blob: 3d51fa3bdaf2305fbf0b9bc4d2edde6060d4ec40 (
plain) (
tree)
|
|
{ privateFiles }:
{ config, pkgs, myconfig, resources, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_latest;
_module.args.privateFiles = privateFiles;
_module.args.hostFQDN = "backup-2.v.immae.eu";
imports = builtins.attrValues (import ../..);
deployment = {
targetEnv = "hetznerCloud";
hetznerCloud = {
authToken = myconfig.env.hetznerCloud.authToken;
datacenter = "hel1-dc2";
location ="hel1";
serverType = "cx11";
};
};
fileSystems = {
"/backup2" = {
fsType = "ext4";
device = "UUID=b9425333-f567-435d-94d8-b26c22d93426";
};
};
networking = {
firewall.enable = true;
interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
(n: ips: { address = ips.ip4; prefixLength = 32; })
(pkgs.lib.attrsets.filterAttrs (n: v: n != "main") myconfig.env.servers.backup-2.ips);
interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
(n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
myconfig.env.servers.backup-2.ips);
defaultMailServer = {
directDelivery = true;
hostName = "eldiron.immae.eu:25";
useTLS = true;
useSTARTTLS = true;
root = "postmaster@immae.eu";
};
};
services.rsyncBackup = {
mountpoint = "/backup2";
mailto = myconfig.env.rsync_backup.mailto;
profiles = myconfig.env.rsync_backup.profiles;
ssh_key_public = myconfig.env.rsync_backup.ssh_key.public;
ssh_key_private = myconfig.env.rsync_backup.ssh_key.private;
};
myServices.monitoring.enable = true;
myServices.databasesReplication = {
postgresql = {
enable = true;
base = "/backup2";
hosts = {
eldiron = {
slot = "backup_2";
connection = "postgresql://backup-2:${myconfig.env.ldap.backup-2.password}@eldiron.immae.eu";
};
};
};
mariadb = {
enable = true;
base = "/backup2";
hosts = {
eldiron = {
serverId = 2;
# mysql resolves "backup-2" host and checks the ip, but uses /etc/hosts which only contains ip4
host = myconfig.env.servers.eldiron.ips.main.ip4;
port = "3306";
user = "backup-2";
password = myconfig.env.ldap.backup-2.password;
dumpUser = "root";
dumpPassword = myconfig.env.databases.mysql.systemUsers.root;
};
};
};
redis = {
enable = true;
base = "/backup2";
hosts = {
eldiron = {
host = "127.0.0.1";
port = "16379";
};
};
};
};
# This value determines the NixOS release with which your system is
# to be compatible, in order to avoid breaking some software such as
# database servers. You should change this only after NixOS release
# notes say you should.
# https://nixos.org/nixos/manual/release-notes.html
system.stateVersion = "19.03"; # Did you read the comment?
}
|