diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-10-16 13:49:24 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-10-16 13:49:24 +0200 |
| commit | 6a8252b11bb02f3e67857d5a9d733b1affa6a625 (patch) | |
| tree | 175cb91c386b444ce951361baaa4875136d5c9e4 /modules/private | |
| parent | 5304a64b84c5a84525c96419cc6126775af306e0 (diff) | |
| download | Nix-6a8252b11bb02f3e67857d5a9d733b1affa6a625.tar.gz Nix-6a8252b11bb02f3e67857d5a9d733b1affa6a625.tar.zst Nix-6a8252b11bb02f3e67857d5a9d733b1affa6a625.zip | |
Add backup module
Diffstat (limited to 'modules/private')
40 files changed, 128 insertions, 1 deletions
diff --git a/modules/private/backup.nix b/modules/private/backup.nix new file mode 100644 index 0000000..6911750 --- /dev/null +++ b/modules/private/backup.nix | |||
| @@ -0,0 +1,6 @@ | |||
| 1 | { ... }: | ||
| 2 | { | ||
| 3 | config = { | ||
| 4 | services.backup.enable = true; | ||
| 5 | }; | ||
| 6 | } | ||
diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix index f307606..88bab9b 100644 --- a/modules/private/buildbot/default.nix +++ b/modules/private/buildbot/default.nix | |||
| @@ -24,6 +24,9 @@ in | |||
| 24 | }; | 24 | }; |
| 25 | 25 | ||
| 26 | config = lib.mkIf config.myServices.buildbot.enable { | 26 | config = lib.mkIf config.myServices.buildbot.enable { |
| 27 | services.backup.profiles.buildbot = { | ||
| 28 | rootDir = varDir; | ||
| 29 | }; | ||
| 27 | ids.uids.buildbot = myconfig.env.buildbot.user.uid; | 30 | ids.uids.buildbot = myconfig.env.buildbot.user.uid; |
| 28 | ids.gids.buildbot = myconfig.env.buildbot.user.gid; | 31 | ids.gids.buildbot = myconfig.env.buildbot.user.gid; |
| 29 | 32 | ||
diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix index 2e40b3c..cb284fc 100644 --- a/modules/private/certificates.nix +++ b/modules/private/certificates.nix | |||
| @@ -15,6 +15,9 @@ | |||
| 15 | }; | 15 | }; |
| 16 | 16 | ||
| 17 | config = { | 17 | config = { |
| 18 | services.backup.profiles.system.excludeFile = '' | ||
| 19 | + ${config.security.acme.directory} | ||
| 20 | ''; | ||
| 18 | services.websites.certs = config.services.myCertificates.certConfig; | 21 | services.websites.certs = config.services.myCertificates.certConfig; |
| 19 | myServices.databasesCerts = config.services.myCertificates.certConfig; | 22 | myServices.databasesCerts = config.services.myCertificates.certConfig; |
| 20 | myServices.ircCerts = config.services.myCertificates.certConfig; | 23 | myServices.ircCerts = config.services.myCertificates.certConfig; |
diff --git a/modules/private/default.nix b/modules/private/default.nix index cf15499..6dd7358 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix | |||
| @@ -65,6 +65,7 @@ set = { | |||
| 65 | ftp = ./ftp.nix; | 65 | ftp = ./ftp.nix; |
| 66 | mpd = ./mpd.nix; | 66 | mpd = ./mpd.nix; |
| 67 | ssh = ./ssh; | 67 | ssh = ./ssh; |
| 68 | backup = ./backup.nix; | ||
| 68 | monitoring = ./monitoring; | 69 | monitoring = ./monitoring; |
| 69 | 70 | ||
| 70 | system = ./system.nix; | 71 | system = ./system.nix; |
diff --git a/modules/private/ftp.nix b/modules/private/ftp.nix index 59cae59..c6d7fbe 100644 --- a/modules/private/ftp.nix +++ b/modules/private/ftp.nix | |||
| @@ -14,6 +14,9 @@ in | |||
| 14 | }; | 14 | }; |
| 15 | 15 | ||
| 16 | config = lib.mkIf config.services.pure-ftpd.enable { | 16 | config = lib.mkIf config.services.pure-ftpd.enable { |
| 17 | services.backup.profiles.ftp = { | ||
| 18 | rootDir = "/var/lib/ftp"; | ||
| 19 | }; | ||
| 17 | security.acme.certs."ftp" = config.services.myCertificates.certConfig // { | 20 | security.acme.certs."ftp" = config.services.myCertificates.certConfig // { |
