chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

tidy

Browse source
This commit is contained in:
Chaos 2022-11-03 06:44:02 +00:00
parent e6a581fe57
commit 9c73ea3e87
No known key found for this signature in database
8 changed files with 143 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
home/base/ssh.nix
View file

@ -1,13 +1,17 @@
_: { _: {
programs.ssh.enable = true; programs.ssh.enable = true;
programs.ssh.matchBlocks = { programs.ssh.matchBlocks = {
"lappy" = {
user = "lappy.servers.genderfucked.monster";
hostname = "100.115.10.34";
};
"hetzner-vm" = { "hetzner-vm" = {
user = "root"; user = "root";
hostname = "hetzner-vm.servers.genderfucked.monster"; hostname = "hetzner-vm.servers.genderfucked.monster";
}; };
"storage" = {
user = "root";
hostname = "storage.servers.genderfucked.monster";
};
"vault" = {
user = "root";
hostname = "vault.servers.genderfucked.monster";
};
}; };
} }

22
hosts/hetzner-vm/services/misskey.nix
View file

@ -3,8 +3,6 @@ let
ports = (import ../ports.nix { }); ports = (import ../ports.nix { });
misskeyDomain = "social.owo.monster"; misskeyDomain = "social.owo.monster";
misskeyPort = ports.misskey;
redisPort = ports.misskey-redis;
misskeyPackages = with pkgs; [ misskeyPackages = with pkgs; [
nodejs nodejs
@ -23,7 +21,7 @@ let
misskeyConfig = { misskeyConfig = {
url = "https://${misskeyDomain}/"; url = "https://${misskeyDomain}/";
port = misskeyPort; port = ports.misskey;
id = "aid"; id = "aid";
db = { db = {
@ -36,7 +34,7 @@ let
redis = { redis = {
host = "127.0.0.1"; host = "127.0.0.1";
port = redisPort; port = ports.misskey-redis;
}; };
}; };
@ -60,8 +58,11 @@ in {
systemd.services.misskey-files = { systemd.services.misskey-files = {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
wantedBy = [ "misskey.service" ];
after = [ "home-manager-misskey.service" "network.target" ]; after = [ "home-manager-misskey.service" "network.target" ];
path = with pkgs; [ bash git ] ++ misskeyPackages; path = with pkgs; [ bash git ] ++ misskeyPackages;
reloadTriggers = [ misskeyPackage misskeyConfigFile ];
script = '' script = ''
rm -rf /home/misskey/misskey || true rm -rf /home/misskey/misskey || true
cp -rv ${misskeyPackage} /home/misskey/misskey cp -rv ${misskeyPackage} /home/misskey/misskey
@ -82,6 +83,7 @@ in {
systemd.services.misskey-password = { systemd.services.misskey-password = {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
wantedBy = [ "misskey.service" ];
wants = [ "postgresql.service" ]; wants = [ "postgresql.service" ];
script = '' script = ''
${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';" ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"
@ -90,13 +92,9 @@ in {
}; };
systemd.services.misskey = { systemd.services.misskey = {
after = [ "misskey-files.service" "misskey-password.service" ];
wants = [
"postgresql.service"
"redis-misskey.service"
"misskey-password.service"
];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "misskey-password.service" "misskey-files.service" ];
wants = [ "postgresql.service" "redis-misskey.service" ];
path = with pkgs; [ bash git ] ++ misskeyPackages; path = with pkgs; [ bash git ] ++ misskeyPackages;
environment.NODE_ENV = "production"; environment.NODE_ENV = "production";
serviceConfig = { serviceConfig = {
@ -118,7 +116,7 @@ in {
enableACME = true; enableACME = true;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:${toString misskeyPort}"; proxyPass = "http://127.0.0.1:${toString ports.misskey}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
@ -139,7 +137,7 @@ in {
services.redis.servers."misskey" = { services.redis.servers."misskey" = {
enable = true; enable = true;
port = redisPort; port = ports.misskey-redis;
}; };
} }

6
hosts/hetzner-vm/services/restic.nix
View file

@ -12,8 +12,8 @@ in {
environment.systemPackages = [ environment.systemPackages = [
(pkgs.writeShellScriptBin "restic-hetzner-vm" '' (pkgs.writeShellScriptBin "restic-hetzner-vm" ''
env \ env \
RESTIC_PASSWORD_FILE=/secrets/restic-Chaos-Backups-HetznerVM-password \ RESTIC_PASSWORD_FILE=${secrets-db.restic_password.path} \
$(cat /secrets/restic-Chaos-Backups-HetznerVM-env) \ $(cat ${secrets-db.restic_env.path}) \
${pkgs.restic}/bin/restic $@ ${pkgs.restic}/bin/restic $@
'') '')
]; ];
@ -21,8 +21,6 @@ in {
services.restic.backups.hetzner-vm = { services.restic.backups.hetzner-vm = {
user = "root"; user = "root";
paths = [ paths = [
"/secrets"
"/var/lib/acme" "/var/lib/acme"
# Quassel & Invidious # Quassel & Invidious
"/var/backup/postgresql" "/var/backup/postgresql"

