diff options
Diffstat (limited to 'modules')
47 files changed, 325 insertions, 1 deletions
diff --git a/modules/backup/Eriomem_SAS.1.pem b/modules/backup/Eriomem_SAS.1.pem new file mode 100644 index 0000000..ab76ee0 --- /dev/null +++ b/modules/backup/Eriomem_SAS.1.pem | |||
@@ -0,0 +1,35 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIIGATCCA+mgAwIBAgIJAJjhCwfJd2HOMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD | ||
3 | VQQGEwJGUjEXMBUGA1UECAwOw45sZSBkZSBGcmFuY2UxDjAMBgNVBAcMBVBhcmlz | ||
4 | MRQwEgYDVQQKDAtFcmlvbWVtIFNBUzETMBEGA1UECwwKRXJpb21lbSBDQTEUMBIG | ||
5 | A1UEAwwLRXJpb21lbSBTQVMxHTAbBgkqhkiG9w0BCQEWDmNhQGVyaW9tZW0ubmV0 | ||
6 | MB4XDTE3MDEzMTE1NTUzOFoXDTM3MDEzMTE1NTUzOFowgZYxCzAJBgNVBAYTAkZS | ||
7 | MRcwFQYDVQQIDA7DjmxlIGRlIEZyYW5jZTEOMAwGA1UEBwwFUGFyaXMxFDASBgNV | ||
8 | BAoMC0VyaW9tZW0gU0FTMRMwEQYDVQQLDApFcmlvbWVtIENBMRQwEgYDVQQDDAtF | ||
9 | cmlvbWVtIFNBUzEdMBsGCSqGSIb3DQEJARYOY2FAZXJpb21lbS5uZXQwggIiMA0G | ||
10 | CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9PesBee6dcEXLgLMEpfnmNTbMP7xs | ||
11 | EJGxEwcS7LLVsZu8bY5K4prCTErzc3nhmmOMIy/ZxVTlnTOPHFAUJ9EKI5cL0QfK | ||
12 | 9DbBzjPBs5AqntlpFBpz6DopV3FOFj3rn0nb/g3KyD3tqnN/YHdBiStX//z+Lp3H | ||
13 | 28M4ExpUFJBJrV3wboMzWgDnSirvJyLFbmeTPmUetYdC4hlSqr/Leo36da4CSl0X | ||
14 | wN/83Vrzy/Cqrcfso43Hs86Swmg9pJmqRifWPNrMne49IwnGP4hIQXcb9ilU1bMK | ||
15 | GzXor6I0yOYjuzvdg1k1KKvnHvO1U2cUV56MoTXmQHOt1yQr7fwiKyT0xiIgk5ou | ||
16 | QKbXbuHpf3KTwPmg1s7105T2lEhxNMNd+c2leRux3CJKsoi6GoUhiDIL1jPrWNS3 | ||
17 | ynYHJ1lcyoEsGeXwR9mDmVLhgRLDAHNDOeT9Z0/NpwoylNH+vgwzo9tV3btWRJgu | ||
18 | vB7TMDYdGsOd/OYNkQSiSUbtT8nm3xY2qGMC968GQieSCPW7a4n8MYhXW5Wa0/Ql | ||
19 | Sg58e03v26u0rUT+GK1EOOFF8tak4uKxxRL+WBT9VhK9dRq/PnA+xB6808Y8kMjQ | ||
20 | 9HTnxCgHNcNn6Xj7DD5Rb/r5ppmMicoI3dF6xgMHHNTG3BMZS+CVzSbG1K+4mOxR | ||
21 | 1r6wxKmskoszLwIDAQABo1AwTjAdBgNVHQ4EFgQU3cuB9G9fGroFF0VW21vHR9A/ | ||
22 | /IwwHwYDVR0jBBgwFoAU3cuB9G9fGroFF0VW21vHR9A//IwwDAYDVR0TBAUwAwEB | ||
23 | /zANBgkqhkiG9w0BAQsFAAOCAgEAGuL+CWzjOs9gydvkOsf0F0qoTS5mixe7v/ic | ||
24 | OKdZfvHvzs8kz9rNWa8Guj5h640Qv252KSmellqHyXZhQumoks2XmFItMLY08IYo | ||
25 | 4MmT+sHXwx1x4Av/Sjj+b8VzP31v5EIXDVIS+/UTXzyoU1hgqzM9W937iaO2NVFL | ||
26 | V3kzURHVR1oMxJtSjhGkbfoXRhdNZUhjGaNz5wX0ILtQ+PK4LoYiCqRAthDUSIkW | ||
27 | mD/R6CV08tIFYKyf7sCx0updbIHPbqbZtPW4X4QULXMDQanDSwHzcxzrCFOMEwOm | ||
28 | A+HASceq2X9nMUvH97fGQ4YuyogS/XI1k8H7jU7vlxMA3EGf80HnYc02b0oGDN3c | ||
29 | bVHBE/Zexer51HHsQOGpyYDmaCVzd1qlcFhwS3BMMPVW6TEU4HCXaTK5ipdOqbAF | ||
30 | syx9OUviqw3fRmZORt6lrhBO9+V3WIKGxUET64GLRoC4F32CThOBKzFXvFcHik4n | ||
31 | 1W44lGVAQp3B/Q55KzYOIQ3D3/N7cbxyPtw1dwW60lN/UWo7YZJJc+6GXjp6c4Cy | ||
32 | s2VEoUx4OIs1eba99O5fdQ5IpW3IK6Cb1WaajcusZX9/QTIsf3ntSNPCnoebgk0V | ||
33 | TOMpOOnKIbKYMjdxpKbYLpXFQzxy3WEi2PtmqgLAk+xwcmzz+3W2I0qKKTwGuaOZ | ||
34 | MnGrJwg= | ||
35 | -----END CERTIFICATE----- | ||
diff --git a/modules/backup/Eriomem_SAS.pem b/modules/backup/Eriomem_SAS.pem new file mode 100644 index 0000000..8d77f26 --- /dev/null +++ b/modules/backup/Eriomem_SAS.pem | |||
@@ -0,0 +1,26 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIIEbjCCA1agAwIBAgIJAKQiaGqY4pkkMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD | ||
3 | VQQGEwJGUjEWMBQGA1UECBQNzmxlIGRlIEZyYW5jZTEOMAwGA1UEBxMFUGFyaXMx | ||
4 | FDASBgNVBAoTC0VyaW9tZW0gU0FTMRQwEgYDVQQDEwtFcmlvbWVtIFNBUzEdMBsG | ||
5 | CSqGSIb3DQEJARYOY2FAZXJpb21lbS5uZXQwHhcNMTQwNTEzMTgzMDMxWhcNMzQw | ||
6 | NTEzMTgzMDMxWjCBgDELMAkGA1UEBhMCRlIxFjAUBgNVBAgUDc5sZSBkZSBGcmFu | ||
7 | Y2UxDjAMBgNVBAcTBVBhcmlzMRQwEgYDVQQKEwtFcmlvbWVtIFNBUzEUMBIGA1UE | ||
8 | AxMLRXJpb21lbSBTQVMxHTAbBgkqhkiG9w0BCQEWDmNhQGVyaW9tZW0ubmV0MIIB | ||
9 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVfR27JW3u3yvjdEEA8/mGlA | ||
10 | NMlurqteMnCXgPAKnkyU7xbuBWkNxs6FrcXvdpjomPQsDosLXOb4pV+4SxezApaY | ||
11 | XVqSzDWPV8M35QJjE8nOVuDvr3ziJfRITG9/WL2DpF9zpI6HpXVxdYNbZGxeCI2K | ||
12 | eSQ1pkc3574hDB1YB86TumcWPIYuw7cDFC9HB7htm2XYURt6o2jXbpNtdHWoEhWx | ||
13 | /m7cqpDCZmoBW1n3eApZac+4Im2bPXSQAqB/Lb0rgfsqJq3vEL4x12oC/5Ycn4cF | ||
14 | xti4AapPjC2GaPbybFLfBwMLu+lAgPJh3A4DC1DcQsxTuKPvUi/K00eCZDokewID | ||
15 | AQABo4HoMIHlMB0GA1UdDgQWBBRFwVSljClgTQxBTRvqftvJ3OE3xTCBtQYDVR0j | ||
16 | BIGtMIGqgBRFwVSljClgTQxBTRvqftvJ3OE3xaGBhqSBgzCBgDELMAkGA1UEBhMC | ||
17 | RlIxFjAUBgNVBAgUDc5sZSBkZSBGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRQwEgYD | ||
18 | VQQKEwtFcmlvbWVtIFNBUzEUMBIGA1UEAxMLRXJpb21lbSBTQVMxHTAbBgkqhkiG | ||
19 | 9w0BCQEWDmNhQGVyaW9tZW0ubmV0ggkApCJoapjimSQwDAYDVR0TBAUwAwEB/zAN | ||
20 | BgkqhkiG9w0BAQUFAAOCAQEAKs7PMQ9HAKHY1seGRHEMivQGVzDDZ7nURBmTkEIl | ||
21 | 549QEyQbrAkcHUjJdMAuIgnbPl4yJFEI97U21pXb3BeLxhKI6r09OgWwZEagrI44 | ||
22 | Ns9WbcNGtw5bkgyA4nn00w0ggAJLq9b0sToU2vK2x6g+1oXH8K7BbOu49/+NTzCa | ||
23 | fgBzFMi0P7FWGrE2rqh6gFBVJh8qBuK2+QG6Rnfdw+mHWsedc//NRFjPSC3ZWaPc | ||
24 | cu9s4+IkjOy3RhdkNrF3ieWitmGZi4mUZQ3qi+Np2Z+ekn0QmXjmLdbLFxKw8xoR | ||
25 | Ed36LPnGcmKQN72RikmNmx83i8CrOF6Or9auGE5O8+qpyw== | ||
