diff options
Diffstat (limited to 'lass/2configs/websites/domsen.nix')
-rw-r--r-- | lass/2configs/websites/domsen.nix | 54 |
1 files changed, 50 insertions, 4 deletions
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2131c7c6..b9673de7 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -40,6 +40,7 @@ in { "youthtube.xyz" "joemisch.com" "weirdwednesday.de" + "jarugadesign.de" "www.apanowicz.de" "www.nirwanabluete.de" @@ -49,6 +50,7 @@ in { "www.ubikmedia.de" "www.joemisch.com" "www.weirdwednesday.de" + "www.jarugadesign.de" "aldona2.ubikmedia.de" "apanowicz.ubikmedia.de" @@ -63,6 +65,7 @@ in { "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" "crypto4art.ubikmedia.de" + "jarugadesign.ubikmedia.de" ]) ]; @@ -93,6 +96,7 @@ in { hostName = "o.xanf.org"; config = { adminpassFile = toString <secrets> + "/nextcloud_pw"; + overwriteProtocol = "https"; }; https = true; nginx.enable = true; @@ -141,6 +145,7 @@ in { { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "bui@freemonkey.art"; to ="bui"; } { from = "kontakt@alewis.de"; to ="klabusterbeere"; } + { from = "hallo@jarugadesign.de"; to ="kasia"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -150,6 +155,7 @@ in { "ubikmedia.eu" "ubikmedia.de" "alewis.de" + "jarugadesign.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; @@ -234,24 +240,64 @@ in { createHome = true; }; - krebs.on-failure.plans.restic-backups-domsen = {}; + users.users.kasia = { + uid = genid_uint31 "kasia"; + home = "/home/kasia"; + useDefaultShell = true; + createHome = true; + }; + + krebs.on-failure.plans.restic-backups-domsen = { + journalctl = { + lines = 1000; + }; + }; + services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; - repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + repository = "/backups/domsen"; passwordFile = toString <secrets> + "/domsen_backup_pw"; timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ - "/srv/http" "/home/domsen/Mail" "/home/ms/Mail" "/home/klabusterbeere/Mail" "/home/jms/Mail" + "/home/kasia/Mail" "/home/bruno/Mail" "/home/akayguen/Mail" "/backups/sql_dumps" ]; }; + boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; + krebs.syncthing.folders = { + domsen-backups = { + path = "/backups/domsen"; + peers = [ "domsen-backup" ]; + }; + domsen-backup-srv-http = { + path = "/srv/http"; + peers = [ "domsen-backup" ]; + }; + }; + + system.activationScripts.domsen-backups = '' + ${pkgs.coreutils}/bin/chmod 750 /backups + ''; + + krebs.permown = { + "/backups/domsen" = { + owner = "backup"; + group = "syncthing"; + umask = "0007"; + }; + "/srv/http" = { + owner = "syncthing"; + group = "nginx"; + umask = "0007"; + }; + }; + } |