mirror of
https://github.com/nmasur/dotfiles
synced 2025-02-22 09:12:03 +00:00
fix more warnings
This commit is contained in:
Noah Masur
parent
2b988b1e9c
commit
1d4ad5b0af
@ -45,6 +45,7 @@ rec {
|
|||||||
common.enable = true;
|
common.enable = true;
|
||||||
linux-base.enable = true;
|
linux-base.enable = true;
|
||||||
};
|
};
|
||||||
|
home.stateVersion = "23.05";
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
@ -67,7 +68,7 @@ rec {
|
|||||||
nmasur.presets.services.cloudflared = {
|
nmasur.presets.services.cloudflared = {
|
||||||
tunnel = {
|
tunnel = {
|
||||||
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
|
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
|
||||||
credentialsFile = ../../private/cloudflared-flame.age;
|
credentialsFile = ../../../private/cloudflared-flame.age;
|
||||||
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
|
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -40,6 +40,7 @@ rec {
|
|||||||
common.enable = true;
|
common.enable = true;
|
||||||
linux-base.enable = true;
|
linux-base.enable = true;
|
||||||
};
|
};
|
||||||
|
home.stateVersion = "23.05";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Not sure what's necessary but too afraid to remove anything
|
# Not sure what's necessary but too afraid to remove anything
|
||||||
|
|||||||
@ -38,6 +38,7 @@ rec {
|
|||||||
developer.enable = true;
|
developer.enable = true;
|
||||||
experimental.enable = true;
|
experimental.enable = true;
|
||||||
};
|
};
|
||||||
|
home.stateVersion = "23.05";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Not sure what's necessary but too afraid to remove anything
|
# Not sure what's necessary but too afraid to remove anything
|
||||||
|
|||||||
@ -61,7 +61,7 @@ in
|
|||||||
users.users.${username}.extraGroups = [ "calibre-web" ];
|
users.users.${username}.extraGroups = [ "calibre-web" ];
|
||||||
|
|
||||||
# Run a backup on a schedule
|
# Run a backup on a schedule
|
||||||
systemd.timers.calibre-backup = {
|
systemd.timers.calibre-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnCalendar = "*-*-* 00:00:00"; # Once per day
|
OnCalendar = "*-*-* 00:00:00"; # Once per day
|
||||||
Unit = "calibre-backup.service";
|
Unit = "calibre-backup.service";
|
||||||
@ -70,14 +70,14 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
# Backup Calibre data to object storage
|
# Backup Calibre data to object storage
|
||||||
systemd.services.calibre-backup = {
|
systemd.services.calibre-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
|
||||||
description = "Backup Calibre data";
|
description = "Backup Calibre data";
|
||||||
environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId;
|
environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
User = "calibre-web";
|
User = "calibre-web";
|
||||||
Group = "backup";
|
Group = "backup";
|
||||||
EnvironmentFile = config.secrets.backup.dest;
|
EnvironmentFile = config.secrets.litestream-backup.dest;
|
||||||
};
|
};
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.awscli2}/bin/aws s3 sync \
|
${pkgs.awscli2}/bin/aws s3 sync \
|
||||||
|
|||||||
@ -98,7 +98,7 @@ in
|
|||||||
|
|
||||||
# Private key is used for LetsEncrypt
|
# Private key is used for LetsEncrypt
|
||||||
secrets.letsencrypt-key = {
|
secrets.letsencrypt-key = {
|
||||||
source = ../../../private/letsencrypt-key.age;
|
source = ../../../../../../private/letsencrypt-key.age;
|
||||||
dest = "${config.secretsDirectory}/letsencrypt-key";
|
dest = "${config.secretsDirectory}/letsencrypt-key";
|
||||||
owner = "caddy";
|
owner = "caddy";
|
||||||
group = "caddy";
|
group = "caddy";
|
||||||
@ -106,7 +106,7 @@ in
|
|||||||
|
|
||||||