26 | -----END CERTIFICATE----- | ||
diff --git a/modules/backup/default.nix b/modules/backup/default.nix new file mode 100644 index 0000000..7e0e4b2 --- /dev/null +++ b/modules/backup/default.nix | |||
@@ -0,0 +1,100 @@ | |||
1 | { lib, pkgs, myconfig, config, ... }: | ||
2 | |||
3 | let | ||
4 | cfg = myconfig.env.backup; | ||
5 | varDir = "/var/lib/duply"; | ||
6 | duplyProfile = profile: prefix: '' | ||
7 | GPG_PW="${cfg.password}" | ||
8 | TARGET="${cfg.remote}${prefix}" | ||
9 | export AWS_ACCESS_KEY_ID="${cfg.accessKeyId}" | ||
10 | export AWS_SECRET_ACCESS_KEY="${cfg.secretAccessKey}" | ||
11 | SOURCE="${profile.rootDir}" | ||
12 | FILENAME=".duplicity-ignore" | ||
13 | DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" | ||
14 | VERBOSITY=4 | ||
15 | ARCH_DIR="${varDir}/caches" | ||
16 | |||
17 | # Do a full backup after 1 month | ||
18 | MAX_FULLBKP_AGE=1M | ||
19 | DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " | ||
20 | # Backups older than 2months are deleted | ||
21 | MAX_AGE=2M | ||
22 | # Keep 2 full backups | ||
23 | MAX_FULL_BACKUPS=2 | ||
24 | MAX_FULLS_WITH_INCRS=2 | ||
25 | ''; | ||
26 | action = "bkp_purge_purgeFull_purgeIncr"; | ||
27 | in | ||
28 | { | ||
29 | options = { | ||
30 | services.backup.enable = lib.mkOption { | ||
31 | type = lib.types.bool; | ||
32 | default = false; | ||
33 | description = '' | ||
34 | Whether to enable remote backups. | ||
35 | ''; | ||
36 | }; | ||
37 | services.backup.profiles = lib.mkOption { | ||
38 | type = lib.types.attrsOf (lib.types.submodule { | ||
39 | options = { | ||
40 | rootDir = lib.mkOption { | ||
41 | type = lib.types.path; | ||
42 | description = '' | ||
43 | Path to backup | ||
44 | ''; | ||
45 | }; | ||
46 | excludeFile = lib.mkOption { | ||
47 | type = lib.types.lines; | ||
48 | default = ""; | ||
49 | description = '' | ||
50 | Content to put in exclude file | ||
51 | ''; | ||
52 | }; | ||
53 | }; | ||
54 | }); | ||
55 | }; | ||
56 | }; | ||
57 | |||
58 | config = lib.mkIf config.services.backup.enable { | ||
59 | system.activationScripts.backup = '' | ||
60 | install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches | ||
61 | ''; | ||
62 | secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: [ | ||
63 | { | ||
64 | permissions = "0400"; | ||
65 | dest = "backup/${k}/conf"; | ||
66 | text = duplyProfile v "${k}/"; | ||
67 | } | ||
68 | { | ||
69 | permissions = "0400"; | ||
70 | dest = "backup/${k}/exclude"; | ||
71 | text = v.excludeFile; | ||
72 | } | ||
73 | ]) config.services.backup.profiles); | ||
74 | |||
75 | services.cron = { | ||
76 | enable = true; | ||
77 | systemCronJobs = let | ||
78 | backups = pkgs.writeScript "backups" '' | ||
79 | #!${pkgs.stdenv.shell} | ||
80 | |||
81 | ${builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: | ||
82 | '' | ||
83 | touch ${varDir}/${k}.log | ||
84 | ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${k}/ ${action} --force >> ${varDir}/${k}.log | ||
85 | '' | ||
86 | ) config.services.backup.profiles)} | ||
87 | ''; | ||
88 | in | ||
89 | [ | ||
90 | "0 2 * * * root ${backups}" | ||
91 | ]; | ||
92 | |||
93 | }; | ||
94 | |||
95 | security.pki.certificates = [ | ||
96 | (builtins.readFile ./Eriomem_SAS.1.pem) | ||
97 | (builtins.readFile ./Eriomem_SAS.pem) | ||
98 | ]; | ||
99 | }; | ||
100 | } | ||
diff --git a/modules/default.nix b/modules/default.nix index 9e9c411..05f2bfe 100644 --- a/modules/default.nix +++ b/modules/default.nix | |||
@@ -13,6 +13,7 @@ | |||
13 | opendmarc = ./opendmarc.nix; | 13 | opendmarc = ./opendmarc.nix; |
14 | openarc = ./openarc.nix; | 14 | openarc = ./openarc.nix; |
15 | 15 | ||
16 | backup = ./backup; | ||
16 | naemon = ./naemon; | 17 | naemon = ./naemon; |
17 | 18 | ||
18 | php-application = ./websites/php-application.nix; | 19 | php-application = ./websites/php-application.nix; |
diff --git a/modules/myids.nix b/modules/myids.nix index ac9fd65..79610af 100644 --- a/modules/myids.nix +++ b/modules/myids.nix | |||
@@ -3,6 +3,7 @@ | |||
3 | # Check that there is no clash with nixos/modules/misc/ids.nix | 3 | # Check that there is no clash with nixos/modules/misc/ids.nix |
4 | config = { | 4 | config = { |
5 | ids.uids = { | 5 | ids.uids = { |
6 | backup = 389; | ||
6 | vhost = 390; | 7 | vhost = 390; |
7 | openarc = 391; | 8 | openarc = 391; |
8 | opendmarc = 392; | 9 | opendmarc = 392; |
@@ -15,6 +16,7 @@ | |||
15 | }; | 16 | }; |
16 | ids.gids = { | 17 | ids.gids = { |
17 | nagios = 11; # commented in the ids file | 18 | nagios = 11; # commented in the ids file |
19 | backup = 389; | ||
18 | vhost = 390; | 20 | vhost = 390; |
19 | openarc = 391; | 21 | openarc = 391; |
20 | opendmarc = 392; | 22 | opendmarc = 392; |
diff --git a/modules/private/backup.nix b/modules/private/backup.nix new file mode 100644 index 0000000..6911750 --- /dev/null +++ b/modules/private/backup.nix | |||
