remove misskey and move its data to a manual backup
This commit is contained in:
parent
b98df12529
commit
846677068a
|
@ -1,8 +1,7 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
rclone_serve_webdav_main = 4200;
|
rclone_serve_webdav_main = 4200;
|
||||||
rclone_serve_webdav_media = 4201;
|
rclone_serve_webdav_media = 4201;
|
||||||
rclone_serve_webdav_misskey = 4202;
|
rclone_serve_webdav_music_ro = 4202;
|
||||||
rclone_serve_webdav_music_ro = 4203;
|
|
||||||
|
|
||||||
rclone_serve_restic_hvm = 4210;
|
rclone_serve_restic_hvm = 4210;
|
||||||
rclone_serve_restic_music = 4211;
|
rclone_serve_restic_music = 4211;
|
||||||
|
|
|
@ -6,7 +6,6 @@ in {
|
||||||
"d /caches - storage storage"
|
"d /caches - storage storage"
|
||||||
"d /caches/main_webdav_serve - storage storage"
|
"d /caches/main_webdav_serve - storage storage"
|
||||||
"d /caches/media_webdav_serve - storage storage"
|
"d /caches/media_webdav_serve - storage storage"
|
||||||
"d /caches/backups_misskey_webdav_serve - storage storage"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
services.rclone-serve = let
|
services.rclone-serve = let
|
||||||
|
@ -30,21 +29,6 @@ in {
|
||||||
];
|
];
|
||||||
inherit serviceConfig;
|
inherit serviceConfig;
|
||||||
}
|
}
|
||||||
{
|
|
||||||
user = "storage";
|
|
||||||
remote = "StorageBox:Backups/Misskey";
|
|
||||||
type = "webdav";
|
|
||||||
extraArgs = [
|
|
||||||
"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_misskey}"
|
|
||||||
"--htpasswd=${secrets.webdav_misskey_htpasswd.path}"
|
|
||||||
"--baseurl=/Misskey/"
|
|
||||||
"--cache-dir=/caches/backups_misskey_webdav_serve"
|
|
||||||
"--vfs-cache-max-age=30m"
|
|
||||||
"--vfs-cache-max-size=3g"
|
|
||||||
"--vfs-cache-mode=full"
|
|
||||||
];
|
|
||||||
inherit serviceConfig;
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
user = "storage";
|
user = "storage";
|
||||||
remote = "Media-Combine-Serve:";
|
remote = "Media-Combine-Serve:";
|
||||||
|
@ -54,7 +38,7 @@ in {
|
||||||
"--htpasswd=${secrets.webdav_media_htpasswd.path}"
|
"--htpasswd=${secrets.webdav_media_htpasswd.path}"
|
||||||
"--baseurl=/Media/"
|
"--baseurl=/Media/"
|
||||||
"--cache-dir=/caches/media_webdav_serve"
|
"--cache-dir=/caches/media_webdav_serve"
|
||||||
"--vfs-cache-max-age=30m"
|
"--vfs-cache-max-age=120m"
|
||||||
"--vfs-cache-max-size=5g"
|
"--vfs-cache-max-size=5g"
|
||||||
"--vfs-cache-mode=full"
|
"--vfs-cache-mode=full"
|
||||||
];
|
];
|
||||||
|
|
|
@ -99,15 +99,7 @@
|
||||||
htpasswd -bc "$secretFile" "$username" "$password" 2>&1
|
htpasswd -bc "$secretFile" "$username" "$password" 2>&1
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
webdav_misskey_htpasswd = {
|
|
||||||
user = "storage";
|
|
||||||
group = "storage";
|
|
||||||
fetchScript = ''
|
|
||||||
username=$(simple_get "/api-keys/storage/webdav/misskey" .username)
|
|
||||||
password=$(simple_get "/api-keys/storage/webdav/misskey" .password)
|
|
||||||
htpasswd -bc "$secretFile" "$username" "$password" 2>&1
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
rclone_config = {
|
rclone_config = {
|
||||||
user = "storage";
|
user = "storage";
|
||||||
group = "storage";
|
group = "storage";
|
||||||
|
|
|
@ -76,7 +76,6 @@ in {
|
||||||
locations = {
|
locations = {
|
||||||
"/Main/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_main}";
|
