lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-config/hosts/servers/db-01.nix
Lander Van den Bulcke 2abbc3cd4e
feat: add docuseal 
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
2025-10-21 14:52:19 +02:00

115 lines
2.2 KiB
Nix
Raw Permalink Blame History

{ config, pkgs, ... }:
{
systemd.network.networks."30-wan".addresses = [
{
Address = "2a01:4f8:c012:15d4::/64";
}
];
services.postgresql = {
enable = true;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
#type database dbuser origin-address auth-method
local all all trust
host all all 100.64.0.0/24 trust # trust tailnet
'';
ensureDatabases = [
"atuin"
"authelia"
"forgejo"
"kinky-vaultwarden"
"kinky-docuseal"
"lldap"
"mealie"
];
ensureUsers = [
{
name = "atuin";
ensureDBOwnership = true;
}
{
name = "authelia";
ensureDBOwnership = true;
}
{
name = "forgejo";
ensureDBOwnership = true;
}
{
name = "kinky-vaultwarden";
ensureDBOwnership = true;
}
{
name = "kinky-docuseal";
ensureDBOwnership = true;
}
{
name = "lldap";
ensureDBOwnership = true;
}
{
name = "mealie";
ensureDBOwnership = true;
}
];
};
services.postgresqlBackup = {
enable = true;
startAt = "*-*-* 02:00:00";
databases = [
"atuin"
"authelia"
"forgejo"
"kinky-vaultwarden"
"kinky-docuseal"
"lldap"
"mealie"
];
};
services.restic.backups = {
postgresql = {
initialize = true;
repositoryFile = config.sops.secrets.restic-repository.path;
passwordFile = config.sops.secrets.restic-password.path;
environmentFile = config.sops.secrets.restic-environment.path;
timerConfig = {
OnCalendar = "03:00";
Persistent = true;
};
paths = [
"/var/backup/postgresql"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-weekly 12"
];
};
};
sops = {
defaultSopsFile = ./db-01.yaml;
validateSopsFiles = false;
secrets = {
restic-environment = {
owner = "root";
};
restic-password = {
owner = "root";
};
restic-repository = {
owner = "root";
};
};
};
system.stateVersion = "25.05";
}
Reference in a new issue View git blame Copy permalink