@@ -0,0 +1,6 @@ | |||
1 | { ... }: | ||
2 | { | ||
3 | config = { | ||
4 | services.backup.enable = true; | ||
5 | }; | ||
6 | } | ||
diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix index f307606..88bab9b 100644 --- a/modules/private/buildbot/default.nix +++ b/modules/private/buildbot/default.nix | |||
@@ -24,6 +24,9 @@ in | |||
24 | }; | 24 | }; |
25 | 25 | ||
26 | config = lib.mkIf config.myServices.buildbot.enable { | 26 | config = lib.mkIf config.myServices.buildbot.enable { |
27 | services.backup.profiles.buildbot = { | ||
28 | rootDir = varDir; | ||
29 | }; | ||
27 | ids.uids.buildbot = myconfig.env.buildbot.user.uid; | 30 | ids.uids.buildbot = myconfig.env.buildbot.user.uid; |
28 | ids.gids.buildbot = myconfig.env.buildbot.user.gid; | 31 | ids.gids.buildbot = myconfig.env.buildbot.user.gid; |
29 | 32 | ||
diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix index 2e40b3c..cb284fc 100644 --- a/modules/private/certificates.nix +++ b/modules/private/certificates.nix | |||
@@ -15,6 +15,9 @@ | |||
15 | }; | 15 | }; |
16 | 16 | ||
17 | config = { | 17 | config = { |
18 | services.backup.profiles.system.excludeFile = '' | ||
19 | + ${config.security.acme.directory} | ||
20 | ''; | ||
18 | services.websites.certs = config.services.myCertificates.certConfig; | 21 | services.websites.certs = config.services.myCertificates.certConfig; |
19 | myServices.databasesCerts = config.services.myCertificates.certConfig; | 22 | myServices.databasesCerts = config.services.myCertificates.certConfig; |
20 | myServices.ircCerts = config.services.myCertificates.certConfig; | 23 | myServices.ircCerts = config.services.myCertificates.certConfig; |
diff --git a/modules/private/default.nix b/modules/private/default.nix index cf15499..6dd7358 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix | |||
@@ -65,6 +65,7 @@ set = { | |||
65 | ftp = ./ftp.nix; | 65 | ftp = ./ftp.nix; |
66 | mpd = ./mpd.nix; | 66 | mpd = ./mpd.nix; |
67 | ssh = ./ssh; | 67 | ssh = ./ssh; |
68 | backup = ./backup.nix; | ||
68 | monitoring = ./monitoring; | 69 | monitoring = ./monitoring; |
69 | 70 | ||
70 | system = ./system.nix; | 71 | system = ./system.nix; |
diff --git a/modules/private/ftp.nix b/modules/private/ftp.nix index 59cae59..c6d7fbe 100644 --- a/modules/private/ftp.nix +++ b/modules/private/ftp.nix | |||
@@ -14,6 +14,9 @@ in | |||
14 | }; | 14 | }; |
15 | 15 | ||
16 | config = lib.mkIf config.services.pure-ftpd.enable { | 16 | config = lib.mkIf config.services.pure-ftpd.enable { |
17 | services.backup.profiles.ftp = { | ||
18 | rootDir = "/var/lib/ftp"; | ||
19 | }; | ||
17 | security.acme.certs."ftp" = config.services.myCertificates.certConfig // { | 20 | security.acme.certs."ftp" = config.services.myCertificates.certConfig // { |
18 | domain = "eldiron.immae.eu"; | 21 | domain = "eldiron.immae.eu"; |
19 | postRun = '' | 22 | postRun = '' |
diff --git a/modules/private/gitolite/default.nix b/modules/private/gitolite/default.nix index b9914a1..dc068b7 100644 --- a/modules/private/gitolite/default.nix +++ b/modules/private/gitolite/default.nix | |||
@@ -11,6 +11,9 @@ in { | |||
11 | }; | 11 | }; |
12 | 12 | ||
13 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
14 | services.backup.profiles.gitolite = { | ||
15 | rootDir = cfg.gitoliteDir; | ||
16 | }; | ||
14 | networking.firewall.allowedTCPPorts = [ 9418 ]; | 17 | networking.firewall.allowedTCPPorts = [ 9418 ]; |
15 | 18 | ||
16 | services.gitDaemon = { | 19 | services.gitDaemon = { |
diff --git a/modules/private/irc.nix b/modules/private/irc.nix index b3fe91f..785b34d 100644 --- a/modules/private/irc.nix +++ b/modules/private/irc.nix | |||
@@ -17,6 +17,9 @@ in | |||
17 | }; | 17 | }; |
18 | 18 | ||
19 | config = lib.mkIf cfg.enable { | 19 | config = lib.mkIf cfg.enable { |
20 | services.backup.profiles.irc = { | ||
21 | rootDir = "/var/lib/bitlbee"; | ||
22 | }; | ||
20 | security.acme.certs."irc" = config.myServices.ircCerts // { | 23 | security.acme.certs."irc" = config.myServices.ircCerts // { |
21 | domain = "irc.immae.eu"; | 24 | domain = "irc.immae.eu"; |
22 | postRun = '' | 25 | postRun = '' |
diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix index ad2c684..ac8ad8c 100644 --- a/modules/private/mail/default.nix +++ b/modules/private/mail/default.nix | |||
@@ -9,4 +9,13 @@ | |||
9 | mxs = map (zone: "mx-1.${zone.name}") zonesWithMx; | 9 | mxs = map (zone: "mx-1.${zone.name}") zonesWithMx; |
10 | in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); | 10 | in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); |
11 | }; | 11 | }; |
12 | config.services.backup.profiles = { | ||
13 | mail = { | ||
14 | rootDir = "/var/lib"; | ||
15 | excludeFile = lib.mkAfter '' | ||
16 | + /var/lib/vhost | ||
17 | - /var/lib | ||
18 | ''; | ||
19 | }; | ||
20 | }; | ||
12 | } | 21 | } |
diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix index 047d7d0..0d13a7b 100644 --- a/modules/private/mail/dovecot.nix +++ b/modules/private/mail/dovecot.nix | |||
@@ -12,6 +12,10 @@ let | |||
12 | ''; | 12 | ''; |
13 | in | 13 | in |
14 | { | 14 | { |
15 | config.services.backup.profiles.mail.excludeFile = '' | ||
16 | + /var/lib/dhparams | ||
17 | + /var/lib/dovecot | ||
18 | ''; | ||
15 | config.secrets.keys = [ | 19 | config.secrets.keys = [ |
16 | { | 20 | { |
17 | dest = "dovecot/ldap"; | 21 | dest = "dovecot/ldap"; |
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index c2d0af6..edfd196 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix | |||
@@ -1,5 +1,8 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, myconfig, ... }: |
2 | { | 2 | { |
3 | config.services.backup.profiles.mail.excludeFile = '' | ||
4 | + /var/lib/postfix | ||
5 | ''; | ||
3 | config.secrets.keys = [ | 6 | config.secrets.keys = [ |
4 | { | 7 | { |
5 | dest = "postfix/mysql_alias_maps"; | 8 | dest = "postfix/mysql_alias_maps"; |
diff --git a/modules/private/mail/rspamd.nix b/modules/private/mail/rspamd.nix index 3a7a67c..af3541f 100644 --- a/modules/private/mail/rspamd.nix +++ b/modules/private/mail/rspamd.nix | |||
@@ -10,6 +10,9 @@ | |||
10 | rspamd sockets | 10 | rspamd sockets |
11 | ''; | 11 | ''; |
12 | }; | 12 | }; |
13 | config.services.backup.profiles.mail.excludeFile = '' | ||
14 | + /var/lib/rspamd | ||
15 | ''; | ||
13 | config.services.cron.systemCronJobs = let | 16 | config.services.cron.systemCronJobs = let |
14 | cron_script = pkgs.runCommand "cron_script" { | 17 | cron_script = pkgs.runCommand "cron_script" { |
15 | buildInputs = [ pkgs.makeWrapper ]; | 18 | buildInputs = [ pkgs.makeWrapper ]; |
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index d99124e..d9805ef 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix | |||
@@ -27,6 +27,9 @@ in | |||
27 | }; | 27 | }; |
28 | 28 | ||
29 | config = lib.mkIf config.myServices.monitoring.enable { | 29 | config = lib.mkIf config.myServices.monitoring.enable { |
30 | services.backup.profiles.monitoring = { | ||
31 | rootDir = config.services.naemon.varDir; | ||
32 | }; | ||
30 | security.sudo.extraRules = [ | 33 | security.sudo.extraRules = [ |
31 | { | 34 | { |
32 | commands = [ | 35 | commands = [ |
diff --git a/modules/private/mpd.nix b/modules/private/mpd.nix index 17454d7..b224165 100644 --- a/modules/private/mpd.nix +++ b/modules/private/mpd.nix | |||
@@ -1,6 +1,9 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, myconfig, ... }: |
2 | { | 2 | { |
3 | config = { | 3 | config = { |
4 | services.backup.profiles.mpd = { | ||
5 | rootDir = "/var/lib/mpd"; | ||
6 | }; | ||
4 | secrets.keys = [ | 7 | secrets.keys = [ |
5 | { | 8 | { |
6 | dest = "mpd"; | 9 | dest = "mpd"; |
diff --git a/modules/private/pub/default.nix b/modules/private/pub/default.nix index c31c8eb..a193d17 100644 --- a/modules/private/pub/default.nix +++ b/modules/private/pub/default.nix | |||
@@ -11,6 +11,9 @@ | |||
11 | }; | 11 | }; |
12 | 12 | ||
13 | config = lib.mkIf config.myServices.pub.enable { | 13 | config = lib.mkIf config.myServices.pub.enable { |
14 | services.backup.profiles.pub = { | ||
15 | rootDir = "/var/lib/pub"; | ||
16 | }; | ||
14 | users.users.pub = let | 17 | users.users.pub = let |
15 | restrict = pkgs.runCommand "restrict" { | 18 | restrict = pkgs.runCommand "restrict" { |
16 | file = ./restrict; | 19 | file = ./restrict; |
diff --git a/modules/private/system.nix b/modules/private/system.nix index fba504e..c12c226 100644 --- a/modules/private/system.nix +++ b/modules/private/system.nix | |||
@@ -1,6 +1,17 @@ | |||
1 | { pkgs, privateFiles, ... }: | 1 | { pkgs, privateFiles, lib, ... }: |
2 | { | 2 | { |
3 | config = { | 3 | config = { |
4 | services.backup.profiles.system = { | ||
5 | rootDir = "/var/lib"; | ||
6 | excludeFile = lib.mkAfter '' | ||
7 | + /var/lib/nixos | ||
8 | + /var/lib/udev | ||
9 | + /var/lib/udisks2 | ||
10 | + /var/lib/systemd | ||
11 | + /var/lib/private/systemd | ||
12 | - /var/lib | ||
13 | ''; | ||
14 | }; | ||
4 | nixpkgs.overlays = builtins.attrValues (import ../../overlays); | 15 | nixpkgs.overlays = builtins.attrValues (import ../../overlays); |
5 | _module.args = { | 16 | _module.args = { |
6 | pkgsNext = import <nixpkgsNext> {}; | 17 | pkgsNext = import <nixpkgsNext> {}; |
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix index a2da0c3..b2191c0 100644 --- a/modules/private/tasks/default.nix +++ b/modules/private/tasks/default.nix | |||
@@ -86,6 +86,15 @@ in { | |||
86 | }; | 86 | }; |
87 | 87 | ||
88 | config = lib.mkIf cfg.enable { | 88 | config = lib.mkIf cfg.enable { |
89 | services.backup.profiles.tasks = { | ||
90 | rootDir = "/var/lib"; | ||
91 | excludeFile = '' | ||
92 | + /var/lib/taskserver | ||
93 | + /var/lib/taskwarrior-web | ||
94 | - /var/lib | ||
95 | ''; | ||
96 | }; | ||
97 | |||
89 | secrets.keys = [{ | 98 | secrets.keys = [{ |
