};
config = lib.mkIf config.myServices.buildbot.enable {
- services.duplyBackup.profiles.buildbot = {
- rootDir = varDir;
- remotes = [ "eriomem" "ovh" ];
- };
ids.uids.buildbot = config.myEnv.buildbot.user.uid;
ids.gids.buildbot = config.myEnv.buildbot.user.gid;
};
config = lib.mkIf config.myServices.certificates.enable {
- services.duplyBackup.profiles.system.excludeFile = ''
- + ${config.myServices.certificates.webroot}
- '';
services.nginx = {
recommendedTlsSettings = true;
virtualHosts = {
};
config = lib.mkIf config.myServices.ftp.enable {
- services.duplyBackup.profiles.ftp = {
- rootDir = "/var/lib/ftp";
- remotes = [ "eriomem" "ovh" ];
- };
security.acme.certs."ftp" = config.myServices.certificates.certConfig // {
domain = "eldiron.immae.eu";
postRun = (lib.optionalString pure-ftpd-enabled ''
snippet = builtins.readFile ./ldap_gitolite.sh;
dependencies = [ pkgs.gitolite ];
}];
- services.duplyBackup.profiles.gitolite = {
- rootDir = cfg.gitoliteDir;
- remotes = [ "eriomem" "ovh" ];
- };
networking.firewall.allowedTCPPorts = [ 9418 ];
secrets.keys."gitolite/ldap_password" = {
};
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.irc = {
- rootDir = "/var/lib/bitlbee";
- };
security.acme.certs."irc" = config.myServices.ircCerts // {
domain = "irc.immae.eu";
postRun = ''
mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
};
- services.duplyBackup.profiles = {
- mail = {
- remotes = [ "eriomem" "ovh" ];
- rootDir = "/var/lib";
- excludeFile = lib.mkAfter ''
- + /var/lib/vhost
- - /var/lib
- '';
- };
- };
systemd.slices.mail = {
description = "Mail slice";
};
{
config = lib.mkIf config.myServices.mail.enable {
systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
- services.duplyBackup.profiles.mail.excludeFile = ''
- + /var/lib/dhparams
- + /var/lib/dovecot
- '';
secrets.keys."dovecot/ldap" = {
user = config.services.dovecot2.user;
group = config.services.dovecot2.group;
{ lib, pkgs, config, nodes, ... }:
{
config = lib.mkIf config.myServices.mail.enable {
- services.duplyBackup.profiles.mail.excludeFile = ''
- + /var/lib/postfix
- '';
secrets.keys = {
"postfix/mysql_alias_maps" = {
user = config.services.postfix.user;
'';
};
config = lib.mkIf config.myServices.mail.enable {
- services.duplyBackup.profiles.mail.excludeFile = ''
- + /var/lib/rspamd
- '';
services.cron.systemCronJobs = let
cron_script = pkgs.runCommand "cron_script" {
buildInputs = [ pkgs.makeWrapper ];
}
];
};
- services.duplyBackup.profiles.sympa = {
- rootDir = "/var/lib/sympa";
- };
services.websites.env.tools.vhostConfs.mail = {
extraConfig = lib.mkAfter [
''
};
};
- services.duplyBackup.profiles.monitoring = {
- rootDir = config.services.naemon.varDir;
- };
security.sudo.extraRules = let
pluginsSudo = lib.lists.remove null (lib.attrsets.mapAttrsToList (k: v:
if (v ? sudo)
{ config, pkgs, nodes, hostFQDN, emailCheck, lib, ... }:
-let
- to_resource = func: cfg: lib.flatten (lib.optionals cfg.enable (lib.mapAttrsToList func cfg.profiles));
- to_backup_age_dependency = name: profile: map (remote:
- {
- dependent_host_name = "eldiron.immae.eu";
- host_name = "eldiron.immae.eu";
- dependent_service_description = "${remote} backup for ${name} is not too old";
- service_description = "${remote} backup is up and not full";
- execution_failure_criteria = "u";
- notification_failure_criteria = "u";
- }) profile.remotes;
- to_backup_age = name: profile: map (remote:
- {
- service_description = "${remote} backup for ${name} is not too old";
- host_name = "eldiron.immae.eu";
- use = "external-service";
- check_command = ["check_backup_${remote}_age" name];
-
- check_interval = "120";
- notification_interval = "1440";
- }) profile.remotes;
-in
{
activatedPlugins = [ "dns" "ftp" "git" "http" "imap" "ovh" "tcp" ];
host = {
check_command = [ "check_https" "origny.tiboqorl.fr" "/" "<title>Home Assistant" ];
_webstatus_namespace = "tiboqorl";
}
- ] ++ to_resource to_backup_age nodes.eldiron.config.services.duplyBackup;
+ ];
contact = {
telio-tortay = config.myEnv.monitoring.contacts.telio-tortay // {
use = "generic-contact";
telio-tortay = { alias = "Telio Tortay"; members = "immae"; };
tiboqorl = { alias = "Tiboqorl"; members = "immae"; };
};
- servicedependency = to_resource to_backup_age_dependency nodes.eldiron.config.services.duplyBackup;
}
{
options.myServices.mpd.enable = lib.mkEnableOption "enable MPD";
config = lib.mkIf config.myServices.mpd.enable {
- services.duplyBackup.profiles.mpd = {
- rootDir = "/var/lib/mpd";
- };
secrets.keys = {
"mpd" = {
permissions = "0400";
snippet = builtins.readFile ./ldap_pub.sh;
