Compare commits
28 commits
mail-serve
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| b814af9ac3 | |||
| d5b92c037f | |||
| 037257b5e2 | |||
| aa193bf423 | |||
| 9606a755d0 | |||
| 24094cad31 | |||
| 983f47440f | |||
| 3aff383a2c | |||
| 67c1f553fb | |||
| 652c1b5778 | |||
| 336b840fcd | |||
| 72a4be3c5d | |||
| aff2d5ab64 | |||
| 6bb66f3e21 | |||
| 17aa3246df | |||
| da6919a997 | |||
| dd41dfb7d9 | |||
| a0fb0388c8 | |||
| e86c411aca | |||
| 1cb4864c7c | |||
| 096d89956e | |||
| 24b4fa2c8e | |||
| 13642fbbab | |||
| cc26134518 | |||
| 7d6c9faba2 | |||
| a055679544 | |||
| dfc43c0ed4 | |||
| 316bd3e9a2 |
6 changed files with 145 additions and 35 deletions
70
backup.nix
Normal file
70
backup.nix
Normal file
|
|
@ -0,0 +1,70 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
#necessary prep work:
|
||||
# GRANT CONNECT ON DATABASE misskey TO "misskey-backup";
|
||||
# GRANT SELECT ON ALL TABLES IN SCHEMA public TO "misskey-backup";
|
||||
# GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "misskey-backup";
|
||||
#
|
||||
# TODO: automate this cause it needs to be done whenever db schema changes
|
||||
let
|
||||
user = "misskey-backup";
|
||||
group = user;
|
||||
|
||||
backupConfigFile = "/etc/misskey-backup/conf";
|
||||
s3Cfg = "/etc/misskey-backup/s3cfg";
|
||||
backupScript = pkgs.writeShellApplication {
|
||||
name = "misskey-backup";
|
||||
|
||||
runtimeInputs = with pkgs; [
|
||||
gzip
|
||||
config.services.postgresql.package
|
||||
s3cmd
|
||||
coreutils
|
||||
age
|
||||
];
|
||||
|
||||
text = ''
|
||||
configFile="$1"
|
||||
s3cfg="$2"
|
||||
|
||||
ageRecipient="age17ckyc69njpryytc63ynn545jswyucg28k5xg3043g3j6q38dxqwq0wzhm2"
|
||||
bucket="$(grep 'bucket=' < "$configFile" | sed 's/bucket \?= \?')"
|
||||
prefix="$(grep 'prefix=' < "$configFile" | sed 's/prefix \?= \?')"
|
||||
|
||||
s3Dir="s3://$bucket/$prefix""misskey-$(date --iso-8601)"
|
||||
echo "Uploading backups to '$s3Dir'"
|
||||
|
||||
function upload () {
|
||||
name="$1"
|
||||
|
||||
age -r "$ageRecipient" | s3cmd put --config "$s3cfg" - "$s3Dir/$name.age"
|
||||
}
|
||||
|
||||
echo "Uploading config"
|
||||
tar -cz -C /srv/misskey/.config . | upload "config.tar.gz"
|
||||
|
||||
echo "Dumping postgres database..."
|
||||
pg_dump misskey | gzip | upload "pg_dump.sql.gz"
|
||||
|
||||
echo "Uploading redis database..."
|
||||
tar -cz -C /var/lib/redis-misskey . | upload "redis.tar.gz"
|
||||
|
||||
echo "Backup complete to '$s3Dir'"
|
||||
'';
|
||||
};
|
||||
in {
|
||||
users.users."${user}" = {
|
||||
isSystemUser = true;
|
||||
inherit group;
|
||||
};
|
||||
users.groups."${group}" = { };
|
||||
services.postgresql.ensureUsers = [{ name = user; }];
|
||||
|
||||
services.cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
# run every monday at ass in the morning, EST"
|
||||
"0 8 0 0 1 ${user} ${backupScript} ${backupConfigFile} ${s3Cfg}"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
@ -5,6 +5,8 @@
|
|||
./heartles-xyz-proxy.nix
|
||||
./ogdo.nix
|
||||
./postfix.nix
|
||||
./nebula.nix
|
||||
./backup.nix
|
||||
];
|
||||
|
||||
nix.settings = {
|
||||
|
|
|
|||
12
flake.lock
12
flake.lock
|
|
@ -2,11 +2,11 @@
|
|||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1719838683,
|
||||
"narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=",
|
||||
"lastModified": 1734529975,
|
||||
"narHash": "sha256-ze3IJksru9dN0keqUxY0WNf8xrwfs8Ty/z9v/keyBbg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69",
|
||||
"rev": "72d11d40b9878a67c38f003c240c2d2e1811e72a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -24,11 +24,11 @@
|
|||
},
|
||||
"unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1719848872,
|
||||
"narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
