From bde2d41b9fd18706160701bf2f857fd399d7d929 Mon Sep 17 00:00:00 2001 From: chaos Date: Sat, 9 Mar 2024 22:18:26 +0000 Subject: [PATCH] fixed backup schedules --- data/backupSchedules.nix | 28 ++++ home/apps/kitty.nix | 2 +- .../containers/caldav/profiles/restic.nix | 12 +- .../containers/forgejo/profiles/restic.nix | 12 +- .../containers/grocy/profiles/restic.nix | 12 +- .../containers/jellyfin/profiles/restic.nix | 12 +- .../containers/mail/profiles/restic.nix | 12 +- .../hetzner-arm/containers/music/default.nix | 4 +- .../containers/music/profiles/musicSync.nix | 10 +- .../containers/owncast/profiles/restic.nix | 12 +- .../containers/owncast/secrets.nix | 2 +- .../postgresql/profiles/postgres.nix | 11 +- .../containers/postgresql/profiles/restic.nix | 12 +- .../containers/quassel/profiles/restic.nix | 14 +- .../containers/social/profiles/restic.nix | 13 +- .../storage/profiles/rcloneSync.nix | 9 +- .../containers/stream/music/data/ports.nix | 9 -- .../containers/stream/music/default.nix | 123 ------------------ .../containers/stream/music/profiles/mpd.nix | 69 ---------- .../stream/music/profiles/musicSync.nix | 49 ------- .../stream/music/profiles/soulseek.nix | 43 ------ .../containers/stream/music/secrets.nix | 57 -------- hosts/vault/profiles/restic.nix | 8 +- modules/nixos/rcloneSync.nix | 4 +- outputs.nix | 1 - overlay/default.nix | 47 +------ profiles/remoteBuilders.nix | 4 +- 27 files changed, 95 insertions(+), 496 deletions(-) create mode 100644 data/backupSchedules.nix delete mode 100644 hosts/hetzner-arm/containers/stream/music/data/ports.nix delete mode 100644 hosts/hetzner-arm/containers/stream/music/default.nix delete mode 100644 hosts/hetzner-arm/containers/stream/music/profiles/mpd.nix delete mode 100644 hosts/hetzner-arm/containers/stream/music/profiles/musicSync.nix delete mode 100644 hosts/hetzner-arm/containers/stream/music/profiles/soulseek.nix delete mode 100644 hosts/hetzner-arm/containers/stream/music/secrets.nix diff --git a/data/backupSchedules.nix b/data/backupSchedules.nix new file mode 100644 index 0000000..2bdcfff --- /dev/null +++ b/data/backupSchedules.nix @@ -0,0 +1,28 @@ +rec { + restic = let + OnStartupSec = "5m"; + in { + low = { + inherit OnStartupSec; + OnUnitActiveSec = "12h"; + }; + medium = { + inherit OnStartupSec; + OnUnitActiveSec = "8h"; + }; + high = { + inherit OnStartupSec; + OnUnitActiveSec = "2h"; + }; + }; + + music = { + OnStartupSec = "2m"; + OnUnitActiveSec = "2h"; + }; + + remoteBackups = { + OnStartupSec = "30m"; # Should give enough time for all to sync current data + OnUnitActiveSec = "1h20m"; # Should give enough time to make small incremental syncs + }; +} diff --git a/home/apps/kitty.nix b/home/apps/kitty.nix index 22c6bee..44cb23e 100644 --- a/home/apps/kitty.nix +++ b/home/apps/kitty.nix @@ -1,4 +1,4 @@ -{nixosConfig, ...}: { +{...}: { wayland.windowManager.sway.extraSessionCommands = '' export KITTY_CACHE_DIRECTORY="/tmp/kitty"; ''; diff --git a/hosts/hetzner-arm/containers/caldav/profiles/restic.nix b/hosts/hetzner-arm/containers/caldav/profiles/restic.nix index a39eb45..3a07647 100644 --- a/hosts/hetzner-arm/containers/caldav/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/caldav/profiles/restic.nix @@ -1,8 +1,10 @@ { + self, pkgs, config, ... }: let + backupSchedules = import "${self}/data/backupSchedules.nix"; secrets = config.services.secrets.secrets; in { environment.systemPackages = with pkgs; [ @@ -27,13 +29,7 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; - pruneOpts = [ - "--keep-last 50" - ]; - - timerConfig = { - OnBootSec = "1m"; - OnCalendar = "4h"; - }; + pruneOpts = ["--keep-last 50"]; + timerConfig = backupSchedules.restic.high; }; } diff --git a/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix b/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix index 1cba92c..70e7604 100644 --- a/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix @@ -1,8 +1,10 @@ { + self, pkgs, config, ... }: let + backupSchedules = import "${self}/data/backupSchedules.nix"; secrets = config.services.secrets.secrets; in { environment.systemPackages = with pkgs; [ @@ -27,13 +29,7 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; - pruneOpts = [ - "--keep-last 50" - ]; - - timerConfig = { - OnBootSec = "1m"; - OnCalendar = "4h"; - }; + pruneOpts = ["--keep-last 50"]; + timerConfig = backupSchedules.restic.high; }; } diff --git a/hosts/hetzner-arm/containers/grocy/profiles/restic.nix b/hosts/hetzner-arm/containers/grocy/profiles/restic.nix index 34e4436..2609d9e 100644 --- a/hosts/hetzner-arm/containers/grocy/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/grocy/profiles/restic.nix @@ -1,9 +1,11 @@ { + self, pkgs, config, ... }: let secrets = config.services.secrets.secrets; + backupSchedules = import "${self}/data/backupSchedules.nix"; in { environment.systemPackages = with pkgs; [ restic @@ -27,13 +29,7 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; - pruneOpts = [ - "--keep-last 5" - ]; - - timerConfig = { - OnBootSec = "10m"; - OnCalendar = "8h"; - }; + pruneOpts = ["--keep-last 30"]; + timerConfig = backupSchedules.restic.high; }; } diff --git a/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix b/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix index 8cc7a64..3a34329 100644 --- a/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix @@ -1,9 +1,11 @@ { + self, pkgs, config, ... }: let secrets = config.services.secrets.secrets; + backupSchedules = import "${self}/data/backupSchedules.nix"; in { environment.systemPackages = with pkgs; [ restic @@ -27,13 +29,7 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; - pruneOpts = [ - "--keep-last 5" - ]; - - timerConfig = { - OnBootSec = "10m"; - OnCalendar = "8h"; - }; + pruneOpts = ["--keep-last 10"]; + timerConfig = backupSchedules.restic.low; }; } diff --git a/hosts/hetzner-arm/containers/mail/profiles/restic.nix b/hosts/hetzner-arm/containers/mail/profiles/restic.nix index dd18a0d..c5e2a81 100644 --- a/hosts/hetzner-arm/containers/mail/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/mail/profiles/restic.nix @@ -1,8 +1,10 @@ { + self, pkgs, config, ... }: let + backupSchedules = import "${self}/data/backupSchedules.nix"; secrets = config.services.secrets.secrets; mailConfig = config.services.mailserver; @@ -31,13 +33,7 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; - pruneOpts = [ - "--keep-last 100" - ]; - - timerConfig = { - OnBootSec = "1m"; - OnCalendar = "8h"; - }; + pruneOpts = ["--keep-last 60"]; + timerConfig = backupSchedules.restic.medium; }; } diff --git a/hosts/hetzner-arm/containers/music/default.nix b/hosts/hetzner-arm/containers/music/default.nix index 12860ed..d95afb3 100644 --- a/hosts/hetzner-arm/containers/music/default.nix +++ b/hosts/hetzner-arm/containers/music/default.nix @@ -25,7 +25,7 @@ pathInContainer = path: "/var/lib/nixos-containers/${containerName}" + path; in { nixpkgs.overlays = [ - (final: prev: { + (final: _prev: { mpd = final.mpd-headless; }) ]; @@ -58,7 +58,7 @@ in { ++ (with hosts.hetzner-arm.containers.music.profiles; [ mpd musicSync - #soulseek + #soulseek # takes up too much ram :( ]); networking.firewall.allowedTCPPorts = with ports; [ diff --git a/hosts/hetzner-arm/containers/music/profiles/musicSync.nix b/hosts/hetzner-arm/containers/music/profiles/musicSync.nix index 6c3e8e8..035c50e 100644 --- a/hosts/hetzner-arm/containers/music/profiles/musicSync.nix +++ b/hosts/hetzner-arm/containers/music/profiles/musicSync.nix @@ -1,7 +1,13 @@ -{pkgs, ...