mc-fucker/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

borg, atop interval, ihatemoney, postgresql backup

Browse source
This commit is contained in:
mc-fucker 2022-01-15 13:22:32 +01:00
parent a84f2f8e37
commit 7f4bb6dc1b
8 changed files with 83 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/borg.nix
View file

@ -11,6 +11,8 @@
"*/.cache" "*/.cache"
"/home/*/build" "/home/*/build"
"/var/log" "/var/log"
"/var/lib/nextcloud/data/appdata_ocnc33s4dl6i/preview"
"/var/lib/postgresql/*/"
]; ];
repo = "borg@haus.mc-fucker.cool:/mnt/sdf1/borg/${config.networking.hostName}"; repo = "borg@haus.mc-fucker.cool:/mnt/sdf1/borg/${config.networking.hostName}";
compression = "zstd"; compression = "zstd";

14
modules/ceph-common.nix
View file

@ -1,11 +1,11 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
services.ceph = { #services.ceph = {
enable = true; # enable = true;
global.fsid = "8a5ce363-be7d-417b-95ba-15acbb7f3a2e"; # global.fsid = "3af2635b-21a8-4ff3-a428-b0c18176382f";
global.monHost = "10.0.69.192"; # global.monHost = "10.0.69.216";
global.monInitialMembers = "mc4"; # global.monInitialMembers = "mc4";
}; #};
networking.firewall.allowedTCPPortRanges = [ networking.firewall.allowedTCPPortRanges = [
{ {
@ -15,7 +15,7 @@
]; ];
services.ceph.client.enable = true; services.ceph.client.enable = true;
environment.systemPackages = [ pkgs.ceph ]; #environment.systemPackages = [ pkgs.ceph ];
} }
# vim: set et ts=2 sw=2 ai: # vim: set et ts=2 sw=2 ai:

5
modules/generic.nix
View file

@ -34,6 +34,11 @@ in
vim.defaultEditor = true; vim.defaultEditor = true;
}; };
systemd.services.atop.environment = {
LOGINTERVAL = "60";
LOGGENERATIONS = "14";
};
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;

26
modules/ihatemoney.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, ... }:
let
port = "8000";
in
{
services.ihatemoney = {
enable = true;
backend = "postgresql";
enableAdminDashboard = true;
adminHashedPassword = "pbkdf2:sha256:260000$tfw9DfVw8dLSm90i$b711fd9d5192cc4474f6edc5aa8cbc94ca8f84223434ab190436e21d8d60ef89";
uwsgiConfig = { http = ":${port}"; };
extraConfig = ''
MAIL_SERVER = "mc1.mc-fucker.vpn.mc-fucker.cool"
'';
};
services.nginx.virtualHosts."geld.mc-fucker.cool" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${port}";
};
};
}
# vim: set et ts=2 sw=2 ai:

2
modules/nextcloud.nix
View file

@ -48,7 +48,7 @@
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
email = "dev@mc-fucker.cool"; defaults.email = "dev@mc-fucker.cool";
}; };
systemd.services.nextcloud-redis-setup = let systemd.services.nextcloud-redis-setup = let

22
modules/postgresql.nix
View file

@ -1,8 +1,8 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_13; package = pkgs.postgresql_14;
ensureDatabases = [ "nextcloud" ]; ensureDatabases = [ "nextcloud" ];
ensureUsers = [ ensureUsers = [
{ {
@ -13,6 +13,24 @@
} }
]; ];
}; };
services.postgresqlBackup = {
enable = true;
startAt = "*-*-* *:30:00";
compression = "zstd";
};
services.logrotate = {
enable = true;
paths.postgresqlBackup = {
path = "${config.services.postgresqlBackup.location}/all.sql.zstd";
user = "postgres";
group = "postgres";
keep = 24;
frequency = "hourly";
extraConfig = "extension = .zstd";
};
};
} }
# vim: set et ts=2 sw=2 ai: # vim: set et ts=2 sw=2 ai:

32
systems/mc4/configuration.nix
View file

@ -12,25 +12,29 @@
./modules/postgresql.nix ./modules/postgresql.nix
./modules/rclone.nix ./modules/rclone.nix
./modules/ceph-common.nix ./modules/ceph-common.nix
./modules/borg.nix
./modules/ihatemoney.nix
]; ];
services.ceph = { #services.ceph = {
mds.enable = true; # mds.enable = true;
mds.daemons = [ "mc4"]; # mds.daemons = [ "mc4" ];
mgr.enable = true; # mgr.enable = true;
mgr.daemons = [ "mc4" ]; # mgr.daemons = [ "mc4" ];
mon.enable = true; # mon.enable = true;
mon.daemons = [ "mc4" ]; # mon.daemons = [ "mc4" ];
mon.extraConfig = { # mon.extraConfig = {
"auth_allow_insecure_global_id_reclaim" = "false"; # "auth_allow_insecure_global_id_reclaim" = "false";
}; # };
osd.enable = true; # #osd.enable = true;
osd.daemons = [ "2" ]; # #osd.daemons = [ "2" ];
}; #};
programs.atop.atopacctService.enable = false;
networking.firewall.allowedTCPPorts = [ 3300 ]; networking.firewall.allowedTCPPorts = [ 3300 ];
system.stateVersion = "21.05"; system.stateVersion = "22.05";
} }
# vim: set et ts=2 sw=2 ai: # vim: set et ts=2 sw=2 ai:

6
systems/mc4/hardware-configuration.nix
View file

@ -10,14 +10,16 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
#boot.kernelPackages = pkgs.linuxPackages_latest;
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/7081c92b-d474-49d9-a3d5-8285e7b92b62"; { device = "/dev/disk/by-label/nixos";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress-force=zstd:7" ]; options = [ "compress-force=zstd:7" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C2EB-7223"; { device = "/dev/disk/by-uuid/3B02-8046";
fsType = "vfat"; fsType = "vfat";
}; };