borg the rest

2025-11-08 19:19:39 +00:00 · 2025-11-08 19:19:39 +00:00 · 59dd33d66c
commit 59dd33d66c
parent 767bbd6a5f
8 changed files with 147 additions and 26 deletions
--- a/services/akkoma.nix
+++ b/services/akkoma.nix
@ -41,12 +41,13 @@ in {
      };
    };
    borgbackup.jobs."akkoma" = {
-      repo = "ssh://n65yc7ze@n65yc7ze.repo.borgbase.com/./repo";
+      repo = "ssh://u506783@u506783.your-storagebox.de:23/./akkoma";
      environment = {
        BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
      };
      paths = [
        "/var/lib/akkoma"
        "/var/backup/postgres/akkoma.sql"
      ];
      encryption.mode = "none";
      compression = "auto,lzma";
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@ -17,7 +17,7 @@ in {
      };
    };
    borgbackup.jobs."forgejo" = {
-      repo = "ssh://v4379v0z@v4379v0z.repo.borgbase.com/./repo";
+      repo = "ssh://u506783@u506783.your-storagebox.de:23/./forgejo";
      environment = {
        BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
      };
--- a/services/lldap.nix
+++ b/services/lldap.nix
@ -3,15 +3,34 @@
 in {
  age.secrets."hidden_service/lldap".file = ../secrets/hidden_service/lldap;
-  services.lldap = {
+  services = {
-    enable = true;
+    lldap = {
-    settings = {
+      enable = true;
-      http_url = "https://login.distrust.network";
+      settings = {
-      http_port = lldapPort;
+        http_url = "https://login.distrust.network";
-      ldap_user_email = "root@distrust.network";
+        http_port = lldapPort;
-      ldap_user_dn = "root";
+        ldap_user_email = "root@distrust.network";
-      ldap_base_dn = "dc=distrust,dc=network";
+        ldap_user_dn = "root";
-      ldap_user_pass = "VERY_SECURE";
+        ldap_base_dn = "dc=distrust,dc=network";
        ldap_user_pass = "VERY_SECURE";
      };
    };
    borgbackup.jobs."lldap" = {
      repo = "ssh://u506783@u506783.your-storagebox.de:23/./lldap";
      environment = {
        BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
      };
      paths = [
        "/var/lib/lldap"
      ];
      encryption.mode = "none";
      compression = "auto,lzma";
      startAt = "daily";
      prune.keep = {
        daily = 7;
        weekly = 4;
        monthly = -1;
      };
    };
  };
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@ -15,4 +15,22 @@
      uris = ["ldap://localhost:3890"];
    };
  };
  services.borgbackup.jobs."mailserver" = {
    repo = "ssh://u506783@u506783.your-storagebox.de:23/./mailserver";
    environment = {
      BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
    };
    paths = [
      "/var/vmail/ldap"
    ];
    encryption.mode = "none";
    compression = "auto,lzma";
    startAt = "daily";
    prune.keep = {
      daily = 7;
      weekly = 4;
      monthly = -1;
    };
  };
 }
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -41,6 +41,34 @@ in {
      "listen.owner" = "caddy";
      "listen.group" = "caddy";
    };
    borgbackup.jobs."nextcloud" = {
      repo = "ssh://u506783@u506783.your-storagebox.de:23/./nextcloud";
      environment = {
        BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
      };
      paths = [
        "/var/lib/nextcloud"
        "/var/backup/postgres/nextcloud.sql"
      ];
      encryption.mode = "none";
      compression = "auto,lzma";
      startAt = "daily";
      prune.keep = {
        daily = 7;
        weekly = 4;
        monthly = -1;
      };
      readWritePaths = [
        "/var/backup/postgres"
      ];
      preHook = ''
        mkdir -p /var/backup/postgres
        ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump nextcloud > /var/backup/postgres/nextcloud.sql
      '';
      postHook = ''
        rm -f /var/backup/postgres/nextcloud.sql
      '';
    };
  };
  distrust.services."nextcloud" = {
--- a/services/paste.nix
+++ b/services/paste.nix
@ -3,15 +3,34 @@
 in {
  age.secrets."hidden_service/microbin".file = ../secrets/hidden_service/microbin;
-  services.microbin = {
+  services = {
-    enable = true;
+    microbin = {
-    settings = {
+      enable = true;
-      MICROBIN_PORT = pastePort;
+      settings = {
-      MICROBIN_ENABLE_BURN_AFTER = true;
+        MICROBIN_PORT = pastePort;
-      MICROBIN_QR = true;
+        MICROBIN_ENABLE_BURN_AFTER = true;
-      MICROBIN_NO_LISTING = true;
+        MICROBIN_QR = true;
-      MICROBIN_HIGHLIGHTSYNTAX = true;
+        MICROBIN_NO_LISTING = true;
-      MICROBIN_PUBLIC_PATH = "https://paste.distrust.network/";
+        MICROBIN_HIGHLIGHTSYNTAX = true;
        MICROBIN_PUBLIC_PATH = "https://paste.distrust.network/";
      };
    };
    borgbackup.jobs."microbin" = {
      repo = "ssh://u506783@u506783.your-storagebox.de:23/./microbin";
      environment = {
        BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
      };
      paths = [
        "/var/lib/microbin"
      ];
      encryption.mode = "none";
      compression = "auto,lzma";
      startAt = "daily";
      prune.keep = {
        daily = 7;
        weekly = 4;
        monthly = -1;
      };
    };
  };
--- a/services/prosody.nix
+++ b/services/prosody.nix
@ -46,6 +46,23 @@
        file_server
      }
    '';
    borgbackup.jobs."prosody" = {
      repo = "ssh://u506783@u506783.your-storagebox.de:23/./prosody";
      environment = {
        BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
      };
      paths = [
        "/var/lib/prosody"
      ];
      encryption.mode = "none";
      compression = "auto,lzma";
      startAt = "daily";
      prune.keep = {
        daily = 7;
        weekly = 4;
        monthly = -1;
      };
    };
  };
  security.acme = {
--- a/services/vaultwarden.nix
+++ b/services/vaultwarden.nix
@ -6,13 +6,32 @@ in {
    "hidden_service/vaultwarden".file = ../secrets/hidden_service/vaultwarden;
  };
-  services.vaultwarden = {
+  services = {
-    enable = true;
+    vaultwarden = {
-    config = {
+      enable = true;
-      DOMAIN = "https://vault.distrust.network";
+      config = {
-      ROCKET_PORT = vaultPort;
+        DOMAIN = "https://vault.distrust.network";
        ROCKET_PORT = vaultPort;
      };
      environmentFile = config.age.secrets."vaultwarden.env".path;
    };
    borgbackup.jobs."vaultwarden" = {
      repo = "ssh://u506783@u506783.your-storagebox.de:23/./vaultwarden";
      environment = {
        BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
      };
      paths = [
        "/var/lib/vaultwarden"
      ];
      encryption.mode = "none";
      compression = "auto,lzma";
      startAt = "daily";
      prune.keep = {
        daily = 7;
        weekly = 4;
        monthly = -1;
      };
    };
    environmentFile = config.age.secrets."vaultwarden.env".path;
  };
  distrust.services."vaultwarden" = {