}: let +{ + self, + pkgs, + ... +}: let inherit (pkgs) writeShellScriptBin; inherit (builtins) toFile; + backupSchedules = import "${self}/data/backupSchedules.nix"; + rcloneConfig = toFile "rclone.conf" '' [Music] type = webdav @@ -37,7 +43,7 @@ in { systemd.timers.music-sync = { wantedBy = ["timers.target"]; partOf = ["music-sync.service"]; - timerConfig.OnCalendar = "hourly"; + timerConfig = backupSchedules.music; }; systemd.services.mpd = { diff --git a/hosts/hetzner-arm/containers/owncast/profiles/restic.nix b/hosts/hetzner-arm/containers/owncast/profiles/restic.nix index f3d2458..7187f68 100644 --- a/hosts/hetzner-arm/containers/owncast/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/owncast/profiles/restic.nix @@ -1,8 +1,10 @@ { + self, pkgs, config, ... }: let + backupSchedules = import "${self}/data/backupSchedules.nix"; secrets = config.services.secrets.secrets; in { environment.systemPackages = with pkgs; [ @@ -27,13 +29,7 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; - pruneOpts = [ - "--keep-last 5" - ]; - - timerConfig = { - OnBootSec = "10m"; - OnCalendar = "8h"; - }; + pruneOpts = ["--keep-last 5"]; + timerConfig = backupSchedules.restic.low; }; } diff --git a/hosts/hetzner-arm/containers/owncast/secrets.nix b/hosts/hetzner-arm/containers/owncast/secrets.nix index dc436f1..83b2073 100644 --- a/hosts/hetzner-arm/containers/owncast/secrets.nix +++ b/hosts/hetzner-arm/containers/owncast/secrets.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{...}: { services.secrets = { enable = true; diff --git a/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix b/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix index c55239a..d46032b 100644 --- a/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix +++ b/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix @@ -1,11 +1,6 @@ -{ - self, - hostPath, - ... -}: let - wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix"; - wireguardHosts = wireguardData.hosts; - +{hostPath, ...}: let + #wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix"; + #wireguardHosts = wireguardData.hosts; localContainersAddresses = import "${hostPath}/data/containerAddresses.nix"; in { services.postgresql = { diff --git a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix index ce6ce66..a43ae95 100644 --- a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix @@ -1,9 +1,11 @@ { + self, pkgs, config, ... }: let secrets = config.services.secrets.secrets; + backupSchedules = import "${self}/data/backupSchedules.nix"; backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' @@ -34,14 +36,8 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; - pruneOpts = [ - "--keep-last 5" - ]; - - timerConfig = { - OnBootSec = "1m"; - OnCalendar = "daily"; - }; + pruneOpts = ["--keep-last 10"]; + timerConfig = backupSchedules.restic.high; inherit backupPrepareCommand; }; diff --git a/hosts/hetzner-arm/containers/quassel/profiles/restic.nix b/hosts/hetzner-arm/containers/quassel/profiles/restic.nix index 82271a1..7a18ea7 100644 --- a/hosts/hetzner-arm/containers/quassel/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/quassel/profiles/restic.nix @@ -1,8 +1,10 @@ { + self, pkgs, config, ... }: let + backupSchedules = import "${self}/data/backupSchedules.nix"; secrets = config.services.secrets.secrets; in { environment.systemPackages = with pkgs; [ @@ -18,6 +20,8 @@ in { services.restic.backups.quassel = { user = "root"; paths = [ + # it's only backing up initial setup / credentials + # so no matter what DB is restored to it should work "/home/quassel/.config/quassel-irc.org" ]; @@ -27,13 +31,7 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; - pruneOpts = [ - "--keep-last 5" - ]; - - timerConfig = { - OnBootSec = "1m"; - OnCalendar = "daily"; - }; + pruneOpts = ["--keep-last 5"]; + timerConfig = backupSchedules.restic.low; }; } diff --git a/hosts/hetzner-arm/containers/social/profiles/restic.nix b/hosts/hetzner-arm/containers/social/profiles/restic.nix index c327cbc..b0b7190 100644 --- a/hosts/hetzner-arm/containers/social/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/social/profiles/restic.nix @@ -1,9 +1,11 @@ { + self, pkgs, config, ... }: let secrets = config.services.secrets.secrets; + backupSchedules = import "${self}/data/backupSchedules.nix"; # Because gotosocial-admin isn't a seporate package we need to generate a seperate config # and duplicate the wrapper for use in a systemd unit @@ -55,14 +57,9 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; - pruneOpts = [ - "--keep-last 10" - ]; - - timerConfig = { - OnBootSec = "1m"; - OnCalendar = "daily"; - }; + pruneOpts = ["--keep-last 10"]; + # Don't want to cause too much downtime and take too long to prune media + timerConfig = backupSchedules.restic.medium; inherit backupPrepareCommand; inherit backupCleanupCommand; diff --git a/hosts/hetzner-arm/containers/storage/profiles/rcloneSync.nix b/hosts/hetzner-arm/containers/storage/profiles/rcloneSync.nix index afe06ab..14167db 100644 --- a/hosts/hetzner-arm/containers/storage/profiles/rcloneSync.nix +++ b/hosts/hetzner-arm/containers/storage/profiles/rcloneSync.nix @@ -1,4 +1,6 @@ -{...}: { +{self, ...}: let + backupSchedules = import "${self}/data/backupSchedules.nix"; +in { services.rclone-sync = { enable = true; user = "storage"; @@ -9,10 +11,7 @@ after = ["auto-secrets.service"]; wants = ["auto-secrets.service"]; }; - timerConfig = { - OnStartupSec = "120"; - OnCalendar = "4h"; - }; + timerConfig = backupSchedules.remoteBackups; extraArgs = [ "--fast-list" "--check-first" diff --git a/hosts/hetzner-arm/containers/stream/music/data/ports.nix b/hosts/hetzner-arm/containers/stream/music/data/ports.nix deleted file mode 100644 index c8e15c5..0000000 --- a/hosts/hetzner-arm/containers/stream/music/data/ports.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - mpd = 6600; - mpd-opus-low = 4242; - mpd-opus-medium = 4243; - mpd-opus-high = 4244; - mpd-flac = 4245; - slskd = 5000; - slskd-web = 5001; -} diff --git a/hosts/hetzner-arm/containers/stream/music/default.nix b/hosts/hetzner-arm/containers/stream/music/default.nix deleted file mode 100644 index a167e5f..0000000 --- a/hosts/hetzner-arm/containers/stream/music/default.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ - self, - hostPath, - tree, - lib, - inputs, - pkgs, - config, - ... -}: let - inherit (lib.modules) mkMerge; - inherit (lib.lists) forEach; - - containerName = "music"; - - containerAddresses = import "${hostPath}/data/containerAddresses.nix"; - - hostIP = containerAddresses.host; - containerIP = containerAddresses.containers.${containerName}; - - ports = import ./data/ports.nix; - - # these secrets should probs be in host but im lazy - containerSecrets = config.containers.${containerName}.config.services.secrets.secrets; - pathInContainer = path: "/var/lib/nixos-containers/${containerName}" + path; -in { - containers.music = { - autoStart = true; - privateNetwork = true; - hostAddress = hostIP; - localAddress = containerIP; - - specialArgs = { - inherit inputs; - inherit tree; - inherit self; - inherit hostPath; - }; - - config = {...