SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 19:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rename option "backups.enable" to "doBackups"

Browse source
This commit is contained in:
SebastianStork 2025-06-30 23:56:52 +02:00
parent 6bd3313e55
commit 4f5db50ca1
11 changed files with 71 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/alto/default.nix
View file

@ -19,19 +19,19 @@
syncthing = { syncthing = {
enable = true; enable = true;
isServer = true; isServer = true;
doBackups = true;
deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD"; deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD";
gui.domain = "syncthing.${config.custom.services.tailscale.domain}"; gui.domain = "syncthing.${config.custom.services.tailscale.domain}";
backups.enable = true;
}; };
nextcloud = { nextcloud = {
enable = true; enable = true;
doBackups = true;
domain = "cloud.${config.custom.services.tailscale.domain}"; domain = "cloud.${config.custom.services.tailscale.domain}";
backups.enable = true;
}; };
actualbudget = { actualbudget = {
enable = true; enable = true;
doBackups = true;
domain = "budget.${config.custom.services.tailscale.domain}"; domain = "budget.${config.custom.services.tailscale.domain}";
backups.enable = true;
}; };
caddy.virtualHosts = { caddy.virtualHosts = {

4
hosts/cirrus/default.nix
View file

@ -27,8 +27,8 @@
hedgedoc = { hedgedoc = {
enable = true; enable = true;
doBackups = true;
domain = "docs.sprouted.cloud"; domain = "docs.sprouted.cloud";
backups.enable = true;
}; };
it-tools = { it-tools = {
enable = true; enable = true;
@ -36,9 +36,9 @@
}; };
forgejo = { forgejo = {
enable = true; enable = true;
doBackups = true;
domain = "git.sstork.dev"; domain = "git.sstork.dev";
ssh.enable = true; ssh.enable = true;
backups.enable = true;
}; };
caddy.virtualHosts = { caddy.virtualHosts = {

6
modules/system/services/actualbudget/default.nix → modules/system/services/actualbudget.nix
View file

@ -5,6 +5,7 @@ in
{ {
options.custom.services.actualbudget = { options.custom.services.actualbudget = {
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
doBackups = lib.mkEnableOption "";
domain = lib.mkOption { domain = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "";
@ -25,5 +26,10 @@ in
inherit (cfg) port; inherit (cfg) port;
}; };
}; };
custom.services.resticBackups.actual = lib.mkIf cfg.doBackups {
conflictingService = "actual.service";
extraConfig.paths = [ config.services.actual.settings.dataDir ];
};
}; };
} }

11
modules/system/services/actualbudget/backups.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
{
options.custom.services.actualbudget.backups.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.actualbudget.backups.enable {
custom.services.resticBackups.actual = {
conflictingService = "actual.service";
extraConfig.paths = [ config.services.actual.settings.dataDir ];
};
};
}

11
modules/system/services/forgejo/backups.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
{
options.custom.services.forgejo.backups.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.forgejo.backups.enable {
custom.services.resticBackups.forgejo = {
conflictingService = "forgejo.service";
extraConfig.paths = [ config.services.forgejo.stateDir ];
};
};
}

19
modules/system/services/forgejo/default.nix
View file

@ -6,6 +6,7 @@
}: }:
let let
cfg = config.custom.services.forgejo; cfg = config.custom.services.forgejo;
originalCfg = config.services.forgejo;
user = config.users.users.forgejo.name; user = config.users.users.forgejo.name;
inherit (config.users.users.forgejo) group; inherit (config.users.users.forgejo) group;
@ -13,6 +14,7 @@ in
{ {
options.custom.services.forgejo = { options.custom.services.forgejo = {
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
doBackups = lib.mkEnableOption "";
domain = lib.mkOption { domain = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "";
@ -67,9 +69,10 @@ in
}; };
}; };
systemd.services.forgejo.preStart = systemd = {
services.forgejo.preStart =
let let
userCmd = "${lib.getExe config.services.forgejo.package} admin user"; userCmd = "${lib.getExe originalCfg.package} admin user";
credentials = lib.concatStringsSep " " [ credentials = lib.concatStringsSep " " [
"--username SebastianStork" "--username SebastianStork"
"--password \"$PASSWORD\"" "--password \"$PASSWORD\""
@ -82,7 +85,7 @@ in
|| ${userCmd} change-password ${credentials} --must-change-password=false || ${userCmd} change-password ${credentials} --must-change-password=false
''; '';
systemd.tmpfiles.rules = tmpfiles.rules =
let let
disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" '' disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" ''
User-agent: * User-agent: *
@ -90,8 +93,14 @@ in
''; '';
in in
[ [
"d ${config.services.forgejo.customDir}/public 750 ${user} ${group} - -" "d ${originalCfg.customDir}/public 750 ${user} ${group} - -"
"L+ ${config.services.forgejo.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}" "L+ ${originalCfg.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}"
]; ];
}; };
custom.services.resticBackups.forgejo = lib.mkIf cfg.doBackups {
conflictingService = "forgejo.service";
extraConfig.paths = [ originalCfg.stateDir ];
};
};
} }