# API key must have access to modify Cloudflare DNS records
|
# API key must have access to modify Cloudflare DNS records
|
||||||
secrets.cloudflare-api = {
|
secrets.cloudflare-api = {
|
||||||
source = ../../../private/cloudflare-api.age;
|
source = ../../../../../../private/cloudflare-api.age;
|
||||||
dest = "${config.secretsDirectory}/cloudflare-api";
|
dest = "${config.secretsDirectory}/cloudflare-api";
|
||||||
owner = "caddy";
|
owner = "caddy";
|
||||||
group = "caddy";
|
group = "caddy";
|
||||||
|
|||||||
@ -115,7 +115,11 @@ in
|
|||||||
dbs = [
|
dbs = [
|
||||||
{
|
{
|
||||||
path = "${giteaPath}/data/gitea.db";
|
path = "${giteaPath}/data/gitea.db";
|
||||||
replicas = [ { url = "s3://${config.backup.s3.bucket}.${config.backup.s3.endpoint}/gitea"; } ];
|
replicas = [
|
||||||
|
{
|
||||||
|
url = "s3://${config.nmasur.presets.services.litestream.s3.bucket}.${config.nmasur.presets.services.litestream.s3.endpoint}/gitea";
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
@ -128,29 +132,31 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
# Run a repository file backup on a schedule
|
# Run a repository file backup on a schedule
|
||||||
systemd.timers.gitea-backup = lib.mkIf (config.backup.s3.endpoint != null) {
|
systemd.timers.gitea-backup =
|
||||||
timerConfig = {
|
lib.mkIf (config.nmasur.presets.services.litestream.s3.endpoint != null)
|
||||||
OnCalendar = "*-*-* 00:00:00"; # Once per day
|
{
|
||||||
Unit = "gitea-backup.service";
|
timerConfig = {
|
||||||
};
|
OnCalendar = "*-*-* 00:00:00"; # Once per day
|
||||||
wantedBy = [ "timers.target" ];
|
Unit = "gitea-backup.service";
|
||||||
};
|
};
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
# Backup Gitea repos to object storage
|
# Backup Gitea repos to object storage
|
||||||
systemd.services.gitea-backup = lib.mkIf (config.backup.s3.endpoint != null) {
|
systemd.services.gitea-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
|
||||||
description = "Backup Gitea data";
|
description = "Backup Gitea data";
|
||||||
environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
|
environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
User = "gitea";
|
User = "gitea";
|
||||||
Group = "backup";
|
Group = "backup";
|
||||||
EnvironmentFile = config.secrets.backup.dest;
|
EnvironmentFile = config.secrets.litestream-backup.dest;
|
||||||
};
|
};
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.awscli2}/bin/aws s3 sync --exclude */gitea.db* \
|
${pkgs.awscli2}/bin/aws s3 sync --exclude */gitea.db* \
|
||||||
${giteaPath}/ \
|
${giteaPath}/ \
|
||||||
s3://${config.backup.s3.bucket}/gitea-data/ \
|
s3://${config.nmasur.presets.services.litestream.s3.bucket}/gitea-data/ \
|
||||||
--endpoint-url=https://${config.backup.s3.endpoint}
|
--endpoint-url=https://${config.nmasur.presets.services.litestream.s3.endpoint}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -80,11 +80,15 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
# Allow litestream and vaultwarden to share a sqlite database
|
# Allow litestream and vaultwarden to share a sqlite database
|
||||||
users.users.litestream.extraGroups = [ "vaultwarden" ];
|
users.users.litestream.extraGroups = lib.mkIf config.nmasur.presets.services.litestream.enable [
|
||||||
users.users.vaultwarden.extraGroups = [ "litestream" ];
|
"vaultwarden"
|
||||||
|
];
|
||||||
|
users.users.vaultwarden.extraGroups = lib.mkIf config.nmasur.presets.services.litestream.enable [
|
||||||
|
"litestream"
|
||||||
|
];
|
||||||
|
|
||||||
# Backup sqlite database with litestream
|
# Backup sqlite database with litestream
|
||||||
services.litestream = {
|