| 18 | domain = "eldiron.immae.eu"; | 21 | domain = "eldiron.immae.eu"; |
| 19 | postRun = '' | 22 | postRun = '' |
diff --git a/modules/private/gitolite/default.nix b/modules/private/gitolite/default.nix index b9914a1..dc068b7 100644 --- a/modules/private/gitolite/default.nix +++ b/modules/private/gitolite/default.nix | |||
| @@ -11,6 +11,9 @@ in { | |||
| 11 | }; | 11 | }; |
| 12 | 12 | ||
| 13 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
| 14 | services.backup.profiles.gitolite = { | ||
| 15 | rootDir = cfg.gitoliteDir; | ||
| 16 | }; | ||
| 14 | networking.firewall.allowedTCPPorts = [ 9418 ]; | 17 | networking.firewall.allowedTCPPorts = [ 9418 ]; |
| 15 | 18 | ||
| 16 | services.gitDaemon = { | 19 | services.gitDaemon = { |
diff --git a/modules/private/irc.nix b/modules/private/irc.nix index b3fe91f..785b34d 100644 --- a/modules/private/irc.nix +++ b/modules/private/irc.nix | |||
| @@ -17,6 +17,9 @@ in | |||
| 17 | }; | 17 | }; |
| 18 | 18 | ||
| 19 | config = lib.mkIf cfg.enable { | 19 | config = lib.mkIf cfg.enable { |
| 20 | services.backup.profiles.irc = { | ||
| 21 | rootDir = "/var/lib/bitlbee"; | ||
| 22 | }; | ||
| 20 | security.acme.certs."irc" = config.myServices.ircCerts // { | 23 | security.acme.certs."irc" = config.myServices.ircCerts // { |
| 21 | domain = "irc.immae.eu"; | 24 | domain = "irc.immae.eu"; |
| 22 | postRun = '' | 25 | postRun = '' |
diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix index ad2c684..ac8ad8c 100644 --- a/modules/private/mail/default.nix +++ b/modules/private/mail/default.nix | |||
| @@ -9,4 +9,13 @@ | |||
| 9 | mxs = map (zone: "mx-1.${zone.name}") zonesWithMx; | 9 | mxs = map (zone: "mx-1.${zone.name}") zonesWithMx; |
| 10 | in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); | 10 | in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); |
| 11 | }; | 11 | }; |
| 12 | config.services.backup.profiles = { | ||
| 13 | mail = { | ||
| 14 | rootDir = "/var/lib"; | ||
| 15 | excludeFile = lib.mkAfter '' | ||
| 16 | + /var/lib/vhost | ||
| 17 | - /var/lib | ||
| 18 | ''; | ||
| 19 | }; | ||
| 20 | }; | ||
| 12 | } | 21 | } |
diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix index 047d7d0..0d13a7b 100644 --- a/modules/private/mail/dovecot.nix +++ b/modules/private/mail/dovecot.nix | |||
| @@ -12,6 +12,10 @@ let | |||
| 12 | ''; | 12 | ''; |
| 13 | in | 13 | in |
| 14 | { | 14 | { |
| 15 | config.services.backup.profiles.mail.excludeFile = '' | ||
| 16 | + /var/lib/dhparams | ||
| 17 | + /var/lib/dovecot | ||
| 18 | ''; | ||
| 15 | config.secrets.keys = [ | 19 | config.secrets.keys = [ |
| 16 | { | 20 | { |
| 17 | dest = "dovecot/ldap"; | 21 | dest = "dovecot/ldap"; |
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index c2d0af6..edfd196 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix | |||
| @@ -1,5 +1,8 @@ | |||
| 1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, myconfig, ... }: |
| 2 | { | 2 | { |
| 3 | config.services.backup.profiles.mail.excludeFile = '' | ||
| 4 | + /var/lib/postfix | ||
| 5 | ''; | ||
| 3 | config.secrets.keys = [ | 6 | config.secrets.keys = [ |
| 4 | { | 7 | { |
| 5 | dest = "postfix/mysql_alias_maps"; | 8 | dest = "postfix/mysql_alias_maps"; |
diff --git a/modules/private/mail/rspamd.nix b/modules/private/mail/rspamd.nix index 3a7a67c..af3541f 100644 --- a/modules/private/mail/rspamd.nix +++ b/modules/private/mail/rspamd.nix | |||
| @@ -10,6 +10,9 @@ | |||
| 10 | rspamd sockets | 10 | rspamd sockets |