9
modules/system/services/hedgedoc/default.nix → modules/system/services/hedgedoc.nix
View file

@ -14,6 +14,7 @@ in
{ {
options.custom.services.hedgedoc = { options.custom.services.hedgedoc = {
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
doBackups = lib.mkEnableOption "";
domain = lib.mkOption { domain = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "";
@ -79,5 +80,13 @@ in
}; };
environment.shellAliases.hedgedoc-manage-users = "sudo --user=${user} ${manage_users}"; environment.shellAliases.hedgedoc-manage-users = "sudo --user=${user} ${manage_users}";
custom.services.resticBackups.hedgedoc = lib.mkIf cfg.doBackups {
conflictingService = "hedgedoc.service";
extraConfig.paths = with config.services.hedgedoc.settings; [
uploadsPath
db.storage
];
};
}; };
} }

14
modules/system/services/hedgedoc/backups.nix
View file

@ -1,14 +0,0 @@
{ config, lib, ... }:
{
options.custom.services.hedgedoc.backups.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.hedgedoc.backups.enable {
custom.services.resticBackups.hedgedoc = {
conflictingService = "hedgedoc.service";
extraConfig.paths = with config.services.hedgedoc.settings; [
uploadsPath
db.storage
];
};
};
}

14
modules/system/services/nextcloud/backups.nix
View file

@ -9,18 +9,20 @@ let
user = config.users.users.nextcloud.name; user = config.users.users.nextcloud.name;
dataDir = config.services.nextcloud.home; dataDir = config.services.nextcloud.home;
nextcloud-occ = lib.getExe' config.services.nextcloud.occ "nextcloud-occ";
in in
{ {
options.custom.services.nextcloud.backups.enable = lib.mkEnableOption ""; options.custom.services.nextcloud.doBackups = lib.mkEnableOption "";
config = lib.mkIf cfg.backups.enable { config = lib.mkIf cfg.doBackups {
custom.services.resticBackups.nextcloud = { custom.services.resticBackups.nextcloud = {
extraConfig = { extraConfig = {
backupPrepareCommand = '' backupPrepareCommand = ''
${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on ${nextcloud-occ} maintenance:mode --on
${lib.getExe pkgs.sudo} --user=${user} ${lib.getExe' config.services.postgresql.package "pg_dump"} nextcloud --format=custom --file=${dataDir}/db.dump ${lib.getExe pkgs.sudo} --user=${user} ${lib.getExe' config.services.postgresql.package "pg_dump"} nextcloud --format=custom --file=${dataDir}/db.dump
''; '';
backupCleanupCommand = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off"; backupCleanupCommand = "${nextcloud-occ} maintenance:mode --off";
paths = [ paths = [
"${dataDir}/data" "${dataDir}/data"
"${dataDir}/config/config.php" "${dataDir}/config/config.php"
@ -29,10 +31,10 @@ in
}; };
restoreCommand = { restoreCommand = {
preRestore = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on"; preRestore = "${nextcloud-occ} maintenance:mode --on";
postRestore = '' postRestore = ''
sudo --user=${user} pg_restore --clean --if-exists --dbname nextcloud ${dataDir}/db.dump sudo --user=${user} pg_restore --clean --if-exists --dbname nextcloud ${dataDir}/db.dump
${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off ${nextcloud-occ} maintenance:mode --off
''; '';
}; };
}; };

10
modules/system/services/syncthing/default.nix → modules/system/services/syncthing.nix
View file

@ -12,6 +12,7 @@ in
options.custom.services.syncthing = { options.custom.services.syncthing = {
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
isServer = lib.mkEnableOption ""; isServer = lib.mkEnableOption "";
doBackups = lib.mkEnableOption "";
deviceId = lib.mkOption { deviceId = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "";
@ -38,6 +39,10 @@ in
assertion = tailscaleCfg.enable; assertion = tailscaleCfg.enable;
message = "syncthing requires tailscale"; message = "syncthing requires tailscale";
} }
{
assertion = cfg.doBackups -> cfg.isServer;
message = "syncthing backups can only be performed on a server";
}
]; ];
meta.ports.list = [ meta.ports.list = [
@ -97,5 +102,10 @@ in
}; };
}; };
}; };
custom.services.resticBackups.syncthing = lib.mkIf cfg.doBackups {
conflictingService = "syncthing.service";
extraConfig.paths = [ config.services.syncthing.dataDir ];
};
}; };
} }

21
modules/system/services/syncthing/backups.nix
View file

@ -1,21 +0,0 @@
{ config, lib, ... }:
let
cfg = config.custom.services.syncthing;
in
{
options.custom.services.syncthing.backups.enable = lib.mkEnableOption "";
config = lib.mkIf cfg.backups.enable {
assertions = [
{
assertion = cfg.isServer;
message = "syncthing backups can only be made on a server";
}
];
custom.services.resticBackups.syncthing = {
conflictingService = "syncthing.service";
extraConfig.paths = [ config.services.syncthing.dataDir ];
};
};
}