SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 15:11:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rename option "backups.enable" to "doBackups"

Browse source
This commit is contained in:
SebastianStork 2025-06-30 23:56:52 +02:00
parent 6bd3313e55
commit 4f5db50ca1
11 changed files with 71 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/system/services/actualbudget/default.nix → modules/system/services/actualbudget.nix
View file

@ -5,6 +5,7 @@ in
{
options.custom.services.actualbudget = {
enable = lib.mkEnableOption "";
doBackups = lib.mkEnableOption "";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
@ -25,5 +26,10 @@ in
inherit (cfg) port;
};
};
custom.services.resticBackups.actual = lib.mkIf cfg.doBackups {
conflictingService = "actual.service";
extraConfig.paths = [ config.services.actual.settings.dataDir ];
};
};
}

11
modules/system/services/actualbudget/backups.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
{
options.custom.services.actualbudget.backups.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.actualbudget.backups.enable {
custom.services.resticBackups.actual = {
conflictingService = "actual.service";
extraConfig.paths = [ config.services.actual.settings.dataDir ];
};
};
}

11
modules/system/services/forgejo/backups.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
{
options.custom.services.forgejo.backups.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.forgejo.backups.enable {
custom.services.resticBackups.forgejo = {
conflictingService = "forgejo.service";
extraConfig.paths = [ config.services.forgejo.stateDir ];
};
};
}

57
modules/system/services/forgejo/default.nix
View file

@ -6,6 +6,7 @@
}:
let
cfg = config.custom.services.forgejo;
originalCfg = config.services.forgejo;
user = config.users.users.forgejo.name;
inherit (config.users.users.forgejo) group;
@ -13,6 +14,7 @@ in
{
options.custom.services.forgejo = {
enable = lib.mkEnableOption "";
doBackups = lib.mkEnableOption "";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
@ -67,31 +69,38 @@ in
};
};
systemd.services.forgejo.preStart =
let
userCmd = "${lib.getExe config.services.forgejo.package} admin user";
credentials = lib.concatStringsSep " " [
"--username SebastianStork"
"--password \"$PASSWORD\""
];
in
''
PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})"
systemd = {
services.forgejo.preStart =
let
userCmd = "${lib.getExe originalCfg.package} admin user";
credentials = lib.concatStringsSep " " [
"--username SebastianStork"
"--password \"$PASSWORD\""
];
in
''
PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})"
${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \
|| ${userCmd} change-password ${credentials} --must-change-password=false
'';
systemd.tmpfiles.rules =
let
disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" ''
User-agent: *
Disallow: /
${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \
|| ${userCmd} change-password ${credentials} --must-change-password=false
'';
in
[
"d ${config.services.forgejo.customDir}/public 750 ${user} ${group} - -"
"L+ ${config.services.forgejo.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}"
];
tmpfiles.rules =
let
disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" ''
User-agent: *
Disallow: /
'';
in
[
"d ${originalCfg.customDir}/public 750 ${user} ${group} - -"
"L+ ${originalCfg.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}"
];
};
custom.services.resticBackups.forgejo = lib.mkIf cfg.doBackups {
conflictingService = "forgejo.service";
extraConfig.paths = [ originalCfg.stateDir ];
};
};
}

9
modules/system/services/hedgedoc/default.nix → modules/system/services/hedgedoc.nix
View file

@ -14,6 +14,7 @@ in
{
options.custom.services.hedgedoc = {
enable = lib.mkEnableOption "";
doBackups = lib.mkEnableOption "";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
@ -79,5 +80,13 @@ in
};
environment.shellAliases.hedgedoc-manage-users = "sudo --user=${user} ${manage_users}";
custom.services.resticBackups.hedgedoc = lib.mkIf cfg.doBackups {
conflictingService = "hedgedoc.service";
extraConfig.paths = with config.services.hedgedoc.settings; [
uploadsPath
db.storage
];
};
};
}

14
modules/system/services/hedgedoc/backups.nix
View file

@ -1,14 +0,0 @@
{ config, lib, ... }:
{
options.custom.services.hedgedoc.backups.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.hedgedoc.backups.enable {
custom.services.resticBackups.hedgedoc = {
conflictingService = "hedgedoc.service";
extraConfig.paths = with config.services.hedgedoc.settings; [
uploadsPath
db.storage
];
};
};
}

14
modules/system/services/nextcloud/backups.nix
View file

@ -9,18 +9,20 @@ let
user = config.users.users.nextcloud.name;
dataDir = config.services.nextcloud.home;
nextcloud-occ = lib.getExe' config.services.nextcloud.occ "nextcloud-occ";
in
{
options.custom.services.nextcloud.backups.enable = lib.mkEnableOption "";
options.custom.services.nextcloud.doBackups = lib.mkEnableOption "";
config = lib.mkIf cfg.backups.enable {
config = lib.mkIf cfg.doBackups {
custom.services.resticBackups.nextcloud = {
extraConfig = {
backupPrepareCommand = ''
${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on
${nextcloud-occ} maintenance:mode --on
${lib.getExe pkgs.sudo} --user=${user} ${lib.getExe' config.services.postgresql.package "pg_dump"} nextcloud --format=custom --file=${dataDir}/db.dump
'';
backupCleanupCommand = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off";
backupCleanupCommand = "${nextcloud-occ} maintenance:mode --off";
paths = [
"${dataDir}/data"
"${dataDir}/config/config.php"
@ -29,10 +31,10 @@ in
};
restoreCommand = {
preRestore = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on";
preRestore = "${nextcloud-occ} maintenance:mode --on";
postRestore = ''
sudo --user=${user} pg_restore --clean --if-exists --dbname nextcloud ${dataDir}/db.dump
${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off
${nextcloud-occ} maintenance:mode --off
'';
};
};

10
modules/system/services/syncthing/default.nix → modules/system/services/syncthing.nix
View file

@ -12,6 +12,7 @@ in
options.custom.services.syncthing = {
enable = lib.mkEnableOption "";
isServer = lib.mkEnableOption "";
doBackups = lib.mkEnableOption "";
deviceId = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
@ -38,6 +39,10 @@ in
assertion = tailscaleCfg.enable;
message = "syncthing requires tailscale";
}
{
assertion = cfg.doBackups -> cfg.isServer;
message = "syncthing backups can only be performed on a server";
}
];
meta.ports.list = [
@ -97,5 +102,10 @@ in
};
};
};
custom.services.resticBackups.syncthing = lib.mkIf cfg.doBackups {
conflictingService = "syncthing.service";
extraConfig.paths = [ config.services.syncthing.dataDir ];
};
};
}

21
modules/system/services/syncthing/backups.nix
View file

@ -1,21 +0,0 @@
{ config, lib, ... }:
let
cfg = config.custom.services.syncthing;
in
{
options.custom.services.syncthing.backups.enable = lib.mkEnableOption "";
config = lib.mkIf cfg.backups.enable {
assertions = [
{
assertion = cfg.isServer;
message = "syncthing backups can only be made on a server";
}
];
custom.services.resticBackups.syncthing = {
conflictingService = "syncthing.service";
extraConfig.paths = [ config.services.syncthing.dataDir ];
};
};
}