borg, atop interval, ihatemoney, postgresql backup

2022-01-15 13:22:32 +01:00 · 2022-01-15 13:22:32 +01:00 · 7f4bb6dc1b
commit 7f4bb6dc1b
parent a84f2f8e37
8 changed files with 83 additions and 26 deletions
--- a/modules/borg.nix
+++ b/modules/borg.nix
@ -11,6 +11,8 @@
      "*/.cache"
      "/home/*/build"
      "/var/log"
+      "/var/lib/nextcloud/data/appdata_ocnc33s4dl6i/preview"
+      "/var/lib/postgresql/*/"
    ];
    repo = "borg@haus.mc-fucker.cool:/mnt/sdf1/borg/${config.networking.hostName}";
    compression = "zstd";
--- a/modules/ceph-common.nix
+++ b/modules/ceph-common.nix
@ -1,11 +1,11 @@
 { pkgs, ... }:
 {
-  services.ceph = {
-    enable = true;
-    global.fsid = "8a5ce363-be7d-417b-95ba-15acbb7f3a2e";
-    global.monHost = "10.0.69.192";
-    global.monInitialMembers = "mc4";
-  };
+  #services.ceph = {
+  #  enable = true;
+  #  global.fsid = "3af2635b-21a8-4ff3-a428-b0c18176382f";
+  #  global.monHost = "10.0.69.216";
+  #  global.monInitialMembers = "mc4";
+  #};

  networking.firewall.allowedTCPPortRanges = [
    {
@ -15,7 +15,7 @@
  ];

  services.ceph.client.enable = true;
-  environment.systemPackages = [ pkgs.ceph ];
+  #environment.systemPackages = [ pkgs.ceph ];
 }

 # vim: set et ts=2 sw=2 ai:
--- a/modules/generic.nix
+++ b/modules/generic.nix
@ -34,6 +34,11 @@ in
    vim.defaultEditor = true;
  };

+  systemd.services.atop.environment = {
+    LOGINTERVAL = "60";
+    LOGGENERATIONS = "14";
+  };
+
  users.defaultUserShell = pkgs.zsh;

  security.sudo.wheelNeedsPassword = false;
--- a/modules/ihatemoney.nix
+++ b/modules/ihatemoney.nix
@ -0,0 +1,26 @@
+{ pkgs, ... }:
+let
+  port = "8000";
+in
+{
+  services.ihatemoney = {
+    enable = true;
+    backend = "postgresql";
+    enableAdminDashboard = true;
+    adminHashedPassword = "pbkdf2:sha256:260000$tfw9DfVw8dLSm90i$b711fd9d5192cc4474f6edc5aa8cbc94ca8f84223434ab190436e21d8d60ef89";
+    uwsgiConfig = { http = ":${port}"; };
+    extraConfig = ''
+    MAIL_SERVER = "mc1.mc-fucker.vpn.mc-fucker.cool"
+    '';
+  };
+
+  services.nginx.virtualHosts."geld.mc-fucker.cool" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${port}";
+    };
+  };
+}
+
+# vim: set et ts=2 sw=2 ai:
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@ -48,7 +48,7 @@
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  security.acme = {
    acceptTerms = true;
-    email = "dev@mc-fucker.cool";
+    defaults.email = "dev@mc-fucker.cool";
  };

  systemd.services.nextcloud-redis-setup = let
--- a/modules/postgresql.nix
+++ b/modules/postgresql.nix
@ -1,8 +1,8 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
  services.postgresql = {
    enable = true;
-    package = pkgs.postgresql_13;
+    package = pkgs.postgresql_14;
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      {
@ -13,6 +13,24 @@
      }
    ];
  };
+
+  services.postgresqlBackup = {
+    enable = true;
+    startAt = "*-*-* *:30:00";
+    compression = "zstd";
+  };
+
+  services.logrotate = {
+    enable = true;
+    paths.postgresqlBackup = {
+      path = "${config.services.postgresqlBackup.location}/all.sql.zstd";
+      user = "postgres";
+      group = "postgres";
+      keep = 24;
+      frequency = "hourly";
+      extraConfig = "extension = .zstd";
+    };
+  };
 }

 # vim: set et ts=2 sw=2 ai:
--- a/systems/mc4/configuration.nix
+++ b/systems/mc4/configuration.nix
@ -12,25 +12,29 @@
      ./modules/postgresql.nix
      ./modules/rclone.nix
      ./modules/ceph-common.nix
+      ./modules/borg.nix
+      ./modules/ihatemoney.nix
    ];

-  services.ceph = {
-    mds.enable = true;
-    mds.daemons = [ "mc4"];
-    mgr.enable = true;
-    mgr.daemons = [ "mc4" ];
-    mon.enable = true;
-    mon.daemons = [ "mc4" ];
-    mon.extraConfig = {
-      "auth_allow_insecure_global_id_reclaim" = "false";
-    };
-    osd.enable = true;
-    osd.daemons = [ "2" ];
-  };
+  #services.ceph = {
+  #  mds.enable = true;
+  #  mds.daemons = [ "mc4" ];
+  #  mgr.enable = true;
+  #  mgr.daemons = [ "mc4" ];
+  #  mon.enable = true;
+  #  mon.daemons = [ "mc4" ];
+  #  mon.extraConfig = {
+  #    "auth_allow_insecure_global_id_reclaim" = "false";
+  #  };
+  #  #osd.enable = true;
+  #  #osd.daemons = [ "2" ];
+  #};
+
+  programs.atop.atopacctService.enable = false;

  networking.firewall.allowedTCPPorts = [ 3300 ];

-  system.stateVersion = "21.05";
+  system.stateVersion = "22.05";
 }

 # vim: set et ts=2 sw=2 ai:
--- a/systems/mc4/hardware-configuration.nix
+++ b/systems/mc4/hardware-configuration.nix
@ -10,14 +10,16 @@

  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];

+  #boot.kernelPackages = pkgs.linuxPackages_latest;
+
  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/7081c92b-d474-49d9-a3d5-8285e7b92b62";
+    { device = "/dev/disk/by-label/nixos";
      fsType = "btrfs";
      options = [ "compress-force=zstd:7" ];
    };

  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/C2EB-7223";
+    { device = "/dev/disk/by-uuid/3B02-8046";
      fsType = "vfat";
    };