noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-02-21 19:12:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix more warnings

Browse Source
This commit is contained in:
Noah Masur 2025-02-18 03:57:25 +00:00
parent 2b988b1e9c
commit 1d4ad5b0af
No known key found for this signature in database
10 changed files with 42 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/nixos/flame/default.nix
View File

@ -45,6 +45,7 @@ rec {
common.enable = true;
linux-base.enable = true;
};
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
@ -67,7 +68,7 @@ rec {
nmasur.presets.services.cloudflared = {
tunnel = {
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
credentialsFile = ../../private/cloudflared-flame.age;
credentialsFile = ../../../private/cloudflared-flame.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
};
};

1
hosts/nixos/swan/default.nix
View File

@ -40,6 +40,7 @@ rec {
common.enable = true;
linux-base.enable = true;
};
home.stateVersion = "23.05";
};
# Not sure what's necessary but too afraid to remove anything

1
hosts/nixos/tempest/default.nix
View File

@ -38,6 +38,7 @@ rec {
developer.enable = true;
experimental.enable = true;
};
home.stateVersion = "23.05";
};
# Not sure what's necessary but too afraid to remove anything

6
platforms/nixos/modules/nmasur/presets/services/calibre-web.nix
View File

@ -61,7 +61,7 @@ in
users.users.${username}.extraGroups = [ "calibre-web" ];
# Run a backup on a schedule
systemd.timers.calibre-backup = {
systemd.timers.calibre-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
timerConfig = {
OnCalendar = "*-*-* 00:00:00"; # Once per day
Unit = "calibre-backup.service";
@ -70,14 +70,14 @@ in
};
# Backup Calibre data to object storage
systemd.services.calibre-backup = {
systemd.services.calibre-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
description = "Backup Calibre data";
environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId;
serviceConfig = {
Type = "oneshot";
User = "calibre-web";
Group = "backup";
EnvironmentFile = config.secrets.backup.dest;
EnvironmentFile = config.secrets.litestream-backup.dest;
};
script = ''
${pkgs.awscli2}/bin/aws s3 sync \

4
platforms/nixos/modules/nmasur/presets/services/cloudflare.nix
View File

@ -98,7 +98,7 @@ in
# Private key is used for LetsEncrypt
secrets.letsencrypt-key = {
source = ../../../private/letsencrypt-key.age;
source = ../../../../../../private/letsencrypt-key.age;
dest = "${config.secretsDirectory}/letsencrypt-key";
owner = "caddy";
group = "caddy";
@ -106,7 +106,7 @@ in
# API key must have access to modify Cloudflare DNS records
secrets.cloudflare-api = {
source = ../../../private/cloudflare-api.age;
source = ../../../../../../private/cloudflare-api.age;
dest = "${config.secretsDirectory}/cloudflare-api";
owner = "caddy";
group = "caddy";

32
platforms/nixos/modules/nmasur/presets/services/gitea.nix
View File

@ -115,7 +115,11 @@ in
dbs = [
{
path = "${giteaPath}/data/gitea.db";
replicas = [ { url = "s3://${config.backup.s3.bucket}.${config.backup.s3.endpoint}/gitea"; } ];
replicas = [
{
url = "s3://${config.nmasur.presets.services.litestream.s3.bucket}.${config.nmasur.presets.services.litestream.s3.endpoint}/gitea";
}
];
}
];
};
@ -128,29 +132,31 @@ in
};
# Run a repository file backup on a schedule
systemd.timers.gitea-backup = lib.mkIf (config.backup.s3.endpoint != null) {
timerConfig = {
OnCalendar = "*-*-* 00:00:00"; # Once per day
Unit = "gitea-backup.service";
};
wantedBy = [ "timers.target" ];
};
systemd.timers.gitea-backup =
lib.mkIf (config.nmasur.presets.services.litestream.s3.endpoint != null)
{
timerConfig = {
OnCalendar = "*-*-* 00:00:00"; # Once per day
Unit = "gitea-backup.service";
};
wantedBy = [ "timers.target" ];
};
# Backup Gitea repos to object storage
systemd.services.gitea-backup = lib.mkIf (config.backup.s3.endpoint != null) {
systemd.services.gitea-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
description = "Backup Gitea data";
environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId;
serviceConfig = {
Type = "oneshot";
User = "gitea";
Group = "backup";
EnvironmentFile = config.secrets.backup.dest;
EnvironmentFile = config.secrets.litestream-backup.dest;
};
script = ''
${pkgs.awscli2}/bin/aws s3 sync --exclude */gitea.db* \
${giteaPath}/ \
s3://${config.backup.s3.bucket}/gitea-data/ \
--endpoint-url=https://${config.backup.s3.endpoint}
s3://${config.nmasur.presets.services.litestream.s3.bucket}/gitea-data/ \
--endpoint-url=https://${config.nmasur.presets.services.litestream.s3.endpoint}
'';
};
};

