-{ config, pkgs, resources, name, ... }:
+{ config, pkgs, resources, name, lib, nixpkgs, secrets, ... }:
{
- deployment = {
- targetUser = "root";
- targetHost = config.hostEnv.ips.main.ip4;
- substituteOnDestination = true;
- };
# ssh-keyscan backup-2 | nix-shell -p ssh-to-age --run ssh-to-age
secrets.ageKeys = [ "age1kk3nr27qu42j28mcfdag5lhq0zu2pky7gfanvne8l4z2ctevjpgskmw0sr" ];
secrets.keys = {
};
};
boot.kernelPackages = pkgs.linuxPackages_latest;
- myEnv = import ../../../nixops/secrets/environment.nix;
- imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ] ++ builtins.attrValues (import ../..);
+ nixpkgs.config.permittedInsecurePackages = [
+ "python-2.7.18.6" # for nagios-cli
+ ];
+
+ imports =
+ [
+ secrets.nixosModules.users-config-backup-2
+ (nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
+ ./databases/mariadb_replication.nix
+ ./databases/openldap_replication.nix
+ ./databases/postgresql_replication.nix
+ ./databases/redis_replication.nix
+ ./mail/relay.nix
+ ./monitoring.nix
+ ];
fileSystems = {
"/backup2" = {
networking = {
firewall.enable = true;
- interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
- (n: ips: { address = ips.ip4; prefixLength = 32; })
- (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips);
+ interfaces."ens3".ipv4.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
+ (n: ips: map (ip: { address = ip; prefixLength = 32; }) (ips.ip4 or []))
+ (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips));
interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
(n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
config.hostEnv.ips);
boot.loader.grub.device = "nodev";
- myServices.certificates.enable = true;
security.acme.certs."${name}" = {
- user = config.services.nginx.user;
group = config.services.nginx.group;
};
services.nginx = {
enable = true;
};
+ myServices.chatonsProperties.hostings.rsync-backup = {
+ file.datetime = "2022-08-27T16:00:00";
+ hosting = {
+ name = "Rsync backups";
+ description = "Remote initiated rsync backups";
+ website = "backup-2.v.immae.eu";
+ status.level = "OK";
+ status.description = "OK";
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ };
+ software = {
+ name = "rsync";
+ website = "https://rsync.samba.org/";
+ license.url = "https://rsync.samba.org/GPL.html";
+ license.name = "GNU General Public License version 3";
+ version = pkgs.rsync.version;
+ source.url = "https://github.com/WayneD/rsync";
+ };
+ };
+
services.rsyncBackup = {
mountpoint = "/backup2";
profiles = config.myEnv.rsync_backup.profiles;
eldiron = {
serverId = 2;
# mysql resolves "backup-2" host and checks the ip, but uses /etc/hosts which only contains ip4
- host = config.myEnv.servers.eldiron.ips.main.ip4;
- port = "3306";
+ host = lib.head config.myEnv.servers.eldiron.ips.main.ip4;
+ port = config.myEnv.databases.mysql.port;
user = "backup-2";
password = config.hostEnv.ldap.password;
dumpUser = "root";
# database servers. You should change this only after NixOS release
# notes say you should.
# https://nixos.org/nixos/manual/release-notes.html
- system.stateVersion = "20.03"; # Did you read the comment?
+ system.stateVersion = "23.05"; # Did you read the comment?
}