90 | dest = "webapps/tools-taskwarrior-web"; | 99 | dest = "webapps/tools-taskwarrior-web"; |
91 | user = "wwwrun"; | 100 | user = "wwwrun"; |
diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index 6768f80..0c92818 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix | |||
@@ -8,6 +8,7 @@ in { | |||
8 | options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration"; | 8 | options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration"; |
9 | 9 | ||
10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
11 | services.backup.profiles.aten_dev.rootDir = app.varDir; | ||
11 | services.phpApplication.apps.aten_dev = { | 12 | services.phpApplication.apps.aten_dev = { |
12 | websiteEnv = "integration"; | 13 | websiteEnv = "integration"; |
13 | httpdUser = config.services.httpd.Inte.user; | 14 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix index 97f4a08..2ffcef3 100644 --- a/modules/private/websites/aten/production.nix +++ b/modules/private/websites/aten/production.nix | |||
@@ -8,6 +8,7 @@ in { | |||
8 | options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production"; | 8 | options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production"; |
9 | 9 | ||
10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
11 | services.backup.profiles.aten_prod.rootDir = app.varDir; | ||
11 | services.webstats.sites = [ { name = "aten.pro"; } ]; | 12 | services.webstats.sites = [ { name = "aten.pro"; } ]; |
12 | services.phpApplication.apps.aten_prod = { | 13 | services.phpApplication.apps.aten_prod = { |
13 | websiteEnv = "production"; | 14 | websiteEnv = "production"; |
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix index 1f7ac31..75e25af 100644 --- a/modules/private/websites/chloe/integration.nix +++ b/modules/private/websites/chloe/integration.nix | |||
@@ -12,6 +12,7 @@ in { | |||
12 | options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; | 12 | options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; |
13 | 13 | ||
14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
15 | services.backup.profiles.chloe_dev.rootDir = chloe.app.varDir; | ||
15 | secrets.keys = chloe.keys; | 16 | secrets.keys = chloe.keys; |
16 | systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps; | 17 | systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps; |
17 | systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps; | 18 | systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps; |
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix index 6cfdb7f..7c59806 100644 --- a/modules/private/websites/chloe/production.nix +++ b/modules/private/websites/chloe/production.nix | |||
@@ -12,6 +12,7 @@ in { | |||
12 | options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production"; | 12 | options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production"; |
13 | 13 | ||
14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
15 | services.backup.profiles.chloe_prod.rootDir = chloe.app.varDir; | ||
15 | secrets.keys = chloe.keys; | 16 | secrets.keys = chloe.keys; |
16 | services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; | 17 | services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; |
17 | 18 | ||
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix index 2ceaffa..fee8e4f 100644 --- a/modules/private/websites/connexionswing/integration.nix +++ b/modules/private/websites/connexionswing/integration.nix | |||
@@ -8,6 +8,7 @@ in { | |||
8 | options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration"; | 8 | options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration"; |
9 | 9 | ||
10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
11 | services.backup.profiles.connexionswing_dev.rootDir = app.varDir; | ||
11 | services.phpApplication.apps.connexionswing_dev = { | 12 | services.phpApplication.apps.connexionswing_dev = { |
12 | websiteEnv = "integration"; | 13 | websiteEnv = "integration"; |
13 | httpdUser = config.services.httpd.Inte.user; | 14 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix index 1427c8d..79e672a 100644 --- a/modules/private/websites/connexionswing/production.nix +++ b/modules/private/websites/connexionswing/production.nix | |||
@@ -8,6 +8,7 @@ in { | |||
8 | options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production"; | 8 | options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production"; |
9 | 9 | ||
10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
11 | services.backup.profiles.connexionswing_prod.rootDir = app.varDir; | ||
11 | services.webstats.sites = [ { name = "connexionswing.com"; } ]; | 12 | services.webstats.sites = [ { name = "connexionswing.com"; } ]; |
12 | services.phpApplication.apps.connexionswing_prod = { | 13 | services.phpApplication.apps.connexionswing_prod = { |
13 | websiteEnv = "production"; | 14 | websiteEnv = "production"; |
