root/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fmt and lint

Browse source
This commit is contained in:
= 2025-11-08 21:36:09 +00:00
parent ac2780eb5b
commit 30b3066a55
1 changed files with 76 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

150
helpers/services.nix
View file

@ -95,84 +95,86 @@ in {
};
config = {
services.tor.relay.onionServices =
builtins.foldl'
(acc: key:
acc
// {
"${key}" = {
map = [80];
inherit (cfg.${key}.onion) secretKey;
};
})
{}
(builtins.attrNames cfg);
services.caddy = {
enable = true;
virtualHosts = builtins.foldl' (acc: key: let
site = cfg.${key};
vhostKey = "${site.url} ${site.onion.url}";
extraCfg = ''
${site.virtualHostConfig or ""}
header Onion-Location ${site.onion.url}
'';
in
acc
// {
"${vhostKey}" = {
extraConfig = extraCfg;
};
}) {} (builtins.attrNames cfg);
};
services.borgbackup.jobs =
builtins.foldl'
(acc: key: let
site = cfg.${key};
dump = site.backup.database;
paths = builtins.concatLists [
site.backup.paths
(
if dump != null
then ["/var/backup/${key}.sql"]
else []
)
];
preHook = lib.mkIf (dump != null) ''
mkdir -p /var/backup
${pkgs.sudo}/bin/sudo -u postgres pg_dump ${dump} > /var/backup/postgres/${key}.sql
'';
postHook = lib.mkIf (dump != null) ''
rm -f /var/backup/postgres/${key}.sql
'';
in
if site.backup.enable
then
services = {
tor.relay.onionServices =
builtins.foldl'
(acc: key:
acc
// {
"${key}" = {
repo = backup_cfg.borgRepository + "/./${key}";
environment = {
BORG_RSH = "ssh -i ${backup_cfg.borgSSHKey} -o 'StrictHostKeyChecking=no'";
};
inherit paths;
encryption = {
mode = "keyfile";
passCommand = backup_cfg.borgPassCommand;
};
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = -1;
};
inherit preHook;
inherit postHook;
map = [80];
inherit (cfg.${key}.onion) secretKey;
};
}
else acc) {} (builtins.attrNames cfg);
})
{}
(builtins.attrNames cfg);
caddy = {
enable = true;
virtualHosts = builtins.foldl' (acc: key: let
site = cfg.${key};
vhostKey = "${site.url} ${site.onion.url}";
extraCfg = ''
${site.virtualHostConfig or ""}
header Onion-Location ${site.onion.url}
'';
in
acc
// {
"${vhostKey}" = {
extraConfig = extraCfg;
};
}) {} (builtins.attrNames cfg);
};
borgbackup.jobs =
builtins.foldl'
(acc: key: let
site = cfg.${key};
dump = site.backup.database;
paths = builtins.concatLists [
site.backup.paths
(
if dump != null
then ["/var/backup/${key}.sql"]
else []
)
];
preHook = lib.mkIf (dump != null) ''
mkdir -p /var/backup
${pkgs.sudo}/bin/sudo -u postgres pg_dump ${dump} > /var/backup/postgres/${key}.sql
'';
postHook = lib.mkIf (dump != null) ''
rm -f /var/backup/postgres/${key}.sql
'';
in
if site.backup.enable
then
acc
// {
"${key}" = {
repo = backup_cfg.borgRepository + "/./${key}";
environment = {
BORG_RSH = "ssh -i ${backup_cfg.borgSSHKey} -o 'StrictHostKeyChecking=no'";
};
inherit paths;
encryption = {
mode = "keyfile";
passCommand = backup_cfg.borgPassCommand;
};
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = -1;
};
inherit preHook;
inherit postHook;
};
}
else acc) {} (builtins.attrNames cfg);
};
systemd.tmpfiles.settings = {
"99-borgdatabasebackups"."/var/backup/postgres".d = {