alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alejandro-angulo:a361cffecd07decd45183e84a2d8a4766283d3ab
Branches Tags
alejandro-angulo:main
...
compare: alejandro-angulo:6c08146fd27396b726ac793a9082c865d091a6e1
Branches Tags
alejandro-angulo:main

2 commits
a361cffecd ... 6c08146fd2

Author SHA1 Message Date
alejandro-angulo 6c08146fd2
Configure restic repo for nextcloud data
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 11s
Details
2024-12-01 17:03:26 -08:00
alejandro-angulo 997d1b2f9e
Updated teslamate grafana dashboards 2024-12-01 17:02:55 -08:00
6 changed files with 66 additions and 8 deletions
Show stats Expand all files Collapse all files

52
modules/nixos/services/nextcloud/default.nix
View file

@ -5,6 +5,16 @@
... ...
}: let }: let
cfg = config.aa.services.nextcloud; cfg = config.aa.services.nextcloud;
secrets = config.age.secrets;
mkNextcloudSecret = attrs: {
name = attrs.name;
value = {
file = attrs.path;
owner = "nextcloud";
group = "nextcloud";
};
};
in { in {
options.aa.services.nextcloud = with lib; { options.aa.services.nextcloud = with lib; {
enable = mkEnableOption "nextcloud"; enable = mkEnableOption "nextcloud";
@ -19,11 +29,24 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets.nextcloud_admin = { age.secrets = builtins.listToAttrs (builtins.map (attrs: mkNextcloudSecret attrs) [
file = ../../../../secrets/nextcloud_admin.age; {
owner = "nextcloud"; name = "restic/password";
group = "nextcloud"; path = ../../../../secrets/nextcloud_restic_password.age;
}; }
{
name = "restic/env";
path = ../../../../secrets/nextcloud_restic_env.age;
}
{
name = "restic/repo";
path = ../../../../secrets/nextcloud_restic_repo.age;
}
{
name = "nextcloud_admin";
path = ../../../../secrets/nextcloud_admin.age;
}
]);
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
@ -47,7 +70,7 @@ in {
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
adminuser = "alejandro"; adminuser = "alejandro";
adminpassFile = config.age.secrets.nextcloud_admin.path; adminpassFile = secrets.nextcloud_admin.path;
}; };
}; };
@ -57,6 +80,23 @@ in {
useACMEHost = cfg.acmeCertName; useACMEHost = cfg.acmeCertName;
}; };
services.restic.backups = {
nextcloud = {
user = "nextcloud";
initialize = true;
paths = [config.services.nextcloud.datadir];
environmentFile = secrets."restic/env".path;
repositoryFile = secrets."restic/repo".path;
passwordFile = secrets."restic/password".path;
timerConfig = {
OnCalendar = "00:05";
Persistent = true;
RandomizedDelaySec = "5h";
};
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 9001"];
};
};
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];
}; };
} }

4
packages/teslamate-grafana-dashboards/default.nix
View file

@ -5,13 +5,13 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "teslamate-grafana-dashboards"; pname = "teslamate-grafana-dashboards";
version = "1.31.0"; version = "1.32.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "teslamate-org"; owner = "teslamate-org";
repo = "teslamate"; repo = "teslamate";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-aX6FjOKyjsA/0IgLw/AnB01ddNk0yS6vd01BH/reBP4="; hash = "sha256-diQRtJYfzGIVLxrdBad3XKWCtR97rj9Q1ZJ9MmvJGRk=";
}; };
dontBuild = true; dontBuild = true;

BIN
secrets/nextcloud_restic_env.age Normal file
View file

Binary file not shown.

7
secrets/nextcloud_restic_password.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> piv-p256 UIEGzg AtUSDrnOeV44xXzVmduHJgpJEzozc+LqdLKlkiiDdJXA
cJWbnIZGvISxhNXa6Jpiw8NrEfCncMAQHfW8v5uzzvE
-> ssh-ed25519 Yk7ehg OwDJrMxpMvaxDnGBaSr8+WjGy44DAYwcPo7qujD8zCQ
7LjtdWBG9+n89+NWvWLX/E63se9okelHkEb2HxFAkU8
--- 7f/WYFPS9vxFsRa6MNX6EAbGya42EsVxrZbCTEhuIOc
 ˆO˜ < cë[&ô!W*oñgJo©,à ¿ P±ä@ÎØ”«Óö7ô® ´Ø%„Ò"rʽÌ=Öc½kå«c <0B>#°PÌ@ù¡ñlÆ—Š½Xi"êï¸c庀GÔí¬m‰N»¢/ØjÜWâjku:ˆx<CB86>¦(à.°>%×ß‘#~Ížæv¹¢ò/kbÒÃFÚg3®ŠçQêÝÀ

8
secrets/nextcloud_restic_repo.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> piv-p256 UIEGzg AowX1qo/8GwbPcZGt2yW77S7rA8/xtDGUocmR3hmQpTO
vNy0dR5fwAk+2fV7xhEQq9Ja4VRW5RaDHo9a3L1FZhk
-> ssh-ed25519 Yk7ehg IUjXb3+yVVIY3aa5wTagrRdm3bL9fGfCCfc20roqh1g
D+aX+TYMg21CCfpVj6DQVcaRbU4sN5tB0aC0R6TfBFw
--- u2cH5LG8E5DBRkL8FGq3s1I2Ht5Lhlk9hKrSaOjtISQ
=q(ï=vßc×<19>~iß(Pa¸GÑùGŸãx! Iãþ<&õüN•Á7åJA.½'e
DHŽLt¿t 1JÞFéL‡(9éEk[¢šQ·<51>­×é³;Å‚?ì/ʤnPŒ´

3
secrets/secrets.nix
View file

@ -15,6 +15,9 @@ in {
"hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel]; "hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
"hydra-aws-creds.age".publicKeys = [users.me machines.gospel]; "hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
"nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel]; "nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
"nextcloud_restic_env.age".publicKeys = [users.me machines.node];
"nextcloud_restic_password.age".publicKeys = [users.me machines.node];
"nextcloud_restic_repo.age".publicKeys = [users.me machines.node];
"tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update "tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update
"teslamate_db.age".publicKeys = [users.me machines.node machines.gospel]; "teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
"teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel]; "teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];