}: { - nixpkgs.pkgs = pkgs; - - imports = with tree; - [ - presets.nixos.containerBase - - profiles.nginx - profiles.firewallAllow.httpCommon - - ./secrets.nix - ] - ++ (with hosts.hetzner-arm.containers.music.profiles; [ - mpd - musicSync - soulseek - ]); - - networking.firewall.allowedTCPPorts = with ports; [ - mpd - mpd-opus-low - mpd-opus-medium - mpd-opus-high - mpd-flac - slskd - slskd-web - ]; - - home-manager.users.root.home.stateVersion = "23.05"; - system.stateVersion = "23.05"; - }; - }; - - services.nginx.virtualHosts."soulseek.owo.monster" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${containerIP}:${toString ports.slskd-web}"; - proxyWebsockets = true; - }; - }; - - services.nginx.virtualHosts."mpd.owo.monster" = let - extraConfig = '' - auth_basic "Music Password"; - auth_basic_user_file ${pathInContainer containerSecrets.music_stream_passwd.path}; - ''; - in { - forceSSL = true; - enableACME = true; - locations = mkMerge [ - { - "/flac" = { - proxyPass = "http://${containerIP}:${toString ports.mpd-flac}"; - inherit extraConfig; - }; - } - (mkMerge (forEach ["low" "medium" "high"] (quality: { - "/opus-${quality}" = { - proxyPass = "http://${containerIP}:${toString ports."mpd-opus-${quality}"}"; - inherit extraConfig; - }; - }))) - ]; - }; - - networking = { - nat.forwardPorts = [ - { - sourcePort = ports.mpd; - destination = "${containerIP}\:${toString ports.mpd}"; - } - { - sourcePort = ports.slskd; - destination = "${containerIP}\:${toString ports.slskd}"; - } - ]; - - firewall.allowedTCPPorts = with ports; [ - mpd - slskd - ]; - }; -} diff --git a/hosts/hetzner-arm/containers/stream/music/profiles/mpd.nix b/hosts/hetzner-arm/containers/stream/music/profiles/mpd.nix deleted file mode 100644 index d8d949c..0000000 --- a/hosts/hetzner-arm/containers/stream/music/profiles/mpd.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - inherit (lib.strings) concatStringsSep; - inherit (lib.lists) forEach; - - ports = import ../data/ports.nix; - secrets = config.services.secrets.secrets; -in { - environment.systemPackages = with pkgs; [ - mpc_cli - ]; - - services.mpd = { - enable = true; - network.listenAddress = "0.0.0.0"; - musicDirectory = "/Music"; - credentials = [ - { - passwordFile = "${secrets.mpd_control_password.path}"; - permissions = ["read" "add" "control" "admin"]; - } - ]; - extraConfig = - '' - host_permissions "127.0.0.1 read,add,control,admin" - samplerate_converter "0" - metadata_to_use "title,artist" - auto_update "yes" - audio_buffer_size "4096" - replaygain "track" - audio_output_format "44100:16:2" - '' - + concatStringsSep "\n" (forEach ["low" "medium" "high"] (quality: let - bitrates = { - "low" = "64"; - "medium" = "96"; - "high" = "128"; - }; - bitrate = bitrates.${quality}; - in '' - audio_output { - type "httpd" - name "HTTP Opus ${bitrate}k" - encoder "opus" - port "${toString ports."mpd-opus-${quality}"}" - bitrate "${bitrate}000" - format "44100:16:2" - always_on "yes" - tags "yes" - signal "music" - } - '')) - + '' - audio_output { - type "httpd" - name "HTTP FLAC" - encoder "flac" - port "${toString ports.mpd-flac}" - format "44100:16:2" - always_on "yes" - tags "yes" - } - ''; - }; -} diff --git a/hosts/hetzner-arm/containers/stream/music/profiles/musicSync.nix b/hosts/hetzner-arm/containers/stream/music/profiles/musicSync.nix deleted file mode 100644 index 6c3e8e8..0000000 --- a/hosts/hetzner-arm/containers/stream/music/profiles/musicSync.nix +++ /dev/null @@ -1,49 +0,0 @@ -{pkgs, ...