From 4822043a8bc366965402d57a9bbfad93185e0e40 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Mon, 23 Sep 2024 20:16:19 +0800 Subject: [PATCH] massicot: switch to ssd --- machines/massicot/kanidm-provision.nix | 6 +++++ machines/massicot/services.nix | 34 ++++++++++++++++++++------ machines/massicot/services/restic.nix | 18 +++++++------- 3 files changed, 41 insertions(+), 17 deletions(-) diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix index 2439be6..bd38b03 100644 --- a/machines/massicot/kanidm-provision.nix +++ b/machines/massicot/kanidm-provision.nix @@ -37,6 +37,7 @@ "xin" "zhuo" "ycm" + "yzl" ]; }; grafana-superadmins = { @@ -73,6 +74,11 @@ displayName = "Chunming"; mailAddresses = [ "chunmingyou@gmail.com" ]; }; + + yzl = { + displayName = "Zhengli Yang"; + mailAddresses = [ "13391935399@189.cn" ]; + }; }; systems.oauth2 = { forgejo = { diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix index 4be75c5..dfdac4d 100644 --- a/machines/massicot/services.nix +++ b/machines/massicot/services.nix @@ -268,15 +268,33 @@ in virtualHosts."http://auth.xinyang.life:80".extraConfig = '' reverse_proxy ${config.security.acme.certs."auth.xinyang.life".listenHTTP} ''; - virtualHosts."https://auth.xinyang.life".extraConfig = '' - reverse_proxy https://127.0.0.1:${toString kanidm_listen_port} { - header_up Host {upstream_hostport} - header_down Access-Control-Allow-Origin "*" - transport http { - tls_server_name ${config.services.kanidm.serverSettings.domain} + virtualHosts."https://auth.xinyang.life".extraConfig = + let + reverseProxyKanidm = '' + reverse_proxy https://127.0.0.1:${toString kanidm_listen_port} { + header_up Host {upstream_hostport} + header_down Access-Control-Allow-Origin "*" + transport http { + tls_server_name ${config.services.kanidm.serverSettings.domain} + } } - } - ''; + ''; + in + '' + reverse_proxy /oauth2/openid/owncloud/userinfo https://127.0.0.1:${toString kanidm_listen_port} { + header_up Host {upstream_hostport} + header_down Access-Control-Allow-Origin "*" + transport http { + tls_server_name ${config.services.kanidm.serverSettings.domain} + } + @error status 400 + handle_response @error { + rewrite /oauth2/openid/owncloud/userinfo /oauth2/openid/owncloud-android/userinfo + ${reverseProxyKanidm} + } + } + ${reverseProxyKanidm} + ''; virtualHosts."https://rss.xinyang.life".extraConfig = '' reverse_proxy ${config.custom.miniflux.environment.LISTEN_ADDR} diff --git a/machines/massicot/services/restic.nix b/machines/massicot/services/restic.nix index 9a319bb..c8c28be 100644 --- a/machines/massicot/services/restic.nix +++ b/machines/massicot/services/restic.nix @@ -5,9 +5,9 @@ ... }: let - sqliteBackup = path: '' - mkdir -p /backup${path} - ${lib.getExe pkgs.sqlite} ${path} "vacuum into '/var/backup${path}'" + sqliteBackup = fromPath: toPath: file: '' + mkdir -p ${toPath} + ${lib.getExe pkgs.sqlite} ${fromPath} ".backup '${toPath}/${file}'" ''; in { @@ -25,7 +25,7 @@ in repositoryFile = config.sops.secrets."restic/repo".path; passwordFile = config.sops.secrets."restic/password".path; paths = [ - "/var/backup" + "/backup" "/mnt/storage" ]; }; @@ -34,15 +34,15 @@ in enable = true; compression = "zstd"; compressionLevel = 9; - location = "/var/backup/postgresql"; + location = "/backup/postgresql"; }; services.restic.backups.${config.networking.hostName} = { backupPrepareCommand = builtins.concatStringsSep "\n" [ - (sqliteBackup "/var/lib/hedgedoc/db.sqlite") - (sqliteBackup "/var/lib/bitwarden_rs/db.sqlite3") - (sqliteBackup "/var/lib/gotosocial/database.sqlite") - (sqliteBackup "/var/lib/kanidm/kanidm.db") + (sqliteBackup "/var/lib/hedgedoc/db.sqlite" "/backup/hedgedoc" "db.sqlite") + (sqliteBackup "/var/lib/bitwarden_rs/db.sqlite3" "/backup/bitwarden_rs" "db.sqlite3") + (sqliteBackup "/var/lib/gotosocial/database.sqlite" "/backup/gotosocial" "database.sqlite") + (sqliteBackup "/var/lib/kanidm/kanidm.db" "/backup/kanidm" "kanidm.db") ]; extraBackupArgs = [ "--limit-upload=1024"