| 11 | ''; | 11 | ''; |
| 12 | }; | 12 | }; |
| 13 | config.services.backup.profiles.mail.excludeFile = '' | ||
| 14 | + /var/lib/rspamd | ||
| 15 | ''; | ||
| 13 | config.services.cron.systemCronJobs = let | 16 | config.services.cron.systemCronJobs = let |
| 14 | cron_script = pkgs.runCommand "cron_script" { | 17 | cron_script = pkgs.runCommand "cron_script" { |
| 15 | buildInputs = [ pkgs.makeWrapper ]; | 18 | buildInputs = [ pkgs.makeWrapper ]; |
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index d99124e..d9805ef 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix | |||
| @@ -27,6 +27,9 @@ in | |||
| 27 | }; | 27 | }; |
| 28 | 28 | ||
| 29 | config = lib.mkIf config.myServices.monitoring.enable { | 29 | config = lib.mkIf config.myServices.monitoring.enable { |
| 30 | services.backup.profiles.monitoring = { | ||
| 31 | rootDir = config.services.naemon.varDir; | ||
| 32 | }; | ||
| 30 | security.sudo.extraRules = [ | 33 | security.sudo.extraRules = [ |
| 31 | { | 34 | { |
| 32 | commands = [ | 35 | commands = [ |
diff --git a/modules/private/mpd.nix b/modules/private/mpd.nix index 17454d7..b224165 100644 --- a/modules/private/mpd.nix +++ b/modules/private/mpd.nix | |||
| @@ -1,6 +1,9 @@ | |||
| 1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, myconfig, ... }: |
| 2 | { | 2 | { |
| 3 | config = { | 3 | config = { |
| 4 | services.backup.profiles.mpd = { | ||
| 5 | rootDir = "/var/lib/mpd"; | ||
| 6 | }; | ||
| 4 | secrets.keys = [ | 7 | secrets.keys = [ |
| 5 | { | 8 | { |
| 6 | dest = "mpd"; | 9 | dest = "mpd"; |
diff --git a/modules/private/pub/default.nix b/modules/private/pub/default.nix index c31c8eb..a193d17 100644 --- a/modules/private/pub/default.nix +++ b/modules/private/pub/default.nix | |||
| @@ -11,6 +11,9 @@ | |||
| 11 | }; | 11 | }; |
| 12 | 12 | ||
| 13 | config = lib.mkIf config.myServices.pub.enable { | 13 | config = lib.mkIf config.myServices.pub.enable { |
| 14 | services.backup.profiles.pub = { | ||
| 15 | rootDir = "/var/lib/pub"; | ||
| 16 | }; | ||
| 14 | users.users.pub = let | 17 | users.users.pub = let |
| 15 | restrict = pkgs.runCommand "restrict" { | 18 | restrict = pkgs.runCommand "restrict" { |
| 16 | file = ./restrict; | 19 | file = ./restrict; |
diff --git a/modules/private/system.nix b/modules/private/system.nix index fba504e..c12c226 100644 --- a/modules/private/system.nix +++ b/modules/private/system.nix | |||
| @@ -1,6 +1,17 @@ | |||
| 1 | { pkgs, privateFiles, ... }: | 1 | { pkgs, privateFiles, lib, ... }: |
| 2 | { | 2 | { |
| 3 | config = { | 3 | config = { |
| 4 | services.backup.profiles.system = { | ||
| 5 | rootDir = "/var/lib"; | ||
| 6 | excludeFile = lib.mkAfter '' | ||
| 7 | + /var/lib/nixos | ||
| 8 | + /var/lib/udev | ||
| 9 | + /var/lib/udisks2 | ||
| 10 | + /var/lib/systemd | ||
| 11 | + /var/lib/private/systemd | ||
| 12 | - /var/lib | ||
| 13 | ''; | ||
| 14 | }; | ||
| 4 | nixpkgs.overlays = builtins.attrValues (import ../../overlays); | 15 | nixpkgs.overlays = builtins.attrValues (import ../../overlays); |
| 5 | _module.args = { | 16 | _module.args = { |
| 6 | pkgsNext = import <nixpkgsNext> {}; | 17 | pkgsNext = import <nixpkgsNext> {}; |
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix index a2da0c3..b2191c0 100644 --- a/modules/private/tasks/default.nix +++ b/modules/private/tasks/default.nix | |||
| @@ -86,6 +86,15 @@ in { | |||
| 86 | }; | 86 | }; |
| 87 | 87 | ||
| 88 | config = lib.mkIf cfg.enable { | 88 | config = lib.mkIf cfg.enable { |
| 89 | services.backup.profiles.tasks = { | ||
