coace/unit
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: coace:d90f9fb648d114716e50443e4631776b5fbfe365
Branches Tags
coace:master
...
compare: coace:master
Branches Tags
coace:master

10 Commits
d90f9fb648 ... master

Author SHA1 Message Date
coolneng
634022d717 Add manuela to Wireguard peers 2021-07-31 21:49:57 +01:00
coolneng
b3b590dbf3 Replace deprecated OnCalendar option with startAt 2021-07-30 21:53:58 +01:00
coolneng
7083d475db Update README 2021-07-30 21:41:43 +01:00
coolneng
2cf9053ca9 Revert "Deploy a mail server" 
This reverts commit 6d9a883361.
 2021-07-24 18:01:20 +02:00
coolneng
6d9a883361 Deploy a mail server 2021-06-25 15:09:57 +02:00
coolneng
9b196037db Remove deprecated samba option 2021-06-01 23:26:53 +02:00
coolneng
94eecc7e20 Add frontend vdev 2021-05-17 10:48:37 +02:00
coolneng
7af1063f1f Replace systemd timers with startAt 2021-04-29 16:48:44 +02:00
coolneng
63a9fb80a1 Remove redundant reverse proxy restart 2021-04-15 10:00:07 +02:00
coolneng
0cef524a0c Correct ssh key specification in the backup script 2021-04-14 23:20:32 +02:00
7 changed files with 46 additions and 41 deletions
Expand all files Collapse all files

14
README.org
View File

@@ -1,3 +1,17 @@
* Unit * Unit
Declarative configuration for the main server, using [[https://nixos.org][NixOS]] Declarative configuration for the main server, using [[https://nixos.org][NixOS]]
** Modules
The configuration is sliced into different files, per category:
- ZFS pool configuration: hardware-configuration.nix
- Network configuration: networking.nix
- Synchronization and backup services: datasync.nix
- Web services and reverse proxy: webstack.nix
- Smartd: monitoring.nix
- Systemd services and timers: periodic.nix
- Virtual machines: virtualization.nix
All the modules are imported in *configuration.nix*

1
modules/datasync.nix
View File

@@ -7,7 +7,6 @@
services.samba = { services.samba = {
enable = true; enable = true;
nsswins = true; nsswins = true;
syncPasswordsByPam = true;
extraConfig = '' extraConfig = ''
workgroup = WORKGROUP workgroup = WORKGROUP
server string = unit server string = unit

41
modules/hardware-configuration.nix
View File

@@ -43,18 +43,13 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/backups" =
{ device = "vault/backups";
fsType = "zfs";
};
fileSystems."/vault/VMs" = fileSystems."/vault/VMs" =
{ device = "vault/VMs"; { device = "vault/VMs";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/code" = fileSystems."/vault/backups" =
{ device = "vault/code"; { device = "vault/backups";
fsType = "zfs"; fsType = "zfs";
}; };
@@ -63,8 +58,8 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/config" = fileSystems."/vault/code" =
{ device = "vault/config"; { device = "vault/code";
fsType = "zfs"; fsType = "zfs";
}; };
@@ -78,13 +73,8 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/backups/documents" = fileSystems."/vault/backups/wordpress" =
{ device = "vault/backups/documents"; { device = "vault/backups/wordpress";
fsType = "zfs";
};
fileSystems."/vault/VMs/legacy" =
{ device = "vault/VMs/legacy";
fsType = "zfs"; fsType = "zfs";
}; };
@@ -93,8 +83,23 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/backups/wordpress" = fileSystems."/vault/backups/documents" =
{ device = "vault/backups/wordpress"; { device = "vault/backups/documents";
fsType = "zfs";
};
fileSystems."/vault/config" =
{ device = "vault/config";
fsType = "zfs";
};
fileSystems."/vault/VMs/legacy" =
{ device = "vault/VMs/legacy";
fsType = "zfs";
};
fileSystems."/vault/frontend" =
{ device = "vault/frontend";
fsType = "zfs"; fsType = "zfs";
}; };

5
modules/networking.nix
View File

@@ -103,6 +103,11 @@ in {
publicKey = "5DU9ipxJcut2wKrUr3yQux9crzXMSW4ZeKWFLRpUc1I="; publicKey = "5DU9ipxJcut2wKrUr3yQux9crzXMSW4ZeKWFLRpUc1I=";
allowedIPs = [ "10.9.0.4/32" ]; allowedIPs = [ "10.9.0.4/32" ];
} }
# manuela
{
publicKey = "V+DaOya2hLuV6C9BeCkDyFqXpPAFq9jMAeg1dvQw/FI=";
allowedIPs = [ "10.9.0.5/32" ];
}
]; ];
}; };
}; };

21
modules/periodic.nix
View File

@@ -15,16 +15,8 @@ in {
cd "$base_folder" || exit cd "$base_folder" || exit
ls | xargs -P10 -I{} git -C {} pull --rebase ls | xargs -P10 -I{} git -C {} pull --rebase
''; '';
serviceConfig = { Type = "oneshot"; }; serviceConfig.Type = "oneshot";
}; startAt = "22:00:00";
systemd.user.timers.git-pull = {
description = "Daily code update";
wantedBy = [ "default.target" ];
timerConfig = {
OnCalendar = "22:00:00";
Unit = "git-pull.service";
};
}; };
# PostgreSQL daily backups # PostgreSQL daily backups
@@ -47,14 +39,7 @@ in {
chown -R dnsmasq ${stateDir} chown -R dnsmasq ${stateDir}
systemctl restart dnsmasq systemctl restart dnsmasq
''; '';
startAt = "02:00:00";
}; };
systemd.timers.download-dns-blocklist = {
description = "Daily download of hosts-blocklists";
wantedBy = [ "default.target" ];
timerConfig = {
OnCalendar = "02:00:00";
Unit = "download-dns-blocklist.service";
};
};
} }

3
modules/webstack.nix
View File

@@ -68,7 +68,4 @@
host all all ::1/128 trust host all all ::1/128 trust
''; '';
}; };
# Restart reverse proxy after services startup
systemd.services.nginx.after = [ "nextcloud.service" ];
} }

2
scripts/sybase-backup.sh
View File

@@ -6,7 +6,7 @@ sybase_service() {
perform_backup() { perform_backup() {
zip -r BBDD_"$(date +"%d%m%Y")".zip /opt/sybase zip -r BBDD_"$(date +"%d%m%Y")".zip /opt/sybase
scp BBDD_"$(date +"%d%m%Y")".zip -i /root/.ssh/unit coace@192.168.122.1:/vault/backups/databases/sica scp -i /root/.ssh/unit BBDD_"$(date +"%d%m%Y")".zip coace@192.168.122.1:/vault/backups/databases/sica
} }
cleanup() { cleanup() {