48
hosts/storage/modules/rclone-serve.nix
View file

@ -5,26 +5,32 @@ let
makeNameSafe = name: builtins.replaceStrings [ "/" ] [ "-" ] name; makeNameSafe = name: builtins.replaceStrings [ "/" ] [ "-" ] name;
daemonService = serve_config: { daemonService = serve_config:
enable = true; lib.mkMerge [
after = [ "network.target" ]; {
wants = [ "network.target" ] wantedBy = [ "multi-user.target" ];
++ (if serve_config.wants != null then serve_config.wants else [ ]);
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Restart = "on-failure";
RestartSec = "5s";
User = after = [ "network.target" ];
if serve_config.user != null then "${serve_config.user}" else "root"; wants = [ "network.target" ];
ExecStart = serviceConfig = {
"${pkgs.rclone}/bin/rclone serve ${serve_config.type} ${serve_config.remote} ${ Type = "simple";
lib.concatStringsSep " " serve_config.extraArgs Restart = "on-failure";
}"; RestartSec = "5s";
};
}; User = if serve_config.user != null then
"${serve_config.user}"
else
"root";
ExecStart =
"${pkgs.rclone}/bin/rclone serve ${serve_config.type} ${serve_config.remote} ${
lib.concatStringsSep " " serve_config.extraArgs
}";
};
}
serve_config.serviceConfig
];
in { in {
options = { options = {
services.rclone-serve = { services.rclone-serve = {
@ -39,7 +45,7 @@ in {
remote = mkOption { type = types.str; }; remote = mkOption { type = types.str; };
type = mkOption { type = types.str; }; type = mkOption { type = types.str; };
user = mkOption { type = types.str; }; user = mkOption { type = types.str; };
wants = mkOption { type = types.listOf types.str; }; serviceConfig = mkOption { type = types.attrs; };
extraArgs = mkOption { type = types.listOf types.str; }; extraArgs = mkOption { type = types.listOf types.str; };
}; };
@ -52,8 +58,8 @@ in {
config = mkMerge [ config = mkMerge [
(mkIf (cfg.enable && cfg.remotes != [ ]) { (mkIf (cfg.enable && cfg.remotes != [ ]) {
systemd.services = listToAttrs (map (remote: { systemd.services = listToAttrs (map (remote: {
name = "rclone-serve-${makeNameSafe remote.remote}-${ name = "rclone-serve-${makeNameSafe remote.type}-${
makeNameSafe remote.type makeNameSafe remote.remote
}"; }";
value = daemonService remote; value = daemonService remote;
}) cfg.remotes); }) cfg.remotes);

53
hosts/storage/modules/rclone-sync.nix
View file

@ -5,16 +5,20 @@ let
makeNameSafe = name: builtins.replaceStrings [ "/" ":" ] [ "-" "-" ] name; makeNameSafe = name: builtins.replaceStrings [ "/" ":" ] [ "-" "-" ] name;
daemonService = sync_config: { daemonService = sync_config:
serviceConfig = { lib.mkMerge [
Type = "oneshot"; {
serviceConfig = {
Type = "oneshot";
User = if cfg.user != null then "${cfg.user}" else "root"; User = if cfg.user != null then "${cfg.user}" else "root";
ExecStart = ExecStart =
"${pkgs.rclone}/bin/rclone sync ${sync_config.source} ${sync_config.dest} -P"; "${pkgs.rclone}/bin/rclone sync ${sync_config.source} ${sync_config.dest} -P";
}; };
}; }
sync_config.serviceConfig
];
in { in {
options = { options = {
services.rclone-sync = { services.rclone-sync = {
@ -35,11 +39,7 @@ in {
dest = mkOption { type = types.str; }; dest = mkOption { type = types.str; };
timerConfig = mkOption { type = types.attrs; }; timerConfig = mkOption { type = types.attrs; };
serviceConfig = mkOption { type = types.attrs; };
wants = mkOption {
type = types.listOf types.str;
default = [ ];
};
}; };
}); });
default = [ ]; default = [ ];
@ -54,20 +54,19 @@ in {
"rclone-sync-${makeNameSafe job.source}-${makeNameSafe job.dest}"; "rclone-sync-${makeNameSafe job.source}-${makeNameSafe job.dest}";
value = daemonService job; value = daemonService job;
}) cfg.sync_jobs); }) cfg.sync_jobs);
systemd.timers = listToAttrs (map (job: {
name = systemd.timers = listToAttrs (map (job:
"rclone-sync-${makeNameSafe job.source}-${makeNameSafe job.dest}"; let
value = { name =
wantedBy = [ "timers.target" ]; "rclone-sync-${makeNameSafe job.source}-${makeNameSafe job.dest}";
wants = job.wants; in {
partOf = [ inherit name;
"rclone-sync-${makeNameSafe job.source}-${ value = {
makeNameSafe job.dest wantedBy = [ "timers.target" ];
}.service" partOf = [ "${name}.service" ];
]; timerConfig = job.timerConfig;
timerConfig = job.timerConfig; };
}; }) cfg.sync_jobs);
}) cfg.sync_jobs);
}) })
]; ];
} }

