phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move backup to Hetzner's storage box

Browse source
This commit is contained in:
Paul-Henri Froidmont 2023-04-22 02:46:55 +02:00
parent 8c4e559348
commit ff0abf6309
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
4 changed files with 32 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

14
profiles/backend.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
imports = [
../environment.nix
../hardware/hcloud.nix
@ -23,6 +22,7 @@
custom = {
services.backup-job = {
enable = true;
repoName = "bk1";
additionalPaths = [ "/var/lib/nextcloud/config" "/var/lib/mastodon" ];
readWritePaths = [ "/nix/var/data/murmur" "/nix/var/data/backup/" ];
preHook = ''
@ -74,9 +74,7 @@
services.uptime-kuma = {
enable = true;
settings = {
PORT = "3001";
};
settings = { PORT = "3001"; };
};
services.nginx.virtualHosts."uptime.froidmont.org" = {
@ -85,13 +83,15 @@
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.services.uptime-kuma.settings.PORT}";
proxyPass =
"http://127.0.0.1:${config.services.uptime-kuma.settings.PORT}";
proxyWebsockets = true;
};
};
networking.firewall.allowedTCPPorts = [ 80 443 64738 ];
networking.firewall.allowedUDPPorts = [ 64738 ];
networking.firewall.interfaces."eth1".allowedTCPPorts = [ config.services.prometheus.exporters.node.port 9000 ];
networking.firewall.interfaces."eth1".allowedTCPPorts =
[ config.services.prometheus.exporters.node.port 9000 ];
}

9
profiles/db.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
imports = [
../environment.nix
../hardware/hcloud.nix
@ -8,7 +7,10 @@
../modules/monitoring-exporters.nix
];
networking.firewall.interfaces."eth1".allowedTCPPorts = [ config.services.prometheus.exporters.node.port config.services.postgresql.port ];
networking.firewall.interfaces."eth1".allowedTCPPorts = [
config.services.prometheus.exporters.node.port
config.services.postgresql.port
];
sops.secrets = {
borgSshKey = {
@ -20,6 +22,7 @@
custom = {
services.backup-job = {
enable = true;
repoName = "db1";
readWritePaths = [ "/nix/var/data/postgresql" "/nix/var/data/backup/" ];
preHook = ''
${pkgs.postgresql_12}/bin/pg_dump -U synapse synapse > /nix/var/data/postgresql/synapse.dmp

6
profiles/storage.nix
View file

@ -33,6 +33,12 @@
services.backup-job = {
enable = true;
repoName = "bl";
patterns = [
"- /nix/var/data/media"
"- /nix/var/data/transmission/downloads"
"- /nix/var/data/transmission/.incomplete"
];
readWritePaths = [ "/nix/var/data/backup" ];
preHook =
"${pkgs.docker}/bin/docker exec stb-mariadb sh -c 'mysqldump -u stb -pstb stb' > /nix/var/data/backup/stb_mariadb.sql";