From 9c73ea3e878bcd12b21014ad5d48ee15466e0845 Mon Sep 17 00:00:00 2001 From: Chaos Date: Thu, 3 Nov 2022 06:44:02 +0000 Subject: [PATCH] tidy --- home/base/ssh.nix | 12 ++- hosts/hetzner-vm/services/misskey.nix | 22 +++--- hosts/hetzner-vm/services/restic.nix | 6 +- hosts/storage/modules/rclone-serve.nix | 48 ++++++----- hosts/storage/modules/rclone-sync.nix | 53 ++++++------- hosts/storage/populate-rclone-config.sh | 5 ++ hosts/storage/rclone_config.template | 10 +++ hosts/storage/storage.nix | 101 +++++++++++++----------- 8 files changed, 143 insertions(+), 114 deletions(-) diff --git a/home/base/ssh.nix b/home/base/ssh.nix index 69ac869..53e5f4e 100644 --- a/home/base/ssh.nix +++ b/home/base/ssh.nix @@ -1,13 +1,17 @@ _: { programs.ssh.enable = true; programs.ssh.matchBlocks = { - "lappy" = { - user = "lappy.servers.genderfucked.monster"; - hostname = "100.115.10.34"; - }; "hetzner-vm" = { user = "root"; hostname = "hetzner-vm.servers.genderfucked.monster"; }; + "storage" = { + user = "root"; + hostname = "storage.servers.genderfucked.monster"; + }; + "vault" = { + user = "root"; + hostname = "vault.servers.genderfucked.monster"; + }; }; } diff --git a/hosts/hetzner-vm/services/misskey.nix b/hosts/hetzner-vm/services/misskey.nix index 66e9afc..287ebc1 100644 --- a/hosts/hetzner-vm/services/misskey.nix +++ b/hosts/hetzner-vm/services/misskey.nix @@ -3,8 +3,6 @@ let ports = (import ../ports.nix { }); misskeyDomain = "social.owo.monster"; - misskeyPort = ports.misskey; - redisPort = ports.misskey-redis; misskeyPackages = with pkgs; [ nodejs @@ -23,7 +21,7 @@ let misskeyConfig = { url = "https://${misskeyDomain}/"; - port = misskeyPort; + port = ports.misskey; id = "aid"; db = { @@ -36,7 +34,7 @@ let redis = { host = "127.0.0.1"; - port = redisPort; + port = ports.misskey-redis; }; }; @@ -60,8 +58,11 @@ in { systemd.services.misskey-files = { serviceConfig.Type = "oneshot"; + wantedBy = [ "misskey.service" ]; after = [ "home-manager-misskey.service" "network.target" ]; path = with pkgs; [ bash git ] ++ misskeyPackages; + reloadTriggers = [ misskeyPackage misskeyConfigFile ]; + script = '' rm -rf /home/misskey/misskey || true cp -rv ${misskeyPackage} /home/misskey/misskey @@ -82,6 +83,7 @@ in { systemd.services.misskey-password = { serviceConfig.Type = "oneshot"; + wantedBy = [ "misskey.service" ]; wants = [ "postgresql.service" ]; script = '' ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';" @@ -90,13 +92,9 @@ in { }; systemd.services.misskey = { - after = [ "misskey-files.service" "misskey-password.service" ]; - wants = [ - "postgresql.service" - "redis-misskey.service" - "misskey-password.service" - ]; wantedBy = [ "multi-user.target" ]; + after = [ "misskey-password.service" "misskey-files.service" ]; + wants = [ "postgresql.service" "redis-misskey.service" ]; path = with pkgs; [ bash git ] ++ misskeyPackages; environment.NODE_ENV = "production"; serviceConfig = { @@ -118,7 +116,7 @@ in { enableACME = true; locations = { "/" = { - proxyPass = "http://127.0.0.1:${toString misskeyPort}"; + proxyPass = "http://127.0.0.1:${toString ports.misskey}"; proxyWebsockets = true; }; }; @@ -139,7 +137,7 @@ in { services.redis.servers."misskey" = { enable = true; - port = redisPort; + port = ports.misskey-redis; }; } diff --git a/hosts/hetzner-vm/services/restic.nix b/hosts/hetzner-vm/services/restic.nix index fd361b5..a2f9047 100644 --- a/hosts/hetzner-vm/services/restic.nix +++ b/hosts/hetzner-vm/services/restic.nix @@ -12,8 +12,8 @@ in { environment.systemPackages = [ (pkgs.writeShellScriptBin "restic-hetzner-vm" '' env \ - RESTIC_PASSWORD_FILE=/secrets/restic-Chaos-Backups-HetznerVM-password \ - $(cat /secrets/restic-Chaos-Backups-HetznerVM-env) \ + RESTIC_PASSWORD_FILE=${secrets-db.restic_password.path} \ + $(cat ${secrets-db.restic_env.path}) \ ${pkgs.restic}/bin/restic $@ '') ]; @@ -21,8 +21,6 @@ in { services.restic.backups.hetzner-vm = { user = "root"; paths = [ - "/secrets" - "/var/lib/acme" # Quassel & Invidious "/var/backup/postgresql" diff --git a/hosts/storage/modules/rclone-serve.nix b/hosts/storage/modules/rclone-serve.nix index a1fdf33..a46f0bc 100644 --- a/hosts/storage/modules/rclone-serve.nix +++ b/hosts/storage/modules/rclone-serve.nix @@ -5,26 +5,32 @@ let makeNameSafe = name: builtins.replaceStrings [ "/" ] [ "-" ] name; - daemonService = serve_config: { - enable = true; - after = [ "network.target" ]; - wants = [ "network.target" ] - ++ (if serve_config.wants != null then serve_config.wants else [ ]); - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "simple"; - Restart = "on-failure"; - RestartSec = "5s"; + daemonService = serve_config: + lib.mkMerge [ + { + wantedBy = [ "multi-user.target" ]; - User = - if serve_config.user != null then "${serve_config.user}" else "root"; + after = [ "network.target" ]; + wants = [ "network.target" ]; - ExecStart = - "${pkgs.rclone}/bin/rclone serve ${serve_config.type} ${serve_config.remote} ${ - lib.concatStringsSep " " serve_config.extraArgs - }"; - }; - }; + serviceConfig = { + Type = "simple"; + Restart = "on-failure"; + RestartSec = "5s"; + + User = if serve_config.user != null then + "${serve_config.user}" + else + "root"; + + ExecStart = + "${pkgs.rclone}/bin/rclone serve ${serve_config.type} ${serve_config.remote} ${ + lib.concatStringsSep " " serve_config.extraArgs + }"; + }; + } + serve_config.serviceConfig + ]; in { options = { services.rclone-serve = { @@ -39,7 +45,7 @@ in { remote = mkOption { type = types.str; }; type = mkOption { type = types.str; }; user = mkOption { type = types.str; }; - wants = mkOption { type = types.listOf types.str; }; + serviceConfig = mkOption { type = types.attrs; }; extraArgs = mkOption { type = types.listOf types.str; }; }; @@ -52,8 +58,8 @@ in { config = mkMerge [ (mkIf (cfg.enable && cfg.remotes != [ ]) { systemd.services = listToAttrs (map (remote: { - name = "rclone-serve-${makeNameSafe remote.remote}-${ - makeNameSafe remote.type + name = "rclone-serve-${makeNameSafe remote.type}-${ + makeNameSafe remote.remote }"; value = daemonService remote; }) cfg.remotes); diff --git a/hosts/storage/modules/rclone-sync.nix b/hosts/storage/modules/rclone-sync.nix index a1db712..e8f73ea 100644 --- a/hosts/storage/modules/rclone-sync.nix +++ b/hosts/storage/modules/rclone-sync.nix @@ -5,16 +5,20 @@ let makeNameSafe = name: builtins.replaceStrings [ "/" ":" ] [ "-" "-" ] name; - daemonService = sync_config: { - serviceConfig = { - Type = "oneshot"; + daemonService = sync_config: + lib.mkMerge [ + { + serviceConfig = { + Type = "oneshot"; - User = if cfg.user != null then "${cfg.user}" else "root"; + User = if cfg.user != null then "${cfg.user}" else "root"; - ExecStart = - "${pkgs.rclone}/bin/rclone sync ${sync_config.source} ${sync_config.dest} -P"; - }; - }; + ExecStart = + "${pkgs.rclone}/bin/rclone sync ${sync_config.source} ${sync_config.dest} -P"; + }; + } + sync_config.serviceConfig + ]; in { options = { services.rclone-sync = { @@ -35,11 +39,7 @@ in { dest = mkOption { type = types.str; }; timerConfig = mkOption { type = types.attrs; }; - - wants = mkOption { - type = types.listOf types.str; - default = [ ]; - }; + serviceConfig = mkOption { type = types.attrs; }; }; }); default = [ ]; @@ -54,20 +54,19 @@ in { "rclone-sync-${makeNameSafe job.source}-${makeNameSafe job.dest}"; value = daemonService job; }) cfg.sync_jobs); - systemd.timers = listToAttrs (map (job: { - name = - "rclone-sync-${makeNameSafe job.source}-${makeNameSafe job.dest}"; - value = { - wantedBy = [ "timers.target" ]; - wants = job.wants; - partOf = [ - "rclone-sync-${makeNameSafe job.source}-${ - makeNameSafe job.dest - }.service" - ]; - timerConfig = job.timerConfig; - }; - }) cfg.sync_jobs); + + systemd.timers = listToAttrs (map (job: + let + name = + "rclone-sync-${makeNameSafe job.source}-${makeNameSafe job.dest}"; + in { + inherit name; + value = { + wantedBy = [ "timers.target" ]; + partOf = [ "${name}.service" ]; + timerConfig = job.timerConfig; + }; + }) cfg.sync_jobs); }) ]; } diff --git a/hosts/storage/populate-rclone-config.sh b/hosts/storage/populate-rclone-config.sh index 73b0a11..e94dd25 100755 --- a/hosts/storage/populate-rclone-config.sh +++ b/hosts/storage/populate-rclone-config.sh @@ -39,6 +39,11 @@ B2_CHAOS_PHOTOS_KEY=$(simple_get /api-keys/backblaze/Chaos-Photos .applicationKe sed -i "s/B2_CHAOS_PHOTOS_ACCOUNT/${B2_CHAOS_PHOTOS_ACCOUNT}/" ./template sed -i "s/B2_CHAOS_PHOTOS_KEY/${B2_CHAOS_PHOTOS_KEY}/" ./template +B2_CHAOS_MUSIC_ACCOUNT=$(simple_get /api-keys/backblaze/Chaos-Music .keyID) +B2_CHAOS_MUSIC_KEY=$(simple_get /api-keys/backblaze/Chaos-Music .applicationKey | sed "s#/#\\\/#") +sed -i "s/B2_CHAOS_MUSIC_ACCOUNT/${B2_CHAOS_MUSIC_ACCOUNT}/" ./template +sed -i "s/B2_CHAOS_MUSIC_KEY/${B2_CHAOS_MUSIC_KEY}/" ./template + B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT=$(simple_get /api-keys/backblaze/Cryptidz-Backup .keyID) B2_CASSIE_CRYPTIDZ_BACKUP_KEY=$(simple_get /api-keys/backblaze/Cryptidz-Backup .applicationKey | sed "s#/#\\\/#") sed -i "s/B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT/${B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT}/" ./template diff --git a/hosts/storage/rclone_config.template b/hosts/storage/rclone_config.template index 25eed91..bd5c83d 100644 --- a/hosts/storage/rclone_config.template +++ b/hosts/storage/rclone_config.template @@ -41,6 +41,16 @@ hard_delete = true type = alias remote = B2-Chaos-Photos-Source:Chaos-Photos +[B2-Chaos-Music-Source] +type = b2 +account = B2_CHAOS_MUSIC_ACCOUNT +key = B2_CHAOS_MUSIC_KEY +hard_delete = true + +[B2-Chaos-Music] +type = alias +remote = B2-Chaos-Music-Source:Chaos-Music + [B2-Cassie-Cryptidz-Backup-Source] type = b2 account = B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT diff --git a/hosts/storage/storage.nix b/hosts/storage/storage.nix index 50198a6..7a2ffa4 100644 --- a/hosts/storage/storage.nix +++ b/hosts/storage/storage.nix @@ -53,8 +53,8 @@ in { systemd.services.storage-mount = { wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - wants = [ "populate-rclone-config.service" ]; + after = [ "network.target" "populate-rclone-config.service" ]; + partOf = [ "populate-rclone-config.service" ]; path = with pkgs; [ bash rclone mount umount ]; script = '' @@ -65,74 +65,79 @@ in { ''; }; - services.rclone-serve = { + services.rclone-serve = let + serviceConfig = { + after = [ "populate-rclone-config.service" ]; + partOf = [ "populate-rclone-config.service" ]; + }; + in { enable = true; remotes = [ { user = "storage"; remote = "StorageBox:"; type = "webdav"; - wants = [ "populate-rclone-config.service" ]; extraArgs = [ "--addr=:${toString ports.rclone_serve_webdav_main}" "--htpasswd=${secrets-db.webdav_main_htpasswd.path}" "--baseurl=/main/" ]; + inherit serviceConfig; } { user = "storage"; remote = "StorageBox:Music"; type = "webdav"; - wants = [ "populate-rclone-config.service" ]; extraArgs = [ "--addr=:${toString ports.rclone_serve_webdav_music_ro}" "--read-only" "--baseurl=/music_ro/" ]; - } - { - user = "storage"; - remote = "StorageBox:Chaos-Backups/Restic/HetznerVM"; - type = "restic"; - wants = [ "populate-rclone-config.service" ]; - extraArgs = [ - "--addr=:${toString ports.rclone_serve_restic_hvm}" - "--htpasswd=${secrets-db.restic_hetznervm_htpasswd.path}" - "--baseurl=/HetznerVM/" - ]; - } - { - user = "storage"; - remote = "StorageBox:Chaos-Backups/Restic/Music"; - type = "restic"; - wants = [ "populate-rclone-config.service" ]; - extraArgs = [ - "--addr=:${toString ports.rclone_serve_restic_music}" - "--htpasswd=${secrets-db.restic_music_htpasswd.path}" - "--baseurl=/Music/" - ]; - } - { - user = "storage"; - remote = "StorageBox:Chaos-Backups/Restic/Vault"; - type = "restic"; - wants = [ "populate-rclone-config.service" ]; - extraArgs = [ - "--addr=:${toString ports.rclone_serve_restic_vault}" - "--htpasswd=${secrets-db.restic_vault_htpasswd.path}" - "--baseurl=/Vault/" - ]; + inherit serviceConfig; } { user = "storage"; remote = "StorageBox:Music"; type = "http"; - wants = [ "populate-rclone-config.service" ]; extraArgs = [ "--addr=:${toString ports.rclone_serve_http_music}" "--baseurl=/music/" "--read-only" ]; + inherit serviceConfig; + } + { + user = "storage"; + remote = "StorageBox:Backups/Restic/HetznerVM"; + type = "restic"; + extraArgs = [ + "--addr=:${toString ports.rclone_serve_restic_hvm}" + "--htpasswd=${secrets-db.restic_hetznervm_htpasswd.path}" + "--baseurl=/HetznerVM/" + ]; + inherit serviceConfig; + } + { + user = "storage"; + remote = "StorageBox:Backups/Restic/Music"; + type = "restic"; + extraArgs = [ + "--addr=:${toString ports.rclone_serve_restic_music}" + "--htpasswd=${secrets-db.restic_music_htpasswd.path}" + "--baseurl=/Music/" + ]; + inherit serviceConfig; + } + { + user = "storage"; + remote = "StorageBox:Backups/Restic/Vault"; + type = "restic"; + extraArgs = [ + "--addr=:${toString ports.rclone_serve_restic_vault}" + "--htpasswd=${secrets-db.restic_vault_htpasswd.path}" + "--baseurl=/Vault/" + ]; + inherit serviceConfig; } ]; }; @@ -174,7 +179,7 @@ in { services.rclone-sync = let sync_defaults = { - wants = [ "populate-rclone-config.service" ]; + serviceConfig = { after = [ "populate-rclone-config.service" ]; }; timerConfig = { OnStartupSec = "60"; OnCalendar = "4h"; @@ -186,21 +191,25 @@ in { sync_jobs = map (x: lib.mkMerge [ x sync_defaults ]) [ # My B2 { - source = "StorageBox:Chaos-Backups"; + source = "StorageBox:Backups"; dest = "B2-Chaos-Backups:"; } { - source = "StorageBox:Chaos-Photos"; + source = "StorageBox:Photos"; dest = "B2-Chaos-Photos:"; } + { + source = "StorageBox:Music"; + dest = "B2-Chaos-Music:"; + } # Cassie's B2 { - source = "StorageBox:Chaos-Backups"; - dest = "B2-Cassie-Cryptidz-Backup:Chaos-Backups"; + source = "StorageBox:Backups"; + dest = "B2-Cassie-Cryptidz-Backup:Backups"; } { - source = "StorageBox:Chaos-Photos"; - dest = "B2-Cassie-Cryptidz-Backup:Chaos-Photos"; + source = "StorageBox:Photos"; + dest = "B2-Cassie-Cryptidz-Backup:Photos"; } { source = "StorageBox:Music";