| 90 | rootDir = "/var/lib"; | ||
| 91 | excludeFile = '' | ||
| 92 | + /var/lib/taskserver | ||
| 93 | + /var/lib/taskwarrior-web | ||
| 94 | - /var/lib | ||
| 95 | ''; | ||
| 96 | }; | ||
| 97 | |||
| 89 | secrets.keys = [{ | 98 | secrets.keys = [{ |
| 90 | dest = "webapps/tools-taskwarrior-web"; | 99 | dest = "webapps/tools-taskwarrior-web"; |
| 91 | user = "wwwrun"; | 100 | user = "wwwrun"; |
diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index 6768f80..0c92818 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix | |||
| @@ -8,6 +8,7 @@ in { | |||
| 8 | options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration"; | 8 | options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration"; |
| 9 | 9 | ||
| 10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 11 | services.backup.profiles.aten_dev.rootDir = app.varDir; | ||
| 11 | services.phpApplication.apps.aten_dev = { | 12 | services.phpApplication.apps.aten_dev = { |
| 12 | websiteEnv = "integration"; | 13 | websiteEnv = "integration"; |
| 13 | httpdUser = config.services.httpd.Inte.user; | 14 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix index 97f4a08..2ffcef3 100644 --- a/modules/private/websites/aten/production.nix +++ b/modules/private/websites/aten/production.nix | |||
| @@ -8,6 +8,7 @@ in { | |||
| 8 | options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production"; | 8 | options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production"; |
| 9 | 9 | ||
| 10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 11 | services.backup.profiles.aten_prod.rootDir = app.varDir; | ||
| 11 | services.webstats.sites = [ { name = "aten.pro"; } ]; | 12 | services.webstats.sites = [ { name = "aten.pro"; } ]; |
| 12 | services.phpApplication.apps.aten_prod = { | 13 | services.phpApplication.apps.aten_prod = { |
| 13 | websiteEnv = "production"; | 14 | websiteEnv = "production"; |
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix index 1f7ac31..75e25af 100644 --- a/modules/private/websites/chloe/integration.nix +++ b/modules/private/websites/chloe/integration.nix | |||
| @@ -12,6 +12,7 @@ in { | |||
| 12 | options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; | 12 | options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; |
| 13 | 13 | ||
| 14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
| 15 | services.backup.profiles.chloe_dev.rootDir = chloe.app.varDir; | ||
| 15 | secrets.keys = chloe.keys; | 16 | secrets.keys = chloe.keys; |
| 16 | systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps; | 17 | systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps; |
| 17 | systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps; | 18 | systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps; |
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix index 6cfdb7f..7c59806 100644 --- a/modules/private/websites/chloe/production.nix +++ b/modules/private/websites/chloe/production.nix | |||
| @@ -12,6 +12,7 @@ in { | |||
| 12 | options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production"; | 12 | options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production"; |
| 13 | 13 | ||
| 14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
| 15 | services.backup.profiles.chloe_prod.rootDir = chloe.app.varDir; | ||
| 15 | secrets.keys = chloe.keys; | 16 | secrets.keys = chloe.keys; |
| 16 | services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; | 17 | services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; |
| 17 | 18 | ||
