remove grocy

2024-07-21 20:34:36 +01:00 · 2024-07-21 20:34:36 +01:00 · 315e63d70d
parent af963bb628
commit 315e63d70d
6 changed files with 0 additions and 177 deletions
--- a/data/backupSchedules.nix
+++ b/data/backupSchedules.nix
@ -16,11 +16,6 @@ rec {
    };
  };
  music = {
    OnStartupSec = "2m";
    OnUnitActiveSec = "2h";
  };
  remoteBackups = {
    OnStartupSec = "1h";
    OnUnitActiveSec = "48h";
--- a/hosts/hetzner-arm/containers/grocy/default.nix
+++ b/hosts/hetzner-arm/containers/grocy/default.nix
@ -1,58 +0,0 @@
 {
  self,
  hostPath,
  tree,
  inputs,
  pkgs,
  config,
  ...
 }: let
  containerName = "grocy";
  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
  hostIP = containerAddresses.host;
  containerIP = containerAddresses.containers.${containerName};
 in {
  containers.grocy = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = hostIP;
    localAddress = containerIP;
    specialArgs = {
      inherit inputs;
      inherit tree;
      inherit self;
      inherit hostPath;
    };
    config = {...}: {
      nixpkgs.pkgs = pkgs;
      imports = with tree;
        [
          presets.nixos.containerBase
          ./secrets.nix
        ]
        ++ (with hosts.hetzner-arm.containers.grocy.profiles; [
          grocy
          restic
        ]);
      networking.firewall.allowedTCPPorts = [80];
      home-manager.users.root.home.stateVersion = "24.05";
      system.stateVersion = "24.05";
    };
  };
  services.nginx.virtualHosts."grocy.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://${containerIP}:80";
      proxyWebsockets = true;
    };
  };
 }
--- a/hosts/hetzner-arm/containers/grocy/profiles/grocy.nix
+++ b/hosts/hetzner-arm/containers/grocy/profiles/grocy.nix
@ -1,55 +0,0 @@
 {
  config,
  lib,
  ...
 }: {
  services.grocy = {
    enable = true;
    hostName = "grocy.owo.monster";
    nginx.enableSSL = false;
    phpfpm.settings = {
      "listen.owner" = "nginx";
      "pm" = "dynamic";
      "pm.max_children" = 32;
      "pm.max_requests" = 500;
      "pm.start_servers" = 2;
      "pm.min_spare_servers" = 2;
      "pm.max_spare_servers" = 5;
      "catch_workers_output" = true;
      "php_admin_flag[display_errors]" = true;
      "php_admin_value[error_log]" = "stderr";
      "php_admin_flag[log_errors]" = true;
    };
    settings = {
      currency = "GBP";
      culture = "en_GB";
      calendar.firstDayOfWeek = 1;
    };
  };
  services.phpfpm.pools.grocy = let
    cfg = config.services.grocy;
  in {
    phpEnv = {
      GROCY_DATAPATH = "${cfg.dataDir}";
      GROCY_CONFIG_FILE = "/etc/grocy/config.php";
      GROCY_DB_FILE = "${cfg.dataDir}/grocy.db";
      GROCY_STORAGE_DIR = "${cfg.dataDir}/storage";
      GROCY_PLUGIN_DIR = "${cfg.dataDir}/plugins";
      GROCY_CACHE_DIR = "${cfg.dataDir}/viewcache";
    };
  };
  environment.etc."grocy/config.php".text = let
    cfg = config.services.grocy;
    inherit (lib.trivial) boolToString;
    inherit (lib.modules) mkForce;
  in
    mkForce ''
      <?php
      Setting('CULTURE', '${cfg.settings.culture}');
      Setting('CURRENCY', '${cfg.settings.currency}');
      Setting('CALENDAR_FIRST_DAY_OF_WEEK', '${toString cfg.settings.calendar.firstDayOfWeek}');
      Setting('CALENDAR_SHOW_WEEK_OF_YEAR', ${boolToString cfg.settings.calendar.showWeekNumber});
    '';
 }
--- a/hosts/hetzner-arm/containers/grocy/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/grocy/profiles/restic.nix
@ -1,23 +0,0 @@
 {
  self,
  config,
  ...
 }: let
  inherit (config.services.secrets) secrets;
  backupSchedules = import "${self}/data/backupSchedules.nix";
 in {
  services.restic.backups.grocy = {
    user = "root";
    paths = [
      "/var/lib/grocy"
    ];
    repository = "s3:s3.eu-central-003.backblazeb2.com/Chaos-Backups/Restic/Grocy";
    passwordFile = "${secrets.restic_password.path}";
    environmentFile = "${secrets.restic_env.path}";
    createWrapper = true;
    pruneOpts = ["--keep-last 30"];
    timerConfig = backupSchedules.restic.high;
  };
 }
--- a/hosts/hetzner-arm/containers/grocy/secrets.nix
+++ b/hosts/hetzner-arm/containers/grocy/secrets.nix
@ -1,35 +0,0 @@
 {...}: {
  services.secrets = {
    enable = true;
    vaultLogin = {
      enable = true;
      loginUsername = "hetzner-arm-container-grocy";
    };
    requiredVaultPaths = [
      "api-keys/data/backblaze/Chaos-Backups"
      "private-public-keys/data/restic/Grocy"
    ];
    secrets = {
      vault_password = {
        manual = true;
      };
      restic_password = {
        fetchScript = ''
          simple_get "/private-public-keys/restic/Grocy" .password > "$secretFile"
        '';
      };
      restic_env = {
        fetchScript = ''
          cat << EOF > "$secretFile"
          AWS_ACCESS_KEY_ID=$(simple_get "/api-keys/backblaze/Chaos-Backups" .keyID)
          AWS_SECRET_ACCESS_KEY=$(simple_get "/api-keys/backblaze/Chaos-Backups" .applicationKey)
          EOF
        '';
      };
    };
  };
 }
--- a/hosts/hetzner-arm/hetzner-arm.nix
+++ b/hosts/hetzner-arm/hetzner-arm.nix
@ -21,7 +21,6 @@ in {
      "storage"
      "mail"
      "jellyfin"
      #"grocy"
      "vault"
    ] (name: ./containers + "/${name}"))
    ++ (with hosts.hetzner-arm.profiles; [