5
hosts/storage/populate-rclone-config.sh
View file

@ -39,6 +39,11 @@ B2_CHAOS_PHOTOS_KEY=$(simple_get /api-keys/backblaze/Chaos-Photos .applicationKe
sed -i "s/B2_CHAOS_PHOTOS_ACCOUNT/${B2_CHAOS_PHOTOS_ACCOUNT}/" ./template sed -i "s/B2_CHAOS_PHOTOS_ACCOUNT/${B2_CHAOS_PHOTOS_ACCOUNT}/" ./template
sed -i "s/B2_CHAOS_PHOTOS_KEY/${B2_CHAOS_PHOTOS_KEY}/" ./template sed -i "s/B2_CHAOS_PHOTOS_KEY/${B2_CHAOS_PHOTOS_KEY}/" ./template
B2_CHAOS_MUSIC_ACCOUNT=$(simple_get /api-keys/backblaze/Chaos-Music .keyID)
B2_CHAOS_MUSIC_KEY=$(simple_get /api-keys/backblaze/Chaos-Music .applicationKey | sed "s#/#\\\/#")
sed -i "s/B2_CHAOS_MUSIC_ACCOUNT/${B2_CHAOS_MUSIC_ACCOUNT}/" ./template
sed -i "s/B2_CHAOS_MUSIC_KEY/${B2_CHAOS_MUSIC_KEY}/" ./template
B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT=$(simple_get /api-keys/backblaze/Cryptidz-Backup .keyID) B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT=$(simple_get /api-keys/backblaze/Cryptidz-Backup .keyID)
B2_CASSIE_CRYPTIDZ_BACKUP_KEY=$(simple_get /api-keys/backblaze/Cryptidz-Backup .applicationKey | sed "s#/#\\\/#") B2_CASSIE_CRYPTIDZ_BACKUP_KEY=$(simple_get /api-keys/backblaze/Cryptidz-Backup .applicationKey | sed "s#/#\\\/#")
sed -i "s/B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT/${B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT}/" ./template sed -i "s/B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT/${B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT}/" ./template

10
hosts/storage/rclone_config.template
View file

@ -41,6 +41,16 @@ hard_delete = true
type = alias type = alias
remote = B2-Chaos-Photos-Source:Chaos-Photos remote = B2-Chaos-Photos-Source:Chaos-Photos
[B2-Chaos-Music-Source]
type = b2
account = B2_CHAOS_MUSIC_ACCOUNT
key = B2_CHAOS_MUSIC_KEY
hard_delete = true
[B2-Chaos-Music]
type = alias
remote = B2-Chaos-Music-Source:Chaos-Music
[B2-Cassie-Cryptidz-Backup-Source] [B2-Cassie-Cryptidz-Backup-Source]
type = b2 type = b2
account = B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT account = B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT

101
hosts/storage/storage.nix
View file

@ -53,8 +53,8 @@ in {
systemd.services.storage-mount = { systemd.services.storage-mount = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" "populate-rclone-config.service" ];
wants = [ "populate-rclone-config.service" ]; partOf = [ "populate-rclone-config.service" ];
path = with pkgs; [ bash rclone mount umount ]; path = with pkgs; [ bash rclone mount umount ];
script = '' script = ''
@ -65,74 +65,79 @@ in {
''; '';
}; };
services.rclone-serve = { services.rclone-serve = let
serviceConfig = {
after = [ "populate-rclone-config.service" ];
partOf = [ "populate-rclone-config.service" ];
};
in {
enable = true; enable = true;
remotes = [ remotes = [
{ {
user = "storage"; user = "storage";
remote = "StorageBox:"; remote = "StorageBox:";
type = "webdav"; type = "webdav";
wants = [ "populate-rclone-config.service" ];
extraArgs = [ extraArgs = [
"--addr=:${toString ports.rclone_serve_webdav_main}" "--addr=:${toString ports.rclone_serve_webdav_main}"
"--htpasswd=${secrets-db.webdav_main_htpasswd.path}" "--htpasswd=${secrets-db.webdav_main_htpasswd.path}"
"--baseurl=/main/" "--baseurl=/main/"
]; ];
inherit serviceConfig;
} }
{ {
user = "storage"; user = "storage";
remote = "StorageBox:Music"; remote = "StorageBox:Music";
type = "webdav"; type = "webdav";
wants = [ "populate-rclone-config.service" ];
extraArgs = [ extraArgs = [
"--addr=:${toString ports.rclone_serve_webdav_music_ro}" "--addr=:${toString ports.rclone_serve_webdav_music_ro}"
"--read-only" "--read-only"
"--baseurl=/music_ro/" "--baseurl=/music_ro/"
]; ];
} inherit serviceConfig;
{
user = "storage";
remote = "StorageBox:Chaos-Backups/Restic/HetznerVM";
type = "restic";
wants = [ "populate-rclone-config.service" ];
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_hvm}"
"--htpasswd=${secrets-db.restic_hetznervm_htpasswd.path}"
"--baseurl=/HetznerVM/"
];
}
{
user = "storage";
remote = "StorageBox:Chaos-Backups/Restic/Music";
type = "restic";
wants = [ "populate-rclone-config.service" ];
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_music}"
"--htpasswd=${secrets-db.restic_music_htpasswd.path}"
"--baseurl=/Music/"
];
}
{
user = "storage";
remote = "StorageBox:Chaos-Backups/Restic/Vault";
type = "restic";
wants = [ "populate-rclone-config.service" ];
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_vault}"
"--htpasswd=${secrets-db.restic_vault_htpasswd.path}"
"--baseurl=/Vault/"
];
} }
{ {
user = "storage"; user = "storage";
remote = "StorageBox:Music"; remote = "StorageBox:Music";
type = "http"; type = "http";
wants = [ "populate-rclone-config.service" ];
extraArgs = [ extraArgs = [
"--addr=:${toString ports.rclone_serve_http_music}" "--addr=:${toString ports.rclone_serve_http_music}"
"--baseurl=/music/" "--baseurl=/music/"
"--read-only" "--read-only"
]; ];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Backups/Restic/HetznerVM";
type = "restic";
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_hvm}"
"--htpasswd=${secrets-db.restic_hetznervm_htpasswd.path}"
"--baseurl=/HetznerVM/"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Backups/Restic/Music";
type = "restic";
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_music}"
"--htpasswd=${secrets-db.restic_music_htpasswd.path}"
"--baseurl=/Music/"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Backups/Restic/Vault";
type = "restic";
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_vault}"
"--htpasswd=${secrets-db.restic_vault_htpasswd.path}"
"--baseurl=/Vault/"
];
inherit serviceConfig;
} }
]; ];
}; };
@ -174,7 +179,7 @@ in {
services.rclone-sync = let services.rclone-sync = let
sync_defaults = { sync_defaults = {
wants = [ "populate-rclone-config.service" ]; serviceConfig = { after = [ "populate-rclone-config.service" ]; };
timerConfig = { timerConfig = {
OnStartupSec = "60"; OnStartupSec = "60";
OnCalendar = "4h"; OnCalendar = "4h";
@ -186,21 +191,25 @@ in {
sync_jobs = map (x: lib.mkMerge [ x sync_defaults ]) [ sync_jobs = map (x: lib.mkMerge [ x sync_defaults ]) [
# My B2 # My B2
{ {
source = "StorageBox:Chaos-Backups"; source = "StorageBox:Backups";
dest = "B2-Chaos-Backups:"; dest = "B2-Chaos-Backups:";
} }
{ {
source = "StorageBox:Chaos-Photos"; source = "StorageBox:Photos";
dest = "B2-Chaos-Photos:"; dest = "B2-Chaos-Photos:";
} }
{
source = "StorageBox:Music";
dest = "B2-Chaos-Music:";
}
# Cassie's B2 # Cassie's B2
{ {
source = "StorageBox:Chaos-Backups"; source = "StorageBox:Backups";
dest = "B2-Cassie-Cryptidz-Backup:Chaos-Backups"; dest = "B2-Cassie-Cryptidz-Backup:Backups";
} }
{ {
source = "StorageBox:Chaos-Photos"; source = "StorageBox:Photos";
dest = "B2-Cassie-Cryptidz-Backup:Chaos-Photos"; dest = "B2-Cassie-Cryptidz-Backup:Photos";
} }
{ {
source = "StorageBox:Music"; source = "StorageBox:Music";