services.litestream = lib.mkIf config.nmasur.presets.services.litestream.enable {
|
||||||
settings = {
|
settings = {
|
||||||
dbs = [
|
dbs = [
|
||||||
{
|
{
|
||||||
@ -98,13 +102,13 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
# Don't start litestream unless vaultwarden is up
|
# Don't start litestream unless vaultwarden is up
|
||||||
systemd.services.litestream = {
|
systemd.services.litestream = lib.mkIf config.nmasur.presets.services.litestream.enable {
|
||||||
after = [ "vaultwarden.service" ];
|
after = [ "vaultwarden.service" ];
|
||||||
requires = [ "vaultwarden.service" ];
|
requires = [ "vaultwarden.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Run a separate file backup on a schedule
|
# Run a separate file backup on a schedule
|
||||||
systemd.timers.vaultwarden-backup = {
|
systemd.timers.vaultwarden-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnCalendar = "*-*-* 06:00:00"; # Once per day
|
OnCalendar = "*-*-* 06:00:00"; # Once per day
|
||||||
Unit = "vaultwarden-backup.service";
|
Unit = "vaultwarden-backup.service";
|
||||||
@ -113,14 +117,14 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
# Backup other Vaultwarden data to object storage
|
# Backup other Vaultwarden data to object storage
|
||||||
systemd.services.vaultwarden-backup = {
|
systemd.services.vaultwarden-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
|
||||||
description = "Backup Vaultwarden files";
|
description = "Backup Vaultwarden files";
|
||||||
environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
|
environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
User = "vaultwarden";
|
User = "vaultwarden";
|
||||||
Group = "backup";
|
Group = "backup";
|
||||||
EnvironmentFile = config.secrets.backup.dest;
|
EnvironmentFile = config.secrets.litestream-backup.dest;
|
||||||
};
|
};
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.awscli2}/bin/aws s3 sync \
|
${pkgs.awscli2}/bin/aws s3 sync \
|
||||||
|
|||||||
@ -27,6 +27,7 @@ in
|
|||||||
gitea.enable = lib.mkDefault true;
|
gitea.enable = lib.mkDefault true;
|
||||||
grafana.enable = lib.mkDefault true;
|
grafana.enable = lib.mkDefault true;
|
||||||
influxdb2.enable = lib.mkDefault true;
|
influxdb2.enable = lib.mkDefault true;
|
||||||
|
litestream.enable = lib.mkDefault true;
|
||||||
minecraft-server.enable = lib.mkDefault true;
|
minecraft-server.enable = lib.mkDefault true;
|
||||||
n8n.enable = lib.mkDefault true;
|
n8n.enable = lib.mkDefault true;
|
||||||
nix-autoupgrade.enable = lib.mkDefault true; # On by default for communications
|
nix-autoupgrade.enable = lib.mkDefault true; # On by default for communications
|
||||||
|
|||||||
@ -30,6 +30,7 @@ in
|
|||||||
filebrowser.enable = lib.mkDefault true;
|
filebrowser.enable = lib.mkDefault true;
|
||||||
immich.enable = lib.mkDefault true;
|
immich.enable = lib.mkDefault true;
|
||||||
jellyfin.enable = lib.mkDefault true;
|
jellyfin.enable = lib.mkDefault true;
|
||||||
|
litestream.enable = lib.mkDefault true;
|
||||||
nextcloud.enable = lib.mkDefault true;
|
nextcloud.enable = lib.mkDefault true;
|
||||||
nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS
|
nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS
|
||||||
paperless.enable = lib.mkDefault true;
|
paperless.enable = lib.mkDefault true;
|
||||||
|
|||||||
@ -66,7 +66,7 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf (builtins.length config.secrets > 0) {
|
config = lib.mkIf (builtins.length (builtins.attrNames config.secrets) > 0) {
|
||||||
|
|
||||||
# Create a default directory to place secrets
|
# Create a default directory to place secrets
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user