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index f55f7e3..e2bcef5 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix | |||
@@ -73,6 +73,9 @@ in | |||
73 | }; | 73 | }; |
74 | 74 | ||
75 | config = { | 75 | config = { |
76 | services.backup.profiles.php = { | ||
77 | rootDir = "/var/lib/php"; | ||
78 | }; | ||
76 | users.users.wwwrun.extraGroups = [ "keys" ]; | 79 | users.users.wwwrun.extraGroups = [ "keys" ]; |
77 | networking.firewall.allowedTCPPorts = [ 80 443 ]; | 80 | networking.firewall.allowedTCPPorts = [ 80 443 ]; |
78 | 81 | ||
diff --git a/modules/private/websites/emilia/production.nix b/modules/private/websites/emilia/production.nix index 422bfd4..0dab316 100644 --- a/modules/private/websites/emilia/production.nix +++ b/modules/private/websites/emilia/production.nix | |||
@@ -43,6 +43,9 @@ in { | |||
43 | options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website"; | 43 | options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website"; |
44 | 44 | ||
45 | config = lib.mkIf cfg.enable { | 45 | config = lib.mkIf cfg.enable { |
46 | services.backup.profiles.emilia_prod = { | ||
47 | rootDir = varDir; | ||
48 | }; | ||
46 | system.activationScripts.emilia = '' | 49 | system.activationScripts.emilia = '' |
47 | install -m 0755 -o wwwrun -g wwwrun -d ${varDir} | 50 | install -m 0755 -o wwwrun -g wwwrun -d ${varDir} |
48 | ''; | 51 | ''; |
diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix index 3f44ec4..7e2c333 100644 --- a/modules/private/websites/florian/app.nix +++ b/modules/private/websites/florian/app.nix | |||
@@ -9,6 +9,7 @@ in { | |||
9 | options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; | 9 | options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; |
10 | 10 | ||
11 | config = lib.mkIf cfg.enable { | 11 | config = lib.mkIf cfg.enable { |
12 | services.backup.profiles.tellesflorian_dev.rootDir = app.varDir; | ||
12 | services.phpApplication.apps.florian_dev = { | 13 | services.phpApplication.apps.florian_dev = { |
13 | websiteEnv = "integration"; | 14 | websiteEnv = "integration"; |
14 | httpdUser = config.services.httpd.Inte.user; | 15 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix index 55f2432..d1b8f9b 100644 --- a/modules/private/websites/ludivinecassal/integration.nix +++ b/modules/private/websites/ludivinecassal/integration.nix | |||
@@ -8,6 +8,7 @@ in { | |||
8 | options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; | 8 | options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; |
9 | 9 | ||
10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
11 | services.backup.profiles.ludivinecassal_dev.rootDir = app.varDir; | ||
11 | services.phpApplication.apps.ludivinecassal_dev = { | 12 | services.phpApplication.apps.ludivinecassal_dev = { |
12 | websiteEnv = "integration"; | 13 | websiteEnv = "integration"; |
13 | httpdUser = config.services.httpd.Inte.user; | 14 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix index 82f6899..341fd6d 100644 --- a/modules/private/websites/ludivinecassal/production.nix +++ b/modules/private/websites/ludivinecassal/production.nix | |||
@@ -8,6 +8,7 @@ in { | |||
8 | options.myServices.websites.ludivinecassal.production.enable = lib.mkEnableOption "enable Ludivine's website in production"; | 8 | options.myServices.websites.ludivinecassal.production.enable = lib.mkEnableOption "enable Ludivine's website in production"; |
9 | 9 | ||
10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
11 | services.backup.profiles.ludivinecassal_prod.rootDir = app.varDir; | ||
11 | services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; | 12 | services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; |
12 | services.phpApplication.apps.ludivinecassal_prod = { | 13 | services.phpApplication.apps.ludivinecassal_prod = { |
13 | websiteEnv = "production"; | 14 | websiteEnv = "production"; |
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix index 0a33bc0..853fcff 100644 --- a/modules/private/websites/piedsjaloux/integration.nix +++ b/modules/private/websites/piedsjaloux/integration.nix | |||
@@ -8,6 +8,7 @@ in { | |||
8 | options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; | 8 | options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; |
9 | 9 | ||
10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
11 | services.backup.profiles.piedsjaloux_dev.rootDir = app.varDir; | ||
11 | services.phpApplication.apps.piedsjaloux_dev = { | 12 | services.phpApplication.apps.piedsjaloux_dev = { |
12 | websiteEnv = "integration"; | 13 | websiteEnv = "integration"; |
13 | httpdUser = config.services.httpd.Inte.user; | 14 | httpdUser = config.services.httpd.Inte.user; |
diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix index 9007f19..9e64fca 100644 --- a/modules/private/websites/piedsjaloux/production.nix +++ b/modules/private/websites/piedsjaloux/production.nix | |||