dependencies = [ pkgs.coreutils ];
}];
- services.duplyBackup.profiles.pub = {
- rootDir = "/var/lib/pub";
- remotes = [ "eriomem" "ovh" ];
- };
users.users.pub = let
restrict = pkgs.runCommand "restrict" {
file = ./restrict;
services.openssh.enable = true;
- services.duplyBackup.profiles.system = {
- rootDir = "/var/lib";
- excludeFile = lib.mkAfter ''
- + /var/lib/nixos
- + /var/lib/udev
- + /var/lib/udisks2
- + /var/lib/systemd
- + /var/lib/private/systemd
- - /var/lib
- '';
- };
nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
(self: super: {
postgresql = self.postgresql_pam;
myServices.ejabberd.enable = true;
myServices.vpn.enable = true;
myServices.ftp.enable = true;
- services.duplyBackup.enable = false;
- services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";
services.netdata.enable = true;
services.netdata.config.global."memory mode" = "none";
};
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.tasks = {
- rootDir = "/var/lib";
- excludeFile = ''
- + /var/lib/taskserver
- + /var/lib/taskwarrior-web
- - /var/lib
- '';
- };
-
secrets.keys = {
"webapps/tools-taskwarrior-web" = {
user = "wwwrun";
options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.chloe_integration.rootDir = app.varDir;
secrets.keys."websites/chloe/integration" = {
user = apacheUser;
group = apacheGroup;
options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.chloe_production.rootDir = app.varDir;
- services.duplyBackup.profiles.chloe_production.remotes = ["eriomem" "ovh"];
secrets.keys."websites/chloe/production" = {
user = apacheUser;
group = apacheGroup;
options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.connexionswing_integration.rootDir = app.varDir;
services.phpApplication.apps.connexionswing_integration = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.connexionswing_production.rootDir = app.varDir;
- services.duplyBackup.profiles.connexionswing_production.remotes = ["eriomem" "ovh"];
services.webstats.sites = [ { name = "connexionswing.com"; } ];
services.phpApplication.apps.connexionswing_production = {
websiteEnv = "production";
options.myServices.websites.enable = lib.mkEnableOption "enable websites";
config = lib.mkIf config.myServices.websites.enable {
- services.duplyBackup.profiles.php = {
- rootDir = "/var/lib/php";
- remotes = [ "eriomem" "ovh" ];
- };
users.users.wwwrun.extraGroups = [ "keys" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
options.myServices.websites.emilia.moodle.enable = lib.mkEnableOption "enable Emilia's website";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.emilia_moodle.rootDir = varDir;
system.activationScripts.emilia_moodle = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}
'';
options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.florian_app.rootDir = app.varDir;
services.phpApplication.apps.florian_app = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.immae_temp.rootDir = varDir;
- services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
services.websites.env.production.vhostConfs.immae_temp = {
certName = "immae";
addToCerts = true;
options.myServices.websites.isabelle.aten_integration.enable = lib.mkEnableOption "enable Aten's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.isabelle_aten_integration.rootDir = app.varDir;
services.phpApplication.apps.isabelle_aten_integration = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
options.myServices.websites.isabelle.aten_production.enable = lib.mkEnableOption "enable Aten's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.isabelle_aten_production.rootDir = app.varDir;
- services.duplyBackup.profiles.isabelle_aten_production.remotes = ["eriomem" "ovh"];
services.webstats.sites = [ { name = "aten.pro"; } ];
services.phpApplication.apps.isabelle_aten_production = {
websiteEnv = "production";
options.myServices.websites.isabelle.iridologie.enable = lib.mkEnableOption "enable Iridologie's website";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.isabelle_iridologie.rootDir = app.varDir;
- services.duplyBackup.profiles.isabelle_iridologie.remotes = ["eriomem" "ovh"];
secrets.keys."websites/isabelle/iridologie" = {
user = apacheUser;
group = apacheGroup;
options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.ludivine_integration.rootDir = app.varDir;
services.phpApplication.apps.ludivine_integration = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
options.myServices.websites.ludivine.production.enable = lib.mkEnableOption "enable Ludivine's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.ludivine_production.rootDir = app.varDir;