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix index 2ceaffa..fee8e4f 100644 --- a/modules/private/websites/connexionswing/integration.nix +++ b/modules/private/websites/connexionswing/integration.nix | |||
| @@ -8,6 +8,7 @@ in { | |||
| 8 | options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration"; | 8 | options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration"; |
| 9 | 9 | ||
| 10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 11 | services.backup.profiles.connexionswing_dev.rootDir = app.varDir; | ||
| 11 | services.phpApplication.apps.connexionswing_dev = { | 12 | services.phpApplication.apps.connexionswing_dev = { |
| 12 | websiteEnv = "integration"; | 13 | websiteEnv = "integration"; |
| 13 | httpdUser = config.services.httpd.Inte.user; | 14 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix index 1427c8d..79e672a 100644 --- a/modules/private/websites/connexionswing/production.nix +++ b/modules/private/websites/connexionswing/production.nix | |||
| @@ -8,6 +8,7 @@ in { | |||
| 8 | options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production"; | 8 | options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production"; |
| 9 | 9 | ||
| 10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 11 | services.backup.profiles.connexionswing_prod.rootDir = app.varDir; | ||
| 11 | services.webstats.sites = [ { name = "connexionswing.com"; } ]; | 12 | services.webstats.sites = [ { name = "connexionswing.com"; } ]; |
| 12 | services.phpApplication.apps.connexionswing_prod = { | 13 | services.phpApplication.apps.connexionswing_prod = { |
| 13 | websiteEnv = "production"; | 14 | websiteEnv = "production"; |
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index f55f7e3..e2bcef5 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix | |||
| @@ -73,6 +73,9 @@ in | |||
| 73 | }; | 73 | }; |
| 74 | 74 | ||
| 75 | config = { | 75 | config = { |
| 76 | services.backup.profiles.php = { | ||
| 77 | rootDir = "/var/lib/php"; | ||
| 78 | }; | ||
| 76 | users.users.wwwrun.extraGroups = [ "keys" ]; | 79 | users.users.wwwrun.extraGroups = [ "keys" ]; |
| 77 | networking.firewall.allowedTCPPorts = [ 80 443 ]; | 80 | networking.firewall.allowedTCPPorts = [ 80 443 ]; |
| 78 | 81 | ||
diff --git a/modules/private/websites/emilia/production.nix b/modules/private/websites/emilia/production.nix index 422bfd4..0dab316 100644 --- a/modules/private/websites/emilia/production.nix +++ b/modules/private/websites/emilia/production.nix | |||
| @@ -43,6 +43,9 @@ in { | |||
| 43 | options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website"; | 43 | options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website"; |
| 44 | 44 | ||
| 45 | config = lib.mkIf cfg.enable { | 45 | config = lib.mkIf cfg.enable { |
| 46 | services.backup.profiles.emilia_prod = { | ||
| 47 | rootDir = varDir; | ||
| 48 | }; | ||
| 46 | system.activationScripts.emilia = '' | 49 | system.activationScripts.emilia = '' |
| 47 | install -m 0755 -o wwwrun -g wwwrun -d ${varDir} | 50 | install -m 0755 -o wwwrun -g wwwrun -d ${varDir} |
| 48 | ''; | 51 | ''; |
diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix index 3f44ec4..7e2c333 100644 --- a/modules/private/websites/florian/app.nix +++ b/modules/private/websites/florian/app.nix | |||
| @@ -9,6 +9,7 @@ in { | |||
| 9 | options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; | 9 | options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; |
| 10 | 10 | ||
| 11 | config = lib.mkIf cfg.enable { | 11 | config = lib.mkIf cfg.enable { |