@@ -8,6 +8,7 @@ in { | |||
8 | options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; | 8 | options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; |
9 | 9 | ||
10 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
11 | services.backup.profiles.piedsjaloux_prod.rootDir = app.varDir; | ||
11 | services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; | 12 | services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; |
12 | services.phpApplication.apps.piedsjaloux_prod = { | 13 | services.phpApplication.apps.piedsjaloux_prod = { |
13 | websiteEnv = "production"; | 14 | websiteEnv = "production"; |
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix index 17a6a09..24d3d51 100644 --- a/modules/private/websites/tools/diaspora/default.nix +++ b/modules/private/websites/tools/diaspora/default.nix | |||
@@ -10,6 +10,9 @@ in { | |||
10 | }; | 10 | }; |
11 | 11 | ||
12 | config = lib.mkIf cfg.enable { | 12 | config = lib.mkIf cfg.enable { |
13 | services.backup.profiles.diaspora = { | ||
14 | rootDir = dcfg.dataDir; | ||
15 | }; | ||
13 | users.users.diaspora.extraGroups = [ "keys" ]; | 16 | users.users.diaspora.extraGroups = [ "keys" ]; |
14 | 17 | ||
15 | secrets.keys = [ | 18 | secrets.keys = [ |
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix index c038528..600254b 100644 --- a/modules/private/websites/tools/ether/default.nix +++ b/modules/private/websites/tools/ether/default.nix | |||
@@ -12,6 +12,9 @@ in { | |||
12 | }; | 12 | }; |
13 | 13 | ||
14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
15 | services.backup.profiles.etherpad-lite = { | ||
16 | rootDir = "/var/lib/private/etherpad-lite"; | ||
17 | }; | ||
15 | secrets.keys = [ | 18 | secrets.keys = [ |
16 | { | 19 | { |
17 | dest = "webapps/tools-etherpad-apikey"; | 20 | dest = "webapps/tools-etherpad-apikey"; |
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix index ea0a27f..35711af 100644 --- a/modules/private/websites/tools/mail/default.nix +++ b/modules/private/websites/tools/mail/default.nix | |||
@@ -17,6 +17,10 @@ in | |||
17 | ]; | 17 | ]; |
18 | 18 | ||
19 | config = lib.mkIf cfg.enable { | 19 | config = lib.mkIf cfg.enable { |
20 | services.backup.profiles.mail.excludeFile = '' | ||
21 | + ${rainloop.varDir} | ||
22 | + ${roundcubemail.varDir} | ||
23 | ''; | ||
20 | secrets.keys = roundcubemail.keys; | 24 | secrets.keys = roundcubemail.keys; |
21 | 25 | ||
22 | services.websites.env.tools.modules = | 26 | services.websites.env.tools.modules = |
diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix index d67ae2b..2236bd5 100644 --- a/modules/private/websites/tools/mastodon/default.nix +++ b/modules/private/websites/tools/mastodon/default.nix | |||
@@ -10,6 +10,9 @@ in { | |||
10 | }; | 10 | }; |
11 | 11 | ||
12 | config = lib.mkIf cfg.enable { | 12 | config = lib.mkIf cfg.enable { |
13 | services.backup.profiles.mastodon = { | ||
14 | rootDir = mcfg.dataDir; | ||
15 | }; | ||
13 | secrets.keys = [{ | 16 | secrets.keys = [{ |
14 | dest = "webapps/tools-mastodon"; | 17 | dest = "webapps/tools-mastodon"; |
15 | user = "mastodon"; | 18 | user = "mastodon"; |
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index e17c708..6f27b0b 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
@@ -51,6 +51,15 @@ in { | |||
51 | ++ wallabag.keys | 51 | ++ wallabag.keys |
52 | ++ yourls.keys; | 52 | ++ yourls.keys; |
53 | 53 | ||
54 | services.backup.profiles = { | ||
55 | dokuwiki = dokuwiki.backups; | ||
56 | kanboard = kanboard.backups; | ||
57 | rompr = rompr.backups; | ||
58 | shaarli = shaarli.backups; | ||
59 | ttrss = ttrss.backups; | ||
60 | wallabag = wallabag.backups; | ||
61 | }; | ||
62 | |||
54 | services.websites.env.tools.modules = | 63 | services.websites.env.tools.modules = |
55 | [ "proxy_fcgi" ] | 64 | [ "proxy_fcgi" ] |
56 | ++ adminer.apache.modules | 65 | ++ adminer.apache.modules |
diff --git a/modules/private/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix index c61d15f..e40d671 100644 --- a/modules/private/websites/tools/tools/dokuwiki.nix +++ b/modules/private/websites/tools/tools/dokuwiki.nix | |||
@@ -1,5 +1,8 @@ | |||
1 | { lib, stdenv, dokuwiki, dokuwiki-plugins }: | 1 | { lib, stdenv, dokuwiki, dokuwiki-plugins }: |
2 | rec { | 2 | rec { |
3 | backups = { | ||
4 | rootDir = varDir; | ||
5 | }; | ||
3 | varDir = "/var/lib/dokuwiki"; | 6 | varDir = "/var/lib/dokuwiki"; |
4 | activationScript = { | 7 | activationScript = { |
5 | deps = [ "wrappers" ]; | 8 | deps = [ "wrappers" ]; |
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix index 68f92b8..68c3a10 100644 --- a/modules/private/websites/tools/tools/kanboard.nix +++ b/modules/private/websites/tools/tools/kanboard.nix | |||
@@ -1,5 +1,8 @@ | |||
1 | { env, kanboard }: | 1 | { env, kanboard }: |
2 | rec { | 2 | rec { |
3 | backups = { | ||
4 | rootDir = varDir; | ||
5 | }; | ||
