(cat ${config.age.secrets.picardResticHealthCheckUrl.path})" ];
on_error = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(cat ${config.age.secrets.picardResticHealthCheckUrl.path})/fail" ];
postgresql_databases = [ "all" ];
}; };
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { (self: super: {
zfs = super.zfs.override { enableMail = true; }; zfs = super.zfs.override { enableMail = true; };
borgmatic = pkgs.unstable.borgmatic;
}) })
]; ];
services.xynoblog.enable = true; services.xynoblog.enable = true;