| 12 | services.backup.profiles.tellesflorian_dev.rootDir = app.varDir; | ||
| 12 | services.phpApplication.apps.florian_dev = { | 13 | services.phpApplication.apps.florian_dev = { |
| 13 | websiteEnv = "integration"; | 14 | websiteEnv = "integration"; |
| 14 | httpdUser = config.services.httpd.Inte.user; | 15 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix index 55f2432..d1b8f9b 100644 --- a/modules/private/websites/ludivinecassal/integration.nix +++ b/modules/private/websites/ludivinecassal/integration.nix | |||
| @@ -8,6 +8,7 @@ in { | |||
| 8 | options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; | 8 | options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; |
| 9 | 9 | ||
| 10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 11 | services.backup.profiles.ludivinecassal_dev.rootDir = app.varDir; | ||
| 11 | services.phpApplication.apps.ludivinecassal_dev = { | 12 | services.phpApplication.apps.ludivinecassal_dev = { |
| 12 | websiteEnv = "integration"; | 13 | websiteEnv = "integration"; |
| 13 | httpdUser = config.services.httpd.Inte.user; | 14 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix index 82f6899..341fd6d 100644 --- a/modules/private/websites/ludivinecassal/production.nix +++ b/modules/private/websites/ludivinecassal/production.nix | |||
| @@ -8,6 +8,7 @@ in { | |||
| 8 | options.myServices.websites.ludivinecassal.production.enable = lib.mkEnableOption "enable Ludivine's website in production"; | 8 | options.myServices.websites.ludivinecassal.production.enable = lib.mkEnableOption "enable Ludivine's website in production"; |
| 9 | 9 | ||
| 10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 11 | services.backup.profiles.ludivinecassal_prod.rootDir = app.varDir; | ||
| 11 | services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; | 12 | services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; |
| 12 | services.phpApplication.apps.ludivinecassal_prod = { | 13 | services.phpApplication.apps.ludivinecassal_prod = { |
| 13 | websiteEnv = "production"; | 14 | websiteEnv = "production"; |
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix index 0a33bc0..853fcff 100644 --- a/modules/private/websites/piedsjaloux/integration.nix +++ b/modules/private/websites/piedsjaloux/integration.nix | |||
| @@ -8,6 +8,7 @@ in { | |||
| 8 | options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; | 8 | options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; |
| 9 | 9 | ||
| 10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 11 | services.backup.profiles.piedsjaloux_dev.rootDir = app.varDir; | ||
| 11 | services.phpApplication.apps.piedsjaloux_dev = { | 12 | services.phpApplication.apps.piedsjaloux_dev = { |
| 12 | websiteEnv = "integration"; | 13 | websiteEnv = "integration"; |
| 13 | httpdUser = config.services.httpd.Inte.user; | 14 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix index 9007f19..9e64fca 100644 --- a/modules/private/websites/piedsjaloux/production.nix +++ b/modules/private/websites/piedsjaloux/production.nix | |||
| @@ -8,6 +8,7 @@ in { | |||
| 8 | options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; | 8 | options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; |
| 9 | 9 | ||
| 10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 11 | services.backup.profiles.piedsjaloux_prod.rootDir = app.varDir; | ||
| 11 | services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; | 12 | services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; |
| 12 | services.phpApplication.apps.piedsjaloux_prod = { | 13 | services.phpApplication.apps.piedsjaloux_prod = { |