|
||||
"lastModified": 1734424634,
|
||||
"narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
|
||||
"rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -142,11 +142,17 @@ in {
|
|||
rewrite .* $path_full break;
|
||||
proxy_pass https://s3.us-west-1.wasabisys.com;
|
||||
'';
|
||||
|
||||
locations."/localfiles/" = {
|
||||
root = "/srv/www";
|
||||
tryFiles = "$uri =404";
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."egirls.gay" = {
|
||||
inherit listen;
|
||||
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
useACMEHost = "egirls.gay";
|
||||
locations."/" = {
|
||||
|
|
@ -192,7 +198,7 @@ in {
|
|||
#
|
||||
# pnpm2nix does not work due to misskey using workspaces
|
||||
environment.systemPackages =
|
||||
[ nodejs nodePackages.pnpm pkgs.cypress pkgs.pkg-config pkgs.vips ];
|
||||
[ nodejs pkgs.pnpm pkgs.cypress pkgs.pkg-config pkgs.vips ];
|
||||
environment.sessionVariables = {
|
||||
CYPRESS_INSTALL_BINARY = "0";
|
||||
CYPRESS_RUN_BINARY = "${pkgs.cypress}/bin/Cypress";
|
||||
|
|
|
|||
26
nebula.nix
Normal file
26
nebula.nix
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
{ pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = [ pkgs.nebula ];
|
||||
services.nebula.networks.home = {
|
||||
enable = true;
|
||||
isLighthouse = true;
|
||||
cert = "/var/lib/nebula/node.crt";
|
||||
key = "/var/lib/nebula/node.key";
|
||||
ca = "/var/lib/nebula/ca.crt";
|
||||
|
||||
firewall.inbound = [{
|
||||
host = "any";
|
||||
port = "any";
|
||||
proto = "any";
|
||||
}];
|
||||
firewall.outbound = [{
|
||||
host = "any";
|
||||
port = "any";
|
||||
proto = "any";
|
||||
}];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 4242 ];
|
||||
networking.firewall.allowedUDPPorts = [ 4242 ];
|
||||
}
|
||||
62
ogdo.nix
62
ogdo.nix
|
|
@ -4,7 +4,7 @@
|
|||
enable = true;
|
||||
|
||||
# ꙮ.run
|
||||
virtualHosts."xn--xx8a.run" = {
|
||||
virtualHosts = let
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
|
|
@ -15,42 +15,48 @@
|
|||
addr = "[::]";
|
||||
}
|
||||
# deliberately avoid listening with https
|
||||
];
|
||||
|
||||
rejectSSL = true;
|
||||
root = "/srv/ogdo";
|
||||
|
||||
extraConfig = ''
|
||||
error_page 404 /;
|
||||
access_log /var/log/nginx/ogdo.log combined;
|
||||
add_header 'Cache-Control' 'no-cache';
|
||||
'';
|
||||
|
||||
locations."/" = { index = "/index.html"; };
|
||||
locations."~ ^/.+" = {
|
||||
root = "/srv/ogdo/served-files";
|
||||
tryFiles = "$uri =404";
|
||||
extraConfig = ''
|
||||
default_type application/pdf;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."ogdo.run" = {
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 80;
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
{
|
||||
port = 80;
|
||||
port = 443;
|
||||
ssl = true;
|
||||
addr = "[::]";
|
||||
}
|
||||
];
|
||||
|
||||
rejectSSL = true;
|
||||
in {
|
||||
"xn--xx8a.run" = {
|
||||
inherit listen rejectSSL;
|
||||
root = "/srv/ogdo";
|
||||
|
||||
locations."/".return = "301 http://xn--xx8a.run$request_uri";
|
||||
extraConfig = ''
|
||||
error_page 404 /;
|
||||
access_log /var/log/nginx/ogdo.log combined;
|
||||
add_header 'Cache-Control' 'no-cache';
|
||||
'';
|
||||
|
||||
locations."/" = { index = "/index.html"; };
|
||||
locations."~ ^/.+" = {
|
||||
root = "/srv/ogdo/served-files";
|
||||
tryFiles = "$uri =404";
|
||||
extraConfig = ''
|
||||
default_type application/pdf;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"ogdo.run" = {
|
||||
inherit listen rejectSSL;
|
||||
locations."/".return = "301 http://xn--xx8a.run$request_uri";
|
||||
};
|
||||
|
||||
"ꙮ.run" = {
|
||||
inherit listen rejectSSL;
|
||||
locations."/".return = "301 http://ogdo.run$request_uri";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue