From 1d4ad5b0afc56e4eda914ff8632d4bb7f9a8ecc7 Mon Sep 17 00:00:00 2001 From: Noah Masur <7386960+nmasur@users.noreply.github.com> Date: Tue, 18 Feb 2025 03:57:25 +0000 Subject: [PATCH] fix more warnings --- hosts/nixos/flame/default.nix | 3 +- hosts/nixos/swan/default.nix | 1 + hosts/nixos/tempest/default.nix | 1 + .../nmasur/presets/services/calibre-web.nix | 6 ++-- .../nmasur/presets/services/cloudflare.nix | 4 +-- .../modules/nmasur/presets/services/gitea.nix | 32 +++++++++++-------- .../nmasur/presets/services/vaultwarden.nix | 18 +++++++---- .../nmasur/profiles/communications.nix | 1 + .../nixos/modules/nmasur/profiles/nas.nix | 1 + platforms/nixos/modules/secrets.nix | 2 +- 10 files changed, 42 insertions(+), 27 deletions(-) diff --git a/hosts/nixos/flame/default.nix b/hosts/nixos/flame/default.nix index 3ee7283..f3f6628 100644 --- a/hosts/nixos/flame/default.nix +++ b/hosts/nixos/flame/default.nix @@ -45,6 +45,7 @@ rec { common.enable = true; linux-base.enable = true; }; + home.stateVersion = "23.05"; }; system.stateVersion = "23.05"; @@ -67,7 +68,7 @@ rec { nmasur.presets.services.cloudflared = { tunnel = { id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2"; - credentialsFile = ../../private/cloudflared-flame.age; + credentialsFile = ../../../private/cloudflared-flame.age; ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org"; }; }; diff --git a/hosts/nixos/swan/default.nix b/hosts/nixos/swan/default.nix index 6ce7eb1..cb7499a 100644 --- a/hosts/nixos/swan/default.nix +++ b/hosts/nixos/swan/default.nix @@ -40,6 +40,7 @@ rec { common.enable = true; linux-base.enable = true; }; + home.stateVersion = "23.05"; }; # Not sure what's necessary but too afraid to remove anything diff --git a/hosts/nixos/tempest/default.nix b/hosts/nixos/tempest/default.nix index 383f841..ce67571 100644 --- a/hosts/nixos/tempest/default.nix +++ b/hosts/nixos/tempest/default.nix @@ -38,6 +38,7 @@ rec { developer.enable = true; experimental.enable = true; }; + home.stateVersion = "23.05"; }; # Not sure what's necessary but too afraid to remove anything diff --git a/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix b/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix index 6d7fcc2..1f3ed75 100644 --- a/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix +++ b/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix @@ -61,7 +61,7 @@ in users.users.${username}.extraGroups = [ "calibre-web" ]; # Run a backup on a schedule - systemd.timers.calibre-backup = { + systemd.timers.calibre-backup = lib.mkIf config.nmasur.presets.services.litestream.enable { timerConfig = { OnCalendar = "*-*-* 00:00:00"; # Once per day Unit = "calibre-backup.service"; @@ -70,14 +70,14 @@ in }; # Backup Calibre data to object storage - systemd.services.calibre-backup = { + systemd.services.calibre-backup = lib.mkIf config.nmasur.presets.services.litestream.enable { description = "Backup Calibre data"; environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId; serviceConfig = { Type = "oneshot"; User = "calibre-web"; Group = "backup"; - EnvironmentFile = config.secrets.backup.dest; + EnvironmentFile = config.secrets.litestream-backup.dest; }; script = '' ${pkgs.awscli2}/bin/aws s3 sync \ diff --git a/platforms/nixos/modules/nmasur/presets/services/cloudflare.nix b/platforms/nixos/modules/nmasur/presets/services/cloudflare.nix index f68a035..b042bb9 100644 --- a/platforms/nixos/modules/nmasur/presets/services/cloudflare.nix +++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare.nix @@ -98,7 +98,7 @@ in # Private key is used for LetsEncrypt secrets.letsencrypt-key = { - source = ../../../private/letsencrypt-key.age; + source = ../../../../../../private/letsencrypt-key.age; dest = "${config.secretsDirectory}/letsencrypt-key"; owner = "caddy"; group = "caddy"; @@ -106,7 +106,7 @@ in # API key must have access to modify Cloudflare DNS records secrets.cloudflare-api = { - source = ../../../private/cloudflare-api.age; + source = ../../../../../../private/cloudflare-api.age; dest = "${config.secretsDirectory}/cloudflare-api"; owner = "caddy"; group = "caddy"; diff --git a/platforms/nixos/modules/nmasur/presets/services/gitea.nix b/platforms/nixos/modules/nmasur/presets/services/gitea.nix index 50338ff..1219bd8 100644 --- a/platforms/nixos/modules/nmasur/presets/services/gitea.nix +++ b/platforms/nixos/modules/nmasur/presets/services/gitea.nix @@ -115,7 +115,11 @@ in dbs = [ { path = "${giteaPath}/data/gitea.db"; - replicas = [ { url = "s3://${config.backup.s3.bucket}.${config.backup.s3.endpoint}/gitea"; } ]; + replicas = [ + { + url = "s3://${config.nmasur.presets.services.litestream.s3.bucket}.${config.nmasur.presets.services.litestream.s3.endpoint}/gitea"; + } + ]; } ]; }; @@ -128,29 +132,31 @@ in }; # Run a repository file backup on a schedule - systemd.timers.gitea-backup = lib.mkIf (config.backup.s3.endpoint != null) { - timerConfig = { - OnCalendar = "*-*-* 00:00:00"; # Once per day - Unit = "gitea-backup.service"; - }; - wantedBy = [ "timers.target" ]; - }; + systemd.timers.gitea-backup = + lib.mkIf (config.nmasur.presets.services.litestream.s3.endpoint != null) + { + timerConfig = { + OnCalendar = "*-*-* 00:00:00"; # Once per day + Unit = "gitea-backup.service"; + }; + wantedBy = [ "timers.target" ]; + }; # Backup Gitea repos to object storage - systemd.services.gitea-backup = lib.mkIf (config.backup.s3.endpoint != null) { + systemd.services.gitea-backup = lib.mkIf config.nmasur.presets.services.litestream.enable { description = "Backup Gitea data"; - environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId; + environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId; serviceConfig = { Type = "oneshot"; User = "gitea"; Group = "backup"; - EnvironmentFile = config.secrets.backup.dest; + EnvironmentFile = config.secrets.litestream-backup.dest; }; script = '' ${pkgs.awscli2}/bin/aws s3 sync --exclude */gitea.db* \ ${giteaPath}/ \ - s3://${config.backup.s3.bucket}/gitea-data/ \ - --endpoint-url=https://${config.backup.s3.endpoint} + s3://${config.nmasur.presets.services.litestream.s3.bucket}/gitea-data/ \ + --endpoint-url=https://${config.nmasur.presets.services.litestream.s3.endpoint} ''; }; }; diff --git a/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix b/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix index 0ed707b..b8cd24f 100644 --- a/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix +++ b/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix @@ -80,11 +80,15 @@ in ]; # Allow litestream and vaultwarden to share a sqlite database - users.users.litestream.extraGroups = [ "vaultwarden" ]; - users.users.vaultwarden.extraGroups = [ "litestream" ]; + users.users.litestream.extraGroups = lib.mkIf config.nmasur.presets.services.litestream.enable [ + "vaultwarden" + ]; + users.users.vaultwarden.extraGroups = lib.mkIf config.nmasur.presets.services.litestream.enable [ + "litestream" + ]; # Backup sqlite database with litestream - services.litestream = { + services.litestream = lib.mkIf config.nmasur.presets.services.litestream.enable { settings = { dbs = [ { @@ -98,13 +102,13 @@ in }; # Don't start litestream unless vaultwarden is up - systemd.services.litestream = { + systemd.services.litestream = lib.mkIf config.nmasur.presets.services.litestream.enable { after = [ "vaultwarden.service" ]; requires = [ "vaultwarden.service" ]; }; # Run a separate file backup on a schedule - systemd.timers.vaultwarden-backup = { + systemd.timers.vaultwarden-backup = lib.mkIf config.nmasur.presets.services.litestream.enable { timerConfig = { OnCalendar = "*-*-* 06:00:00"; # Once per day Unit = "vaultwarden-backup.service"; @@ -113,14 +117,14 @@ in }; # Backup other Vaultwarden data to object storage - systemd.services.vaultwarden-backup = { + systemd.services.vaultwarden-backup = lib.mkIf config.nmasur.presets.services.litestream.enable { description = "Backup Vaultwarden files"; environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId; serviceConfig = { Type = "oneshot"; User = "vaultwarden"; Group = "backup"; - EnvironmentFile = config.secrets.backup.dest; + EnvironmentFile = config.secrets.litestream-backup.dest; }; script = '' ${pkgs.awscli2}/bin/aws s3 sync \ diff --git a/platforms/nixos/modules/nmasur/profiles/communications.nix b/platforms/nixos/modules/nmasur/profiles/communications.nix index 8955da9..b94c094 100644 --- a/platforms/nixos/modules/nmasur/profiles/communications.nix +++ b/platforms/nixos/modules/nmasur/profiles/communications.nix @@ -27,6 +27,7 @@ in gitea.enable = lib.mkDefault true; grafana.enable = lib.mkDefault true; influxdb2.enable = lib.mkDefault true; + litestream.enable = lib.mkDefault true; minecraft-server.enable = lib.mkDefault true; n8n.enable = lib.mkDefault true; nix-autoupgrade.enable = lib.mkDefault true; # On by default for communications diff --git a/platforms/nixos/modules/nmasur/profiles/nas.nix b/platforms/nixos/modules/nmasur/profiles/nas.nix index 188dc51..7383e44 100644 --- a/platforms/nixos/modules/nmasur/profiles/nas.nix +++ b/platforms/nixos/modules/nmasur/profiles/nas.nix @@ -30,6 +30,7 @@ in filebrowser.enable = lib.mkDefault true; immich.enable = lib.mkDefault true; jellyfin.enable = lib.mkDefault true; + litestream.enable = lib.mkDefault true; nextcloud.enable = lib.mkDefault true; nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS paperless.enable = lib.mkDefault true; diff --git a/platforms/nixos/modules/secrets.nix b/platforms/nixos/modules/secrets.nix index 50e858d..c469694 100644 --- a/platforms/nixos/modules/secrets.nix +++ b/platforms/nixos/modules/secrets.nix @@ -66,7 +66,7 @@ }; }; - config = lib.mkIf (builtins.length config.secrets > 0) { + config = lib.mkIf (builtins.length (builtins.attrNames config.secrets) > 0) { # Create a default directory to place secrets