From 7f4bb6dc1b234bc797eb98b5933b3ea9214218a0 Mon Sep 17 00:00:00 2001 From: mc-fucker Date: Sat, 15 Jan 2022 13:22:32 +0100 Subject: [PATCH] borg, atop interval, ihatemoney, postgresql backup --- modules/borg.nix | 2 ++ modules/ceph-common.nix | 14 +++++------ modules/generic.nix | 5 ++++ modules/ihatemoney.nix | 26 +++++++++++++++++++++ modules/nextcloud.nix | 2 +- modules/postgresql.nix | 22 ++++++++++++++++-- systems/mc4/configuration.nix | 32 +++++++++++++++----------- systems/mc4/hardware-configuration.nix | 6 +++-- 8 files changed, 83 insertions(+), 26 deletions(-) create mode 100644 modules/ihatemoney.nix diff --git a/modules/borg.nix b/modules/borg.nix index 83bbad0..132232b 100644 --- a/modules/borg.nix +++ b/modules/borg.nix @@ -11,6 +11,8 @@ "*/.cache" "/home/*/build" "/var/log" + "/var/lib/nextcloud/data/appdata_ocnc33s4dl6i/preview" + "/var/lib/postgresql/*/" ]; repo = "borg@haus.mc-fucker.cool:/mnt/sdf1/borg/${config.networking.hostName}"; compression = "zstd"; diff --git a/modules/ceph-common.nix b/modules/ceph-common.nix index 6461da4..35824ba 100644 --- a/modules/ceph-common.nix +++ b/modules/ceph-common.nix @@ -1,11 +1,11 @@ { pkgs, ... }: { - services.ceph = { - enable = true; - global.fsid = "8a5ce363-be7d-417b-95ba-15acbb7f3a2e"; - global.monHost = "10.0.69.192"; - global.monInitialMembers = "mc4"; - }; + #services.ceph = { + # enable = true; + # global.fsid = "3af2635b-21a8-4ff3-a428-b0c18176382f"; + # global.monHost = "10.0.69.216"; + # global.monInitialMembers = "mc4"; + #}; networking.firewall.allowedTCPPortRanges = [ { @@ -15,7 +15,7 @@ ]; services.ceph.client.enable = true; - environment.systemPackages = [ pkgs.ceph ]; + #environment.systemPackages = [ pkgs.ceph ]; } # vim: set et ts=2 sw=2 ai: diff --git a/modules/generic.nix b/modules/generic.nix index a4de81f..ee7f63d 100644 --- a/modules/generic.nix +++ b/modules/generic.nix @@ -34,6 +34,11 @@ in vim.defaultEditor = true; }; + systemd.services.atop.environment = { + LOGINTERVAL = "60"; + LOGGENERATIONS = "14"; + }; + users.defaultUserShell = pkgs.zsh; security.sudo.wheelNeedsPassword = false; diff --git a/modules/ihatemoney.nix b/modules/ihatemoney.nix new file mode 100644 index 0000000..1d57deb --- /dev/null +++ b/modules/ihatemoney.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: +let + port = "8000"; +in +{ + services.ihatemoney = { + enable = true; + backend = "postgresql"; + enableAdminDashboard = true; + adminHashedPassword = "pbkdf2:sha256:260000$tfw9DfVw8dLSm90i$b711fd9d5192cc4474f6edc5aa8cbc94ca8f84223434ab190436e21d8d60ef89"; + uwsgiConfig = { http = ":${port}"; }; + extraConfig = '' + MAIL_SERVER = "mc1.mc-fucker.vpn.mc-fucker.cool" + ''; + }; + + services.nginx.virtualHosts."geld.mc-fucker.cool" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${port}"; + }; + }; +} + +# vim: set et ts=2 sw=2 ai: diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index ac1b927..e30f5a7 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -48,7 +48,7 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; - email = "dev@mc-fucker.cool"; + defaults.email = "dev@mc-fucker.cool"; }; systemd.services.nextcloud-redis-setup = let diff --git a/modules/postgresql.nix b/modules/postgresql.nix index dec9d3b..e188207 100644 --- a/modules/postgresql.nix +++ b/modules/postgresql.nix @@ -1,8 +1,8 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { services.postgresql = { enable = true; - package = pkgs.postgresql_13; + package = pkgs.postgresql_14; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { @@ -13,6 +13,24 @@ } ]; }; + + services.postgresqlBackup = { + enable = true; + startAt = "*-*-* *:30:00"; + compression = "zstd"; + }; + + services.logrotate = { + enable = true; + paths.postgresqlBackup = { + path = "${config.services.postgresqlBackup.location}/all.sql.zstd"; + user = "postgres"; + group = "postgres"; + keep = 24; + frequency = "hourly"; + extraConfig = "extension = .zstd"; + }; + }; } # vim: set et ts=2 sw=2 ai: diff --git a/systems/mc4/configuration.nix b/systems/mc4/configuration.nix index 16ad102..164b246 100644 --- a/systems/mc4/configuration.nix +++ b/systems/mc4/configuration.nix @@ -12,25 +12,29 @@ ./modules/postgresql.nix ./modules/rclone.nix ./modules/ceph-common.nix + ./modules/borg.nix + ./modules/ihatemoney.nix ]; - services.ceph = { - mds.enable = true; - mds.daemons = [ "mc4"]; - mgr.enable = true; - mgr.daemons = [ "mc4" ]; - mon.enable = true; - mon.daemons = [ "mc4" ]; - mon.extraConfig = { - "auth_allow_insecure_global_id_reclaim" = "false"; - }; - osd.enable = true; - osd.daemons = [ "2" ]; - }; + #services.ceph = { + # mds.enable = true; + # mds.daemons = [ "mc4" ]; + # mgr.enable = true; + # mgr.daemons = [ "mc4" ]; + # mon.enable = true; + # mon.daemons = [ "mc4" ]; + # mon.extraConfig = { + # "auth_allow_insecure_global_id_reclaim" = "false"; + # }; + # #osd.enable = true; + # #osd.daemons = [ "2" ]; + #}; + + programs.atop.atopacctService.enable = false; networking.firewall.allowedTCPPorts = [ 3300 ]; - system.stateVersion = "21.05"; + system.stateVersion = "22.05"; } # vim: set et ts=2 sw=2 ai: diff --git a/systems/mc4/hardware-configuration.nix b/systems/mc4/hardware-configuration.nix index 95ef8d6..3632419 100644 --- a/systems/mc4/hardware-configuration.nix +++ b/systems/mc4/hardware-configuration.nix @@ -10,14 +10,16 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ]; + #boot.kernelPackages = pkgs.linuxPackages_latest; + fileSystems."/" = - { device = "/dev/disk/by-uuid/7081c92b-d474-49d9-a3d5-8285e7b92b62"; + { device = "/dev/disk/by-label/nixos"; fsType = "btrfs"; options = [ "compress-force=zstd:7" ]; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/C2EB-7223"; + { device = "/dev/disk/by-uuid/3B02-8046"; fsType = "vfat"; };