18
platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix
View File

@ -80,11 +80,15 @@ in
];
# Allow litestream and vaultwarden to share a sqlite database
users.users.litestream.extraGroups = [ "vaultwarden" ];
users.users.vaultwarden.extraGroups = [ "litestream" ];
users.users.litestream.extraGroups = lib.mkIf config.nmasur.presets.services.litestream.enable [
"vaultwarden"
];
users.users.vaultwarden.extraGroups = lib.mkIf config.nmasur.presets.services.litestream.enable [
"litestream"
];
# Backup sqlite database with litestream
services.litestream = {
services.litestream = lib.mkIf config.nmasur.presets.services.litestream.enable {
settings = {
dbs = [
{
@ -98,13 +102,13 @@ in
};
# Don't start litestream unless vaultwarden is up
systemd.services.litestream = {
systemd.services.litestream = lib.mkIf config.nmasur.presets.services.litestream.enable {
after = [ "vaultwarden.service" ];
requires = [ "vaultwarden.service" ];
};
# Run a separate file backup on a schedule
systemd.timers.vaultwarden-backup = {
systemd.timers.vaultwarden-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
timerConfig = {
OnCalendar = "*-*-* 06:00:00"; # Once per day
Unit = "vaultwarden-backup.service";
@ -113,14 +117,14 @@ in
};
# Backup other Vaultwarden data to object storage
systemd.services.vaultwarden-backup = {
systemd.services.vaultwarden-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
description = "Backup Vaultwarden files";
environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
serviceConfig = {
Type = "oneshot";
User = "vaultwarden";
Group = "backup";
EnvironmentFile = config.secrets.backup.dest;
EnvironmentFile = config.secrets.litestream-backup.dest;
};
script = ''
${pkgs.awscli2}/bin/aws s3 sync \

1
platforms/nixos/modules/nmasur/profiles/communications.nix
View File

@ -27,6 +27,7 @@ in
gitea.enable = lib.mkDefault true;
grafana.enable = lib.mkDefault true;
influxdb2.enable = lib.mkDefault true;
litestream.enable = lib.mkDefault true;
minecraft-server.enable = lib.mkDefault true;
n8n.enable = lib.mkDefault true;
nix-autoupgrade.enable = lib.mkDefault true; # On by default for communications

1
platforms/nixos/modules/nmasur/profiles/nas.nix
View File

@ -30,6 +30,7 @@ in
filebrowser.enable = lib.mkDefault true;
immich.enable = lib.mkDefault true;
jellyfin.enable = lib.mkDefault true;
litestream.enable = lib.mkDefault true;
nextcloud.enable = lib.mkDefault true;
nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS
paperless.enable = lib.mkDefault true;

2
platforms/nixos/modules/secrets.nix
View File

@ -66,7 +66,7 @@
};
};
config = lib.mkIf (builtins.length config.secrets > 0) {
config = lib.mkIf (builtins.length (builtins.attrNames config.secrets) > 0) {
# Create a default directory to place secrets