}: let - inherit (pkgs) writeShellScriptBin; - inherit (builtins) toFile; - - rcloneConfig = toFile "rclone.conf" '' - [Music] - type = webdav - url = https://storage-webdav.owo.monster/MusicRO/ - vendor = other - ''; -in { - environment.systemPackages = with pkgs; [ - rclone - (writeShellScriptBin "rclone-music" '' - rclone --config ${rcloneConfig} "$@" - '') - ]; - - systemd.tmpfiles.rules = [ - "d /Music - mpd mpd" - ]; - - systemd.services.music-sync = { - wantedBy = ["multi-user.target"]; - after = ["network.target"]; - partOf = ["mpd.service"]; - - path = with pkgs; [bash rclone]; - - script = '' - set -e - rclone --config ${rcloneConfig} sync Music: /Music - chown -R mpd:mpd /Music - ''; - }; - - systemd.timers.music-sync = { - wantedBy = ["timers.target"]; - partOf = ["music-sync.service"]; - timerConfig.OnCalendar = "hourly"; - }; - - systemd.services.mpd = { - after = ["music-copy.service"]; - serviceConfig = { - ReadOnlyPaths = "/Music"; - }; - }; -} diff --git a/hosts/hetzner-arm/containers/stream/music/profiles/soulseek.nix b/hosts/hetzner-arm/containers/stream/music/profiles/soulseek.nix deleted file mode 100644 index 4f66336..0000000 --- a/hosts/hetzner-arm/containers/stream/music/profiles/soulseek.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - lib, - config, - ... -}: let - ports = import ../data/ports.nix; - secrets = config.services.secrets.secrets; - - inherit (lib.modules) mkForce; -in { - services.slskd = { - enable = true; - openFirewall = true; - environmentFile = secrets.slskd_env.path; - settings = { - remote_configuration = false; - remote_file_management = true; - soulseek = { - username = "chaoticryptidz"; - description = "chaos's soulseek"; - listen_port = ports.slskd; - }; - web = { - port = ports.slskd-web; - authentication = { - username = "chaos"; - }; - }; - shares.directories = [ - "/Music" - ]; - }; - nginx = { - enable = true; # I don't think this is even cheked - domainName = "soulseek.owo.monster"; - }; - }; - - services.nginx.virtualHosts."soulseek.owo.monster" = { - forceSSL = mkForce false; - enableACME = mkForce false; - }; -} diff --git a/hosts/hetzner-arm/containers/stream/music/secrets.nix b/hosts/hetzner-arm/containers/stream/music/secrets.nix deleted file mode 100644 index 1bdf745..0000000 --- a/hosts/hetzner-arm/containers/stream/music/secrets.nix +++ /dev/null @@ -1,57 +0,0 @@ -{pkgs, ...}: { - services.secrets = { - enable = true; - - vaultLogin = { - enable = true; - loginUsername = "hetzner-arm-container-music"; - }; - - autoSecrets = { - enable = true; - }; - - requiredVaultPaths = [ - "api-keys/data/mpd" - "api-keys/data/music-stream" - "passwords/data/soulseek" - "passwords/data/slskd" - ]; - - packages = with pkgs; [ - apacheHttpd - ]; - - secrets = { - vault_password = { - manual = true; - }; - - mpd_control_password = { - user = "mpd"; - group = "mpd"; - fetchScript = '' - simple_get "/api-keys/mpd" .password > "$secretFile" - ''; - }; - music_stream_passwd = { - user = "nginx"; - group = "nginx"; - fetchScript = '' - username=$(simple_get "/api-keys/music-stream" .username) - password=$(simple_get "/api-keys/music-stream" .password) - htpasswd -bc "$secretFile" "$username" "$password" 2>/dev/null - ''; - }; - slskd_env = { - fetchScript = '' - soulseek_password=$(simple_get "/passwords/soulseek" .password) - slskd_password=$(simple_get "/passwords/slskd" .password) - echo > "$secretFile" - echo "SLSKD_SLSK_PASSWORD=$soulseek_password" >> "$secretFile" - echo "SLSKD_PASSWORD=$slskd_password" >> "$secretFile" - ''; - }; - }; - }; -} diff --git a/hosts/vault/profiles/restic.nix