From 6592341dc31c6f26422ec3a9fed2e601ab985cfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 31 Aug 2023 11:44:53 +0200 Subject: prism: add backup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörg Thalheim --- lass/2configs/codimd.nix | 71 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 67 insertions(+), 4 deletions(-) (limited to 'lass/2configs/codimd.nix') diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index ccca49fac..0927788a7 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -2,7 +2,8 @@ with import ; let domain = "pad.lassul.us"; -in { +in +{ # redirect legacy domain to new one services.nginx.virtualHosts."codi.lassul.us" = { @@ -25,13 +26,77 @@ in { security.dhparams = { enable = true; - params.hedgedoc = {}; + params.hedgedoc = { }; }; systemd.services.hedgedoc.environment = { CMD_COOKIE_POLICY = "none"; CMD_CSP_ALLOW_FRAMING = "true"; }; + + systemd.services.hedgedoc-backup = { + startAt = "daily"; + serviceConfig = { + ExecStart = ''${pkgs.sqlite}/bin/sqlite3 /var/lib/hedgedoc/db.hedgedoc.sqlite ".backup /var/backup/hedgedoc/backup.sq3"''; + Type = "oneshot"; + }; + }; + + services.postgresqlBackup.enable = true; + + systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; + + services.borgbackup.jobs.hetzner = { + paths = [ + "/home" + "/etc" + "/var" + "/root" + ]; + exclude = [ + "*.pyc" + "/home/*/.direnv" + "/home/*/.cache" + "/home/*/.cargo" + "/home/*/.npm" + "/home/*/.m2" + "/home/*/.gradle" + "/home/*/.opam" + "/home/*/.clangd" + "/var/lib/containerd" + # already included in database backup + "/var/lib/postgresql" + # not so important + "/var/lib/docker/" + "/var/log/journal" + "/var/cache" + "/var/tmp" + "/var/log" + ]; + repo = "u348918@u348918.your-storagebox.de:/./hetzner"; + encryption.mode = "none"; + compression = "auto,zstd"; + startAt = "daily"; + # TODO: change backup key + environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}"; + preHook = '' + set -x + ''; + + postHook = '' + cat > /var/log/telegraf/borgbackup-job-hetzner.service < Date: Thu, 31 Aug 2023 17:47:17 +0200 Subject: l prism.r: add backups --- lass/2configs/codimd.nix | 56 +----------------------------------------------- 1 file changed, 1 insertion(+), 55 deletions(-) (limited to 'lass/2configs/codimd.nix') diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index 0927788a7..f8880dbdc 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -34,6 +34,7 @@ in CMD_CSP_ALLOW_FRAMING = "true"; }; + services.borgbackup.jobs.hetzner.paths = [ "/var/backup" ]; systemd.services.hedgedoc-backup = { startAt = "daily"; serviceConfig = { @@ -42,61 +43,6 @@ in }; }; - services.postgresqlBackup.enable = true; - - systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; - - services.borgbackup.jobs.hetzner = { - paths = [ - "/home" - "/etc" - "/var" - "/root" - ]; - exclude = [ - "*.pyc" - "/home/*/.direnv" - "/home/*/.cache" - "/home/*/.cargo" - "/home/*/.npm" - "/home/*/.m2" - "/home/*/.gradle" - "/home/*/.opam" - "/home/*/.clangd" - "/var/lib/containerd" - # already included in database backup - "/var/lib/postgresql" - # not so important - "/var/lib/docker/" - "/var/log/journal" - "/var/cache" - "/var/tmp" - "/var/log" - ]; - repo = "u348918@u348918.your-storagebox.de:/./hetzner"; - encryption.mode = "none"; - compression = "auto,zstd"; - startAt = "daily"; - # TODO: change backup key - environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}"; - preHook = '' - set -x - ''; - - postHook = '' - cat > /var/log/telegraf/borgbackup-job-hetzner.service < Date: Sat, 2 Sep 2023 11:36:38 +0200 Subject: l codimd: backup statedir --- lass/2configs/codimd.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass/2configs/codimd.nix') diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index f8880dbdc..d0ba8912c 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -34,7 +34,10 @@ in CMD_CSP_ALLOW_FRAMING = "true"; }; - services.borgbackup.jobs.hetzner.paths = [ "/var/backup" ]; + services.borgbackup.jobs.hetzner.paths = [ + "/var/backup" + "/var/lib/hedgedoc" + ]; systemd.services.hedgedoc-backup = { startAt = "daily"; serviceConfig = { -- cgit v1.2.3 From f55307fd73af235069744dd5155fda0bc73fe613 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Sep 2023 12:26:31 +0200 Subject: lass: migrate away --- lass/2configs/codimd.nix | 70 ------------------------------------------------ 1 file changed, 70 deletions(-) delete mode 100644 lass/2configs/codimd.nix (limited to 'lass/2configs/codimd.nix') diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix deleted file mode 100644 index d0ba8912c..000000000 --- a/lass/2configs/codimd.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, lib, ... }: -with import ; -let - domain = "pad.lassul.us"; -in -{ - - # redirect legacy domain to new one - services.nginx.virtualHosts."codi.lassul.us" = { - enableACME = true; - addSSL = true; - locations."/".return = "301 https://${domain}\$request_uri"; - }; - - services.nginx.virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "https://localhost:3091"; - proxyWebsockets = true; - }; - }; - - security.acme.certs.${domain}.group = "hedgecert"; - users.groups.hedgecert.members = [ "hedgedoc" "nginx" ]; - - security.dhparams = { - enable = true; - params.hedgedoc = { }; - }; - - systemd.services.hedgedoc.environment = { - CMD_COOKIE_POLICY = "none"; - CMD_CSP_ALLOW_FRAMING = "true"; - }; - - services.borgbackup.jobs.hetzner.paths = [ - "/var/backup" - "/var/lib/hedgedoc" - ]; - systemd.services.hedgedoc-backup = { - startAt = "daily"; - serviceConfig = { - ExecStart = ''${pkgs.sqlite}/bin/sqlite3 /var/lib/hedgedoc/db.hedgedoc.sqlite ".backup /var/backup/hedgedoc/backup.sq3"''; - Type = "oneshot"; - }; - }; - - services.hedgedoc = { - enable = true; - configuration.allowOrigin = [ domain ]; - settings = { - db = { - dialect = "sqlite"; - storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; - }; - useCDN = false; - port = 3091; - domain = domain; - allowFreeURL = true; - - useSSL = true; - protocolUseSSL = true; - sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ]; - sslCertPath = "/var/lib/acme/${domain}/cert.pem"; - sslKeyPath = "/var/lib/acme/${domain}/key.pem"; - dhParamPath = config.security.dhparams.params.hedgedoc.path; - }; - }; -} -- cgit v1.2.3