diff --git a/flake.nix b/flake.nix index 000e971..10e661f 100644 --- a/flake.nix +++ b/flake.nix @@ -5,14 +5,6 @@ outputs = { self, nixpkgs, deploy-rs }: let pkgs = nixpkgs.legacyPackages.x86_64-linux; - - common = { - modules = [ - ./hardware/hcloud.nix - ./modules/openssh.nix - ./environment.nix - ]; - }; in { devShell.x86_64-linux = pkgs.mkShell { @@ -28,23 +20,13 @@ nixosConfigurations = { db1 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = common.modules ++ [ - ./modules/postgresql.nix - ./modules/custom-backup-job.nix - ./modules/custom-backup-job.nix + modules = [ + ./profiles/db.nix ( { networking.hostName = "db1"; networking.domain = "banditlair.com"; - networking.firewall.interfaces."enp7s0".allowedTCPPorts = [ 5432 ]; - services.custom-backup-job = { - additionalReadWritePaths = [ "/nix/var/data/postgresql" ]; - additionalPreHook = '' - ${pkgs.postgresql_12}/bin/pg_dump -U synapse synapse > /nix/var/data/postgresql/synapse.dmp - ${pkgs.postgresql_12}/bin/pg_dump -U nextcloud nextcloud > /nix/var/data/postgresql/nextcloud.dmp - ''; - startAt = "03:00"; - }; + system.stateVersion = "21.05"; } ) @@ -52,25 +34,13 @@ }; backend1 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = common.modules ++ [ - ./modules/nginx.nix - ./modules/murmur.nix - ./modules/synapse.nix - ./modules/nextcloud.nix - ./modules/custom-backup-job.nix + modules = [ + ./profiles/backend.nix ( { networking.hostName = "backend1"; networking.domain = "banditlair.com"; - networking.localCommands = "ip addr add 95.216.177.3/32 dev enp1s0"; - networking.firewall.allowedTCPPorts = [ 80 443 64738 ]; - networking.firewall.allowedUDPPorts = [ 64738 ]; - services.custom-backup-job = { - additionalPaths = [ "/var/lib/nextcloud/config" ]; - additionalReadWritePaths = [ "/nix/var/data/murmur" ]; - additionalPreHook = "cp /var/lib/murmur/murmur.sqlite /nix/var/data/murmur/murmur.sqlite"; - startAt = "03:30"; - }; + system.stateVersion = "21.05"; } ) diff --git a/profiles/backend.nix b/profiles/backend.nix new file mode 100644 index 0000000..958674c --- /dev/null +++ b/profiles/backend.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ../environment.nix + ../hardware/hcloud.nix + ../modules/openssh.nix + ../modules/nginx.nix + ../modules/murmur.nix + ../modules/synapse.nix + ../modules/nextcloud.nix + ../modules/custom-backup-job.nix + ]; + + services.custom-backup-job = { + additionalPaths = [ "/var/lib/nextcloud/config" ]; + additionalReadWritePaths = [ "/nix/var/data/murmur" ]; + additionalPreHook = "cp /var/lib/murmur/murmur.sqlite /nix/var/data/murmur/murmur.sqlite"; + startAt = "03:30"; + }; + + networking.localCommands = "ip addr add 95.216.177.3/32 dev enp1s0"; + networking.firewall.allowedTCPPorts = [ 80 443 64738 ]; + networking.firewall.allowedUDPPorts = [ 64738 ]; + + services.monit = { + enable = true; + config = '' + set daemon 30 + with start delay 90 + + set httpd + port 2812 + use address 127.0.0.1 + allow localhost + + check file nextcloud-data-mounted with path /var/lib/nextcloud/data/index.html + if does not exist then exec "${pkgs.systemd}/bin/systemctl restart var-lib-nextcloud-data.mount" + ''; + }; + + networking.firewall.interfaces."ens10".allowedTCPPorts = [ 80 ]; +} diff --git a/profiles/db.nix b/profiles/db.nix new file mode 100644 index 0000000..da349a3 --- /dev/null +++ b/profiles/db.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ../environment.nix + ../hardware/hcloud.nix + ../modules/openssh.nix + ../modules/postgresql.nix + ../modules/custom-backup-job.nix + ]; + + networking.firewall.interfaces."enp7s0".allowedTCPPorts = [ 5432 ]; + + services.custom-backup-job = { + additionalReadWritePaths = [ "/nix/var/data/postgresql" ]; + additionalPreHook = '' + ${pkgs.postgresql_12}/bin/pg_dump -U synapse synapse > /nix/var/data/postgresql/synapse.dmp + ${pkgs.postgresql_12}/bin/pg_dump -U nextcloud nextcloud > /nix/var/data/postgresql/nextcloud.dmp + ''; + startAt = "03:00"; + }; + + networking.firewall.interfaces."ens10".allowedTCPPorts = [ 80 ]; +}