Change cron e-mail

[perso/Immae/Config/Nix.git] / modules / private / system / backup-2.nix

diff --git a/modules/private/system/backup-2.nix b/modules/private/system/backup-2.nix
index c67eab64a609b928bd754a819a81e57f4d549436..5d692c65287e42060ab23a84d7cd2ffba32809c1 100644 (file)
--- a/modules/private/system/backup-2.nix
+++ b/modules/private/system/backup-2.nix
@@ -1,8 +1,9 @@
 { privateFiles }:
-{ config, pkgs, myconfig, ... }:
+{ config, pkgs, myconfig, resources, ... }:
 {
   boot.kernelPackages = pkgs.linuxPackages_latest;
   _module.args.privateFiles = privateFiles;
+  _module.args.hostFQDN = "backup-2.v.immae.eu";
   imports = builtins.attrValues (import ../..);
 
   deployment = {
@@ -15,6 +16,96 @@
     };
   };
 
+  fileSystems = {
+    "/backup2" = {
+      fsType = "ext4";
+      device = "UUID=b9425333-f567-435d-94d8-b26c22d93426";
+    };
+  };
+
+  networking = {
+    firewall.enable = true;
+    interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
+      (n: ips: { address = ips.ip4; prefixLength = 32; })
+      (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") myconfig.env.servers.backup-2.ips);
+    interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
+      (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
+      myconfig.env.servers.backup-2.ips);
+
+    defaultMailServer = {
+      directDelivery = true;
+      hostName = "eldiron.immae.eu:25";
+      useTLS = true;
+      useSTARTTLS = true;
+      root = "postmaster@immae.eu";
+    };
+  };
+
+  services.cron = {
+    mailto = "cron@immae.eu";
+    enable = true;
+  };
+
+  services.rsyncBackup = {
+    mountpoint = "/backup2";
+    mailto = myconfig.env.rsync_backup.mailto;
+    profiles = myconfig.env.rsync_backup.profiles;
+    ssh_key_public = myconfig.env.rsync_backup.ssh_key.public;
+    ssh_key_private = myconfig.env.rsync_backup.ssh_key.private;
+  };
+
+  myServices.monitoring.enable = true;
+  myServices.databasesReplication = {
+    postgresql = {
+      enable = true;
+      base = "/backup2";
+      hosts = {
+        eldiron = {
+          slot = "backup_2";
+          connection = "postgresql://backup-2:${myconfig.env.ldap.backup-2.password}@eldiron.immae.eu";
+        };
+      };
+    };
+    mariadb = {
+      enable = true;
+      base = "/backup2";
+      hosts = {
+        eldiron = {
+          serverId = 2;
+          # mysql resolves "backup-2" host and checks the ip, but uses /etc/hosts which only contains ip4
+          host = myconfig.env.servers.eldiron.ips.main.ip4;
+          port = "3306";
+          user = "backup-2";
+          password = myconfig.env.ldap.backup-2.password;
+          dumpUser = "root";
+          dumpPassword = myconfig.env.databases.mysql.systemUsers.root;
+        };
+      };
+    };
+    redis = {
+      enable = true;
+      base = "/backup2";
+      hosts = {
+        eldiron = {
+          host = "127.0.0.1";
+          port = "16379";
+        };
+      };
+    };
+    openldap = {
+      enable = true;
+      base = "/backup2";
+      hosts = {
+        eldiron = {
+          url = "ldaps://${myconfig.env.ldap.host}:636";
+          dn = myconfig.env.ldap.replication_dn;
+          password = myconfig.env.ldap.replication_pw;
+          base = myconfig.env.ldap.base;
+        };
+      };
+    };
+  };
+
   # This value determines the NixOS release with which your system is
   # to be compatible, in order to avoid breaking some software such as
   # database servers. You should change this only after NixOS release