| 13 | websiteEnv = "production"; | 14 | websiteEnv = "production"; |
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix index 17a6a09..24d3d51 100644 --- a/modules/private/websites/tools/diaspora/default.nix +++ b/modules/private/websites/tools/diaspora/default.nix | |||
| @@ -10,6 +10,9 @@ in { | |||
| 10 | }; | 10 | }; |
| 11 | 11 | ||
| 12 | config = lib.mkIf cfg.enable { | 12 | config = lib.mkIf cfg.enable { |
| 13 | services.backup.profiles.diaspora = { | ||
| 14 | rootDir = dcfg.dataDir; | ||
| 15 | }; | ||
| 13 | users.users.diaspora.extraGroups = [ "keys" ]; | 16 | users.users.diaspora.extraGroups = [ "keys" ]; |
| 14 | 17 | ||
| 15 | secrets.keys = [ | 18 | secrets.keys = [ |
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix index c038528..600254b 100644 --- a/modules/private/websites/tools/ether/default.nix +++ b/modules/private/websites/tools/ether/default.nix | |||
| @@ -12,6 +12,9 @@ in { | |||
| 12 | }; | 12 | }; |
| 13 | 13 | ||
| 14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
| 15 | services.backup.profiles.etherpad-lite = { | ||
| 16 | rootDir = "/var/lib/private/etherpad-lite"; | ||
| 17 | }; | ||
| 15 | secrets.keys = [ | 18 | secrets.keys = [ |
| 16 | { | 19 | { |
| 17 | dest = "webapps/tools-etherpad-apikey"; | 20 | dest = "webapps/tools-etherpad-apikey"; |
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix index ea0a27f..35711af 100644 --- a/modules/private/websites/tools/mail/default.nix +++ b/modules/private/websites/tools/mail/default.nix | |||
| @@ -17,6 +17,10 @@ in | |||
| 17 | ]; | 17 | ]; |
| 18 | 18 | ||
| 19 | config = lib.mkIf cfg.enable { | 19 | config = lib.mkIf cfg.enable { |
| 20 | services.backup.profiles.mail.excludeFile = '' | ||
| 21 | + ${rainloop.varDir} | ||
| 22 | + ${roundcubemail.varDir} | ||
| 23 | ''; | ||
| 20 | secrets.keys = roundcubemail.keys; | 24 | secrets.keys = roundcubemail.keys; |
| 21 | 25 | ||
| 22 | services.websites.env.tools.modules = | 26 | services.websites.env.tools.modules = |
diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix index d67ae2b..2236bd5 100644 --- a/modules/private/websites/tools/mastodon/default.nix +++ b/modules/private/websites/tools/mastodon/default.nix | |||
| @@ -10,6 +10,9 @@ in { | |||
| 10 | }; | 10 | }; |
| 11 | 11 | ||
| 12 | config = lib.mkIf cfg.enable { | 12 | config = lib.mkIf cfg.enable { |
| 13 | services.backup.profiles.mastodon = { | ||
| 14 | rootDir = mcfg.dataDir; | ||
| 15 | }; | ||
| 13 | secrets.keys = [{ | 16 | secrets.keys = [{ |
| 14 | dest = "webapps/tools-mastodon"; | 17 | dest = "webapps/tools-mastodon"; |
| 15 | user = "mastodon"; | 18 | user = "mastodon"; |
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index e17c708..6f27b0b 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
| @@ -51,6 +51,15 @@ in { | |||
| 51 | ++ wallabag.keys | 51 | ++ wallabag.keys |
| 52 | ++ yourls.keys; | 52 | ++ yourls.keys; |
| 53 | 53 | ||
| 54 | services.backup.profiles = { | ||
| 55 | dokuwiki = dokuwiki.backups; | ||
| 56 | kanboard = kanboard.backups; | ||
| 57 | rompr = rompr.backups; | ||
| 58 | shaarli = shaarli.backups; | ||
| 59 | ttrss = ttrss.backups; | ||
| 60 | wallabag = wallabag.backups; | ||
| 61 | }; | ||
| 62 | |||
| 54 | services.websites.env.tools.modules = | 63 | services.websites.env.tools.modules = |
| 55 | [ "proxy_fcgi" ] | 64 | [ "proxy_fcgi" ] |
| 56 | ++ adminer.apache.modules | 65 | ++ adminer.apache.modules |