- services.duplyBackup.profiles.ludivine_production.remotes = ["eriomem" "ovh"];
services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
services.phpApplication.apps.ludivine_production = {
websiteEnv = "production";
options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.piedsjaloux_integration.rootDir = app.varDir;
services.phpApplication.apps.piedsjaloux_integration = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.piedsjaloux_production.rootDir = app.varDir;
- services.duplyBackup.profiles.piedsjaloux_production.remotes = ["eriomem" "ovh"];
services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
services.phpApplication.apps.piedsjaloux_production = {
websiteEnv = "production";
{
options.myServices.websites.richie.production.enable = lib.mkEnableOption "enable Richie's website";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.richie_production.rootDir = vardir;
- services.duplyBackup.profiles.richie_production.remotes = ["eriomem" "ovh"];
services.webstats.sites = [ { name = "europe-richie.org"; } ];
secrets.keys."websites/richie/production" = {
options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
config = lib.mkIf scfg.enable {
- services.duplyBackup.profiles.syden_peertube = {
- rootDir = dataDir;
- remotes = ["eriomem" "ovh"];
- };
users.users.peertube = {
uid = config.ids.uids.peertube;
group = "peertube";
};
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.diaspora = {
- rootDir = dcfg.dataDir;
- remotes = [ "eriomem" "ovh" ];
- };
users.users.diaspora.extraGroups = [ "keys" ];
secrets.keys = {
};
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.etherpad-lite = {
- rootDir = "/var/lib/private/etherpad-lite";
- };
secrets.keys = {
"webapps/tools-etherpad-apikey" = {
permissions = "0400";
];
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.mail.excludeFile = ''
- + ${rainloop.varDir}
- + ${roundcubemail.varDir}
- '';
secrets.keys = roundcubemail.keys;
services.websites.env.tools.modules =
};
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.mastodon = {
- rootDir = mcfg.dataDir;
- };
secrets.keys."webapps/tools-mastodon" = {
user = "mastodon";
group = "mastodon";
};
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.mgoblin = {
- rootDir = mcfg.dataDir;
- };
secrets.keys."webapps/tools-mediagoblin" = {
user = "mediagoblin";
group = "mediagoblin";
};
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.peertube = {
- rootDir = pcfg.dataDir;
- };
services.peertube = {
enable = true;
configFile = config.secrets.fullPaths."webapps/tools-peertube";
// csp-reports.keys
// webhooks.keys;
- services.duplyBackup.profiles = {
- dokuwiki = dokuwiki.backups;
- grocy = grocy.backups;
- kanboard = kanboard.backups;
- rompr = rompr.backups;
- shaarli = shaarli.backups;
- ttrss = ttrss.backups;
- wallabag = wallabag.backups;
- phpbb = phpbb.backups;
- };
-
services.websites.env.tools.modules =
[ "proxy_fcgi" ]
++ adminer.apache.modules
{ lib, stdenv, dokuwiki, dokuwiki-plugins }:
rec {
- backups = {
- rootDir = varDir;
- remotes = [ "eriomem" "ovh" ];
- };
varDir = "/var/lib/dokuwiki";
activationScript = {
deps = [ "wrappers" ];
{ lib, stdenv, grocy }:
rec {
- backups = {
- rootDir = varDir;
- };
varDir = "/var/lib/grocy";
activationScript = {
deps = [ "wrappers" ];
{ env, kanboard, config }:
rec {
- backups = {
- rootDir = varDir;
- };
varDir = "/var/lib/kanboard";
activationScript = {
deps = [ "wrappers" ];
{ lib, phpbb, gnused }:
rec {
- backups = {
- rootDir = varDir;
- };
varDir = "/var/lib/phpbb";
activationScript = {
deps = [ "wrappers" ];
{ lib, env, rompr }:
rec {
- backups = {
- rootDir = varDir;
- };
varDir = "/var/lib/rompr";
activationScript = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
let
varDir = "/var/lib/shaarli";
in rec {
- backups = {
- rootDir = varDir;
- remotes = [ "eriomem" "ovh" ];
- };
activationScript = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \
{ php, env, ttrss, ttrss-plugins, config }:
rec {
- backups = {
- rootDir = varDir;
- };
varDir = "/var/lib/ttrss";
activationScript = {
deps = [ "wrappers" ];
{ env, wallabag, mylibs, config }:
rec {
- backups = {
- rootDir = varDir;
- remotes = [ "eriomem" "ovh" ];
- };
varDir = "/var/lib/wallabag";
keys."webapps/tools-wallabag" = {
user = apache.user;
};
config = lib.mkIf (builtins.length cfg.sites > 0) {
- services.duplyBackup.profiles.goaccess = {
- rootDir = cfg.dataDir;
- };
users.users.root.packages = [
pkgs.goaccess
];
projects / perso / Immae / Config / Nix.git / commitdiff