3 | varDir = "/var/lib/kanboard"; | 6 | varDir = "/var/lib/kanboard"; |
4 | activationScript = { | 7 | activationScript = { |
5 | deps = [ "wrappers" ]; | 8 | deps = [ "wrappers" ]; |
diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix index fea59fc..74034f0 100644 --- a/modules/private/websites/tools/tools/rompr.nix +++ b/modules/private/websites/tools/tools/rompr.nix | |||
@@ -1,5 +1,8 @@ | |||
1 | { lib, env, rompr }: | 1 | { lib, env, rompr }: |
2 | rec { | 2 | rec { |
3 | backups = { | ||
4 | rootDir = varDir; | ||
5 | }; | ||
3 | varDir = "/var/lib/rompr"; | 6 | varDir = "/var/lib/rompr"; |
4 | activationScript = '' | 7 | activationScript = '' |
5 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | 8 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ |
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix index 2e89a47..28041ba 100644 --- a/modules/private/websites/tools/tools/shaarli.nix +++ b/modules/private/websites/tools/tools/shaarli.nix | |||
@@ -2,6 +2,9 @@ | |||
2 | let | 2 | let |
3 | varDir = "/var/lib/shaarli"; | 3 | varDir = "/var/lib/shaarli"; |
4 | in rec { | 4 | in rec { |
5 | backups = { | ||
6 | rootDir = varDir; | ||
7 | }; | ||
5 | activationScript = '' | 8 | activationScript = '' |
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | 9 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ |
7 | ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \ | 10 | ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \ |
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index 05c8cab..598cc3a 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix | |||
@@ -1,5 +1,8 @@ | |||
1 | { php, env, ttrss, ttrss-plugins }: | 1 | { php, env, ttrss, ttrss-plugins }: |
2 | rec { | 2 | rec { |
3 | backups = { | ||
4 | rootDir = varDir; | ||
5 | }; | ||
3 | varDir = "/var/lib/ttrss"; | 6 | varDir = "/var/lib/ttrss"; |
4 | activationScript = { | 7 | activationScript = { |
5 | deps = [ "wrappers" ]; | 8 | deps = [ "wrappers" ]; |
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix index 2912b2c..8572d64 100644 --- a/modules/private/websites/tools/tools/wallabag.nix +++ b/modules/private/websites/tools/tools/wallabag.nix | |||
@@ -1,5 +1,8 @@ | |||
1 | { env, wallabag, mylibs }: | 1 | { env, wallabag, mylibs }: |
2 | rec { | 2 | rec { |
3 | backups = { | ||
4 | rootDir = varDir; | ||
5 | }; | ||
3 | varDir = "/var/lib/wallabag"; | 6 | varDir = "/var/lib/wallabag"; |
4 | keys = [{ | 7 | keys = [{ |
5 | dest = "webapps/tools-wallabag"; | 8 | dest = "webapps/tools-wallabag"; |
diff --git a/modules/webapps/mastodon.nix b/modules/webapps/mastodon.nix index 26d5238..eed9e3f 100644 --- a/modules/webapps/mastodon.nix +++ b/modules/webapps/mastodon.nix | |||
@@ -190,6 +190,36 @@ in | |||
190 | unitConfig.RequiresMountsFor = cfg.dataDir; | 190 | unitConfig.RequiresMountsFor = cfg.dataDir; |
191 | }; | 191 | }; |
192 | 192 | ||
193 | systemd.services.mastodon-cleanup = { | ||
194 | description = "Cleanup mastodon"; | ||
195 | startAt = "daily"; | ||
196 | restartIfChanged = false; | ||
197 | |||
198 | environment.RAILS_ENV = "production"; | ||
199 | environment.BUNDLE_PATH = "${cfg.workdir.gems}/${cfg.workdir.gems.ruby.gemPath}"; | ||
200 | environment.BUNDLE_GEMFILE = "${cfg.workdir.gems.confFiles}/Gemfile"; | ||
201 | environment.SOCKET = cfg.sockets.rails; | ||
202 | |||
203 | path = [ cfg.workdir.gems cfg.workdir.gems.ruby pkgs.file ]; | ||
204 | |||
205 | script = '' | ||
206 | exec ./bin/tootctl media remove --days 30 | ||
207 | ''; | ||
208 | |||
209 | serviceConfig = { | ||
210 | User = cfg.user; | ||
211 | EnvironmentFile = cfg.configFile; | ||
212 | PrivateTmp = true; | ||
213 | Type = "oneshot"; | ||
214 | WorkingDirectory = cfg.workdir; | ||
215 | StateDirectory = cfg.systemdStateDirectory; | ||
216 | RuntimeDirectory = cfg.systemdRuntimeDirectory; | ||
217 | RuntimeDirectoryPreserve = "yes"; | ||
218 | }; | ||
219 | |||
220 | unitConfig.RequiresMountsFor = cfg.dataDir; | ||
221 | }; | ||
222 | |||
193 | systemd.services.mastodon-sidekiq = { | 223 | systemd.services.mastodon-sidekiq = { |
194 | description = "Mastodon Sidekiq"; | 224 | description = "Mastodon Sidekiq"; |
195 | wantedBy = [ "multi-user.target" ]; | 225 | wantedBy = [ "multi-user.target" ]; |
diff --git a/modules/webapps/webstats/default.nix b/modules/webapps/webstats/default.nix index 924d72d..6771f01 100644 --- a/modules/webapps/webstats/default.nix +++ b/modules/webapps/webstats/default.nix | |||
@@ -37,6 +37,9 @@ in { | |||
37 | }; | 37 | }; |
38 | 38 | ||
39 | config = lib.mkIf (builtins.length cfg.sites > 0) { | 39 | config = lib.mkIf (builtins.length cfg.sites > 0) { |
40 | services.backup.profiles.goaccess = { | ||
41 | rootDir = cfg.dataDir; | ||
42 | }; | ||
40 | users.users.root.packages = [ | 43 | users.users.root.packages = [ |
41 | pkgs.goaccess | 44 | pkgs.goaccess |
42 | ]; | 45 | ]; |