diff --git a/modules/private/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix index c61d15f..e40d671 100644 --- a/modules/private/websites/tools/tools/dokuwiki.nix +++ b/modules/private/websites/tools/tools/dokuwiki.nix | |||
| @@ -1,5 +1,8 @@ | |||
| 1 | { lib, stdenv, dokuwiki, dokuwiki-plugins }: | 1 | { lib, stdenv, dokuwiki, dokuwiki-plugins }: |
| 2 | rec { | 2 | rec { |
| 3 | backups = { | ||
| 4 | rootDir = varDir; | ||
| 5 | }; | ||
| 3 | varDir = "/var/lib/dokuwiki"; | 6 | varDir = "/var/lib/dokuwiki"; |
| 4 | activationScript = { | 7 | activationScript = { |
| 5 | deps = [ "wrappers" ]; | 8 | deps = [ "wrappers" ]; |
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix index 68f92b8..68c3a10 100644 --- a/modules/private/websites/tools/tools/kanboard.nix +++ b/modules/private/websites/tools/tools/kanboard.nix | |||
| @@ -1,5 +1,8 @@ | |||
| 1 | { env, kanboard }: | 1 | { env, kanboard }: |
| 2 | rec { | 2 | rec { |
| 3 | backups = { | ||
| 4 | rootDir = varDir; | ||
| 5 | }; | ||
| 3 | varDir = "/var/lib/kanboard"; | 6 | varDir = "/var/lib/kanboard"; |
| 4 | activationScript = { | 7 | activationScript = { |
| 5 | deps = [ "wrappers" ]; | 8 | deps = [ "wrappers" ]; |
diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix index fea59fc..74034f0 100644 --- a/modules/private/websites/tools/tools/rompr.nix +++ b/modules/private/websites/tools/tools/rompr.nix | |||
| @@ -1,5 +1,8 @@ | |||
| 1 | { lib, env, rompr }: | 1 | { lib, env, rompr }: |
| 2 | rec { | 2 | rec { |
| 3 | backups = { | ||
| 4 | rootDir = varDir; | ||
| 5 | }; | ||
| 3 | varDir = "/var/lib/rompr"; | 6 | varDir = "/var/lib/rompr"; |
| 4 | activationScript = '' | 7 | activationScript = '' |
| 5 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | 8 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ |
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix index 2e89a47..28041ba 100644 --- a/modules/private/websites/tools/tools/shaarli.nix +++ b/modules/private/websites/tools/tools/shaarli.nix | |||
| @@ -2,6 +2,9 @@ | |||
| 2 | let | 2 | let |
| 3 | varDir = "/var/lib/shaarli"; | 3 | varDir = "/var/lib/shaarli"; |
| 4 | in rec { | 4 | in rec { |
| 5 | backups = { | ||
| 6 | rootDir = varDir; | ||
| 7 | }; | ||
| 5 | activationScript = '' | 8 | activationScript = '' |
| 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | 9 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ |
| 7 | ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \ | 10 | ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \ |
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index 05c8cab..598cc3a 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix | |||
| @@ -1,5 +1,8 @@ | |||
| 1 | { php, env, ttrss, ttrss-plugins }: | 1 | { php, env, ttrss, ttrss-plugins }: |
| 2 | rec { | 2 | rec { |
| 3 | backups = { | ||
| 4 | rootDir = varDir; | ||
| 5 | }; | ||
| 3 | varDir = "/var/lib/ttrss"; | 6 | varDir = "/var/lib/ttrss"; |
| 4 | activationScript = { | 7 | activationScript = { |
| 5 | deps = [ "wrappers" ]; | 8 | deps = [ "wrappers" ]; |
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix index 2912b2c..8572d64 100644 --- a/modules/private/websites/tools/tools/wallabag.nix +++ b/modules/private/websites/tools/tools/wallabag.nix | |||
| @@ -1,5 +1,8 @@ | |||
| 1 | { env, wallabag, mylibs }: | 1 | { env, wallabag, mylibs }: |
| 2 | rec { | 2 | rec { |
| 3 | backups = { | ||
| 4 | rootDir = varDir; | ||
| 5 | }; | ||
| 3 | varDir = "/var/lib/wallabag"; | 6 | varDir = "/var/lib/wallabag"; |
| 4 | keys = [{ | 7 | keys = [{ |
| 5 | dest = "webapps/tools-wallabag"; | 8 | dest = "webapps/tools-wallabag"; |