commit 0bb9f60b7c2b83dfebe063adc3fbe505b1f82f5b
parent ea338e7a5e383382fd2fd281afc36ff6a5d9ccfb
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sat, 29 Jan 2022 22:25:45 +0100
parent ea338e7a5e383382fd2fd281afc36ff6a5d9ccfb
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sat, 29 Jan 2022 22:25:45 +0100
machines/taurus: notify on service failure, rastic backups
5 files changed, 81 insertions(+), 3 deletions(-)
diff --git a/machines/taurus/configuration.nix b/machines/taurus/configuration.nix @@ -5,6 +5,7 @@ imports = [ ./hardware-configuration.nix ../../configurations/common.nix + ./notify-failure.nix ../../configurations/services/prometheus-node-exporter.nix @@ -14,6 +15,11 @@ ./pleroma ]; + age.secrets.restic-server-lollo.file = ../../secrets/restic-server/lollo.age; + age.secrets.restic-server-desastro.file = ../../secrets/restic-server/desastro.age; + + systemd.services.nginx.onFailure = [ "notify-failure@%i.service" ]; + boot = { loader.grub = { enable = true;
diff --git a/machines/taurus/matrix-synapse.nix b/machines/taurus/matrix-synapse.nix @@ -4,8 +4,29 @@ let secrets = import ../../secrets; in { + + age.secrets.restic-matrix-synapse.file = ../../secrets/taurus/restic/matrix-synapse.age; + + restic-backups.matrix-synapse = { + user = "matrix-synapse"; + passwordFile = config.age.secrets.restic-matrix-synapse.path; + postgresDatabases = [ "matrix-synapse" ]; + paths = [ "/var/lib/matrix-synapse" ]; + }; + + systemd.services.matrix-synapse.onFailure = [ "notify-failure@%i.service" ]; + services = { - postgresql.enable = true; + postgresql = { + enable = true; + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; matrix-synapse = { enable = true;
diff --git a/machines/taurus/notify-failure.nix b/machines/taurus/notify-failure.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +{ + + age.secrets.password-leah-at-f2k1-de.file = ../../secrets/passwords/leah-at-f2k1-de.age; + + programs.msmtp = { + enable = true; + accounts = { + default = { + auth = true; + tls = true; + host = "rx300.kunbox.net"; + port = 587; + user = "leah@f2k1.de"; + from = "${config.networking.fqdn} <leah@f2k1.de>"; + passwordeval = "cat ${config.age.secrets.password-leah-at-f2k1-de.path}"; + }; + }; + }; + + systemd.services."notify-failure@" = { + serviceConfig = { + ExecStart = '' + ${pkgs.runtimeShell} -c "{ echo -n 'Subject:[${config.networking.fqdn}] Service failed: %i\n\n' & ${pkgs.systemd}/bin/systemctl status %i;} | ${pkgs.msmtp}/bin/msmtp -v notify@ctu.cx" + ''; + }; + }; + +}
diff --git a/machines/taurus/pleroma/default.nix b/machines/taurus/pleroma/default.nix @@ -2,10 +2,29 @@ { - systemd.services.pleroma.path = [ pkgs.exiftool ]; + age.secrets.restic-pleroma.file = ../../../secrets/taurus/restic/pleroma.age; + + restic-backups.pleroma = { + user = "pleroma"; + passwordFile = config.age.secrets.restic-pleroma.path; + paths = [ "/var/lib/pleroma" ]; + postgresDatabases = [ "pleroma" ]; + }; + + systemd.services.pleroma.path = [ pkgs.exiftool ]; + systemd.services.pleroma.onFailure = [ "notify-failure@%i.service" ]; services = { - postgresql.enable = true; + postgresql = { + enable = true; + ensureDatabases = [ "pleroma" ]; + ensureUsers = [ + { + name = "pleroma"; + ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES"; + } + ]; + }; pleroma = { enable = true;
diff --git a/machines/taurus/syncthing.nix b/machines/taurus/syncthing.nix @@ -6,6 +6,8 @@ ../../configurations/services/syncthing.nix ]; + systemd.services.syncthing.onFailure = [ "notify-failure@%i.service" ]; + services = { syncthing = { guiAddress = "0.0.0.0:8384";