"/Main/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_main}";
|
||||||
"/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}";
|
"/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}";
|
||||||
"/Misskey/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_misskey}";
|
|
||||||
"/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}";
|
"/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
[Misskey-Storage]
|
|
||||||
type = webdav
|
|
||||||
url = https://storage-webdav.owo.monster/Misskey/
|
|
||||||
vendor = other
|
|
||||||
user = misskey
|
|
||||||
pass = MISSKEY_STORAGE_PASSWORD
|
|
||||||
|
|
||||||
[Storage-Media-Crypt]
|
|
||||||
type = crypt
|
|
||||||
remote = Misskey-Storage:
|
|
||||||
password = STORAGE_MISSKEY_CRYPT_PASSWORD
|
|
||||||
password2 = STORAGE_MISSKEY_CRYPT_SALT
|
|
|
@ -19,7 +19,6 @@
|
||||||
hosts.hetzner-vm.profiles.quassel
|
hosts.hetzner-vm.profiles.quassel
|
||||||
hosts.hetzner-vm.profiles.mailserver
|
hosts.hetzner-vm.profiles.mailserver
|
||||||
hosts.hetzner-vm.profiles.gitlab-static-sites
|
hosts.hetzner-vm.profiles.gitlab-static-sites
|
||||||
hosts.hetzner-vm.profiles.misskey
|
|
||||||
hosts.hetzner-vm.profiles.wireguard
|
hosts.hetzner-vm.profiles.wireguard
|
||||||
hosts.hetzner-vm.profiles.nginx-misc
|
hosts.hetzner-vm.profiles.nginx-misc
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,6 @@
|
||||||
{}: {
|
{}: {
|
||||||
quassel = 4242; # default
|
quassel = 4242; # default
|
||||||
|
|
||||||
misskey = 3020;
|
|
||||||
misskey-redis = 3021;
|
|
||||||
|
|
||||||
invidious = 3000;
|
|
||||||
|
|
||||||
piped-backend = 3012;
|
piped-backend = 3012;
|
||||||
piped-proxy = 3013;
|
piped-proxy = 3013;
|
||||||
|
|
||||||
|
|
|
@ -30,12 +30,7 @@ in {
|
||||||
];
|
];
|
||||||
sieveScript = null;
|
sieveScript = null;
|
||||||
};
|
};
|
||||||
"misskey@owo.monster" = {
|
|
||||||
name = "misskey@owo.monster";
|
|
||||||
passwordFile = "${secrets.misskey_mail_passwd.path}";
|
|
||||||
aliases = [];
|
|
||||||
sieveScript = null;
|
|
||||||
};
|
|
||||||
"system@owo.monster" = {
|
"system@owo.monster" = {
|
||||||
name = "system@owo.monster";
|
name = "system@owo.monster";
|
||||||
passwordFile = "${secrets.system_mail_passwd.path}";
|
passwordFile = "${secrets.system_mail_passwd.path}";
|
||||||
|
|
|
@ -1,162 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
tree,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
secrets = config.services.secrets.secrets;
|
|
||||||
|
|
||||||
ports = import ../ports.nix {};
|
|
||||||
|
|
||||||
misskeyDomain = "social.owo.monster";
|
|
||||||
|
|
||||||
misskeyPackages = with pkgs; [
|
|
||||||
nodejs
|
|
||||||
nodePackages.node-gyp
|
|
||||||
nodePackages.pnpm
|
|
||||||
|
|
||||||
python3
|
|
||||||
pkg-config
|
|
||||||
glib
|
|
||||||
vips
|
|
||||||
|
|
||||||
stdenv
|
|
||||||
];
|
|
||||||
|
|
||||||
misskeyConfig = {
|
|
||||||
url = "https://${misskeyDomain}/";
|
|
||||||
port = ports.misskey;
|
|
||||||
id = "aid";
|
|
||||||
|
|
||||||
db = {
|
|
||||||
host = "localhost";
|
|
||||||
port = "5432";
|
|
||||||
db = "misskey";
|
|
||||||
user = "misskey";
|
|
||||||
pass = "password";
|
|
||||||
};
|
|
||||||
|
|
||||||
redis = {
|
|
||||||
host = "127.0.0.1";
|
|
||||||
port = ports.misskey-redis;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Allows federation with gotosocial which requires AP Get to be signed
|
|
||||||
signToActivityPubGet = true;
|
|
||||||
clusterLimit = 4;
|
|
||||||
outgoingAddressFamily = "dual";
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
environment.etc."misskey.yml".text = pkgs.lib.generators.toYAML {} misskeyConfig;
|
|
||||||
|
|
||||||
users.users."misskey" = {
|
|
||||||
isNormalUser = true;
|
|
||||||
createHome = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
home-manager.users."misskey" = {
|
|
||||||
home.packages = misskeyPackages;
|
|
||||||
home.stateVersion = "22.05";
|
|
||||||
|
|
||||||
imports = with tree; [home.base home.dev.small];
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.misskey-password = {
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
wantedBy = ["misskey.service"];
|
|
||||||
wants = ["postgresql.service"];
|
|
||||||
after = ["postgresql.service"];
|
|
||||||
script = ''
|
|
||||||
${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"
|
|
||||||
'';
|
|
||||||
serviceConfig.User = "misskey";
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.misskey = {
|
|
||||||
wantedBy = ["multi-user.target"];
|
|
||||||
after = ["misskey-password.service"];
|
|
||||||
wants = ["postgresql.service" "redis-misskey.service"];
|
|
||||||
path = with pkgs; [bash git] ++ misskeyPackages;
|
|
||||||
environment.NODE_ENV = "production";
|
|
||||||
serviceConfig = {
|
|
||||||
User = "misskey";
|
|
||||||
WorkingDirectory = "/home/misskey/misskey";
|
|
||||||
ExecStartPre = "${pkgs.nodePackages.pnpm}/bin/pnpm migrate";
|
|
||||||
ExecStart = "${pkgs.nodePackages.pnpm}/bin/pnpm start";
|
|
||||||
#TimeoutSec = 60;
|
|
||||||
#StandardOutput = "syslog";
|
|
||||||
#StandardError = "syslog";
|
|
||||||
#SyslogIdentifier = "misskey";
|
|
||||||
#Restart = "always";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."${misskeyDomain}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations = {
|
|
||||||
"/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:${toString ports.misskey}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
|
||||||
ensureUsers = [
|
|
||||||
{
|
|
||||||
name = "misskey";
|
|
||||||
ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
ensureDatabases = ["misskey"];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.redis.servers."misskey" = {
|
|
||||||
enable = true;
|
|
||||||
port = ports.misskey-redis;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
rclone
|
|
||||||
(pkgs.writeShellScriptBin "rclone-misskey" ''
|
|
||||||
${pkgs.rclone}/bin/rclone --config ${secrets.misskey_storage_rclone_config.path} \
|
|
||||||
$@
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d /home/misskey/misskey-files - misskey users"
|
|
||||||
|
|
||||||
"d /home/misskey/.config - misskey users"
|
|
||||||
"d /home/misskey/.config/rclone - misskey users"
|
|
||||||
"L /home/misskey/.config/rclone/rclone.conf - - - - ${secrets.misskey_storage_rclone_config.path}"
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.services."misskey-files-sync" = {
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
script = let
|
|
||||||
bsdtar = "${pkgs.libarchive}/bin/bsdtar";
|
|
||||||
rclone = "${pkgs.rclone}/bin/rclone";
|
|
||||||
in ''
|
|
||||||
pushd /home/misskey
|
|
||||||
pushd /home/misskey/misskey-files
|
|
||||||
${bsdtar} cvf ../Media.tar .
|
|
||||||
popd
|
|
||||||
${rclone} copy Media.tar Storage-Media-Crypt:Media.tar
|
|
||||||
rm Media.tar
|
|
||||||
popd
|
|
||||||
'';
|
|
||||||
serviceConfig.User = "misskey";
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.timers."misskey-files-sync" = {
|
|
||||||
wantedBy = ["timers.target"];
|
|
||||||
partOf = ["misskey-files-sync.service"];
|
|
||||||
timerConfig = {
|
|
||||||
OnStartupSec = "60";
|
|
||||||
OnCalendar = "4h";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -39,10 +39,6 @@ in {
|
||||||
mail_config.sieve_directory
|
mail_config.sieve_directory
|
||||||
mail_config.dkim_directory
|
mail_config.dkim_directory
|
||||||
"/var/lib/redis-rspamd"
|
"/var/lib/redis-rspamd"
|
||||||
|
|
||||||
# misskey
|
|
||||||
"/home/misskey/misskey"
|
|
||||||
"/var/lib/redis-misskey"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# repository is overrided in environmentFile to contain auth
|
# repository is overrided in environmentFile to contain auth
|
||||||
|
@ -66,7 +62,7 @@ in {
|
||||||
services.postgresqlBackup = {
|
services.postgresqlBackup = {
|
||||||
enable = true;
|
enable = true;
|
||||||
backupAll = false;
|
backupAll = false;
|
||||||
databases = ["postgres" "invidious" "misskey" "quassel" "roundcube"];
|
databases = ["postgres" "quassel" "roundcube"];
|
||||||
compression = "zstd";
|
compression = "zstd";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,9 +5,6 @@
|
||||||
extraPackages = with pkgs; [
|
extraPackages = with pkgs; [
|
||||||
# for music & mail passwd files
|
# for music & mail passwd files
|
||||||
apacheHttpd
|
apacheHttpd
|
||||||
|
|
||||||
# for rclone file for misskey files sync
|
|
||||||
rclone
|
|
||||||
];
|
];
|
||||||
|
|
||||||
extraFunctions = ''
|
extraFunctions = ''
|
||||||
|
@ -15,10 +12,6 @@
|
||||||
sed "s#/#\\\/#"
|
sed "s#/#\\\/#"
|
||||||
}
|
}
|
||||||
|
|
||||||
simple_get_obscure() {
|
|
||||||
rclone obscure "$(simple_get "$@")"
|
|
||||||
}
|
|
||||||
|
|
||||||
simple_get_replace_crypt() {
|
simple_get_replace_crypt() {
|
||||||
password=$(simple_get "$1" .password | replace_slash_for_sed)
|
password=$(simple_get "$1" .password | replace_slash_for_sed)
|
||||||
salt=$(simple_get "$1" .salt | replace_slash_for_sed)
|
salt=$(simple_get "$1" .salt | replace_slash_for_sed)
|
||||||
|
@ -63,14 +56,7 @@
|
||||||
htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
|
htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
misskey_mail_passwd = {
|
|
||||||
user = "dovecot2";
|
|
||||||
group = "dovecot2";
|
|
||||||
fetchScript = ''
|
|
||||||
password=$(simple_get "/api-keys/chaos_mail/misskey" .password)
|
|
||||||
htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
system_mail_passwd = {
|
system_mail_passwd = {
|
||||||
user = "dovecot2";
|
user = "dovecot2";
|
||||||
group = "dovecot2";
|
group = "dovecot2";
|
||||||
|
@ -79,6 +65,7 @@
|
||||||
htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
|
htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
gitlab_env = {
|
gitlab_env = {
|
||||||
user = "gitlab_artifacts_sync";
|
user = "gitlab_artifacts_sync";
|
||||||
group = "gitlab_artifacts_sync";
|
group = "gitlab_artifacts_sync";
|
||||||
|
@ -88,29 +75,6 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
misskey_storage_rclone_config = {
|
|
||||||
user = "misskey";
|
|
||||||
group = "users";
|
|
||||||
fetchScript = ''
|
|
||||||
TMP_DIR="$(mktemp -d)"
|
|
||||||
|
|
||||||
cp ${./data/misskey_rclone.template} "$TMP_DIR/template"
|
|
||||||
|
|
||||||
pushd "$TMP_DIR" 2>/dev/null
|
|
||||||
|
|
||||||
MISSKEY_STORAGE_PASSWORD=$(simple_get_obscure /api-keys/storage/webdav/misskey .password)
|
|
||||||
sed -i "s/MISSKEY_STORAGE_PASSWORD/$MISSKEY_STORAGE_PASSWORD/" ./template
|
|
||||||
|
|
||||||
simple_get_replace_crypt "/private-public-keys/rclone/Backups-Misskey-Crypt" "STORAGE_MISSKEY_CRYPT" ./template
|
|
||||||
|
|
||||||
cp ./template $secretFile
|
|
||||||
|
|
||||||
popd 2>/dev/null
|
|
||||||
|
|
||||||
rm -rf "$TMP_DIR"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
social_restic_password = {
|
social_restic_password = {
|
||||||
fetchScript = ''
|
fetchScript = ''
|
||||||
simple_get "/private-public-keys/restic/Social" .password > $secretFile
|
simple_get "/private-public-keys/restic/Social" .password > $secretFile
|
||||||
|
|
Loading…
Reference in a new issue