b/hosts/vault/profiles/restic.nix index 521aafc..093ec89 100644 --- a/hosts/vault/profiles/restic.nix +++ b/hosts/vault/profiles/restic.nix @@ -1,9 +1,11 @@ { + self, pkgs, config, ... }: let secrets = config.services.secrets.secrets; + backupSchedules = import "${self}/data/backupSchedules.nix"; in { services.restic.backups.vault = { user = "root"; @@ -11,10 +13,8 @@ in { "/var/lib/vault" "/var/lib/private/step-ca" ]; - timerConfig = { - OnBootSec = "1m"; - OnCalendar = "6h"; - }; + timerConfig = backupSchedules.restic.high; + # env contains fixed repository with auth repository = "rest:https://storage-restic.owo.monster/Vault"; passwordFile = "${secrets.restic_password.path}"; diff --git a/modules/nixos/rcloneSync.nix b/modules/nixos/rcloneSync.nix index 81dbcdd..92ad014 100644 --- a/modules/nixos/rcloneSync.nix +++ b/modules/nixos/rcloneSync.nix @@ -65,8 +65,8 @@ in { timerConfig = mkOption { type = types.attrs; default = { - OnStartupSec = "60"; - OnCalendar = "4h"; + OnStartupSec = "1m"; + OnUnitActiveSec = "2h"; }; }; serviceConfig = mkOption { diff --git a/outputs.nix b/outputs.nix index 270f05b..a0900ed 100644 --- a/outputs.nix +++ b/outputs.nix @@ -4,7 +4,6 @@ inherit (lib.attrsets) mergeAttrsList recursiveUpdate; inherit (lib.lists) foldl' forEach filter; - inherit (lib.strings) optionalString; hosts = import ./hosts inputs; in diff --git a/overlay/default.nix b/overlay/default.nix index a163e67..519930d 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -23,7 +23,7 @@ final: prev: rec { # this includes a bunch of unneeded files # but we cba to go through the bat file # the author uses to figure out what all the 7z commands do) - grocy = prev.grocy.overrideAttrs (old: let + grocy = prev.grocy.overrideAttrs (_old: let version = "4.1.0"; hash = ""; in rec { @@ -38,51 +38,6 @@ final: prev: rec { patches = [./grocy-env-variables.diff]; }); - # Remove when fixed in upstream - jellyfin-ffmpeg = - (prev.ffmpeg_6-headless.override { - withAribcaption = false; # FIXME remove when updating past version 6.1 - }) - .overrideAttrs (old: rec { - pname = "jellyfin-ffmpeg"; - version = "6.0.1-1"; - - src = final.fetchFromGitHub { - owner = "jellyfin"; - repo = "jellyfin-ffmpeg"; - rev = "v${version}"; - hash = "sha256-LMwGxx++z6TpZLnpeRGraid4653Mp8T4pY5EP4Z7GXY="; - }; - - patches = []; - - buildInputs = old.buildInputs ++ [prev.chromaprint]; - - configureFlags = - old.configureFlags - ++ [ - "--extra-version=Jellyfin" - "--disable-ptx-compression" # https://github.com/jellyfin/jellyfin/issues/7944#issuecomment-1156880067 - "--enable-chromaprint" - ]; - - postPatch = '' - for file in $(cat debian/patches/series); do - patch -p1 < debian/patches/$file - done - - ${old.postPatch or ""} - ''; - - meta = with final.lib; { - description = "${old.meta.description} (Jellyfin fork)"; - homepage = "https://github.com/jellyfin/jellyfin-ffmpeg"; - license = licenses.gpl3; - maintainers = with maintainers; [justinas]; - pkgConfigModules = ["libavutil"]; - }; - }); - mpd-headless = (prev.mpdWithFeatures.override { ffmpeg = final.ffmpeg_6-headless; diff --git a/profiles/remoteBuilders.nix b/profiles/remoteBuilders.nix index 5141ec7..b3939f1 100644 --- a/profiles/remoteBuilders.nix +++ b/profiles/remoteBuilders.nix @@ -35,8 +35,8 @@ in { systems = ["aarch64-linux"]; supportedFeatures = ["native-arm64"]; publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUk5cGM0REU1UlV4UUp2T1pwenFOQWVac0JlRW1kcmp4OFlnV3orVXBMckcgcm9vdEBoZXR6bmVyLWFybQo="; - maxJobs = 4; - speedFactor = 3; + maxJobs = 2; + speedFactor = 2; } ])) (mkIf (currentHostname != "vault") (mkMerge [