modularized the servers part of my config
This commit is contained in:
parent
ffc1f1122c
commit
7a34d9d9b7
@ -72,7 +72,7 @@ cluttered, for example, I may create a module for systemd units.
|
||||
#+begin_src nix
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./nginx.nix
|
||||
./servers.nix
|
||||
# ./openldap.nix
|
||||
(import "${home-manager}/nixos")
|
||||
# <agenix/modules/age.nix>
|
||||
@ -216,47 +216,11 @@ nixpkgs.config = {
|
||||
};
|
||||
#+end_src
|
||||
|
||||
* SYSTEM USERS
|
||||
This may be a terrible idea, but because I need some of my service applications
|
||||
to be part of specific groups so they have the required permissions to accesss
|
||||
some files, I'm using a declarative approach to set some of them up.
|
||||
|
||||
#+begin_src nix
|
||||
users.groups = {
|
||||
nextcloud.gid = 990;
|
||||
piracy.gid = 985;
|
||||
};
|
||||
|
||||
users.users = {
|
||||
prowlarr = {
|
||||
isSystemUser = true;
|
||||
group = "piracy";
|
||||
};
|
||||
nextcloud = {
|
||||
isSystemUser = true;
|
||||
uid = 990;
|
||||
group = "nextcloud";
|
||||
extraGroups = [ "render" ];
|
||||
packages = (with pkgs; [
|
||||
nodejs_14
|
||||
perl
|
||||
(perlPackages.buildPerlPackage rec {
|
||||
pname = "Image-ExifTool";
|
||||
version = "12.60";
|
||||
src = fetchurl {
|
||||
url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
|
||||
hash = "sha256-c9vgbQBMMQgqVueNfyRvK7AAL7sYNUR7wyorB289Mq0=";
|
||||
};
|
||||
})
|
||||
]);
|
||||
};
|
||||
#+end_src
|
||||
|
||||
* NORMAL USERS
|
||||
Being part of the "wheel" group, means that the user has root privileges.
|
||||
|
||||
#+begin_src nix
|
||||
jawz = {
|
||||
users.users.jawz = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "networkmanager" "docker"
|
||||
"scanner" "lp" "piracy" "kavita"
|
||||
@ -385,8 +349,6 @@ telegram-desktop # furry chat
|
||||
# hugo # website engine
|
||||
nicotine-plus # remember Ares?
|
||||
warp # never used, but supposedly cool for sharing files
|
||||
HentaiAtHome # uh-oh
|
||||
qbittorrent-nox # piracy is fun!
|
||||
#+end_src
|
||||
|
||||
** COMMAND-LINE PACKAGES
|
||||
@ -582,7 +544,7 @@ symbola
|
||||
markdownlint-cli # Linter
|
||||
prettier # Linter
|
||||
pnpm # Package manager
|
||||
]); }; }; # <--- end of package list
|
||||
]); }; # <--- end of package list
|
||||
#+end_src
|
||||
|
||||
* HOME-MANAGER
|
||||
@ -741,7 +703,6 @@ may be challenging.
|
||||
#+begin_src nix
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
docker-compose # easy way to migrate my docker anywhere!
|
||||
jellyfin-ffmpeg # coolest video converter!
|
||||
dlib
|
||||
];
|
||||
@ -804,17 +765,6 @@ environment.variables = rec {
|
||||
};
|
||||
#+end_src
|
||||
|
||||
* DOCKER
|
||||
Virtualisation settings for Docker. NixOS offers an option to declaratively run
|
||||
docker-compose images using [[https://nixos.wiki/wiki/Docker][Arion]]. Could be an interesting thing to try out.
|
||||
|
||||
#+begin_src nix
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
storageDriver = "btrfs";
|
||||
};
|
||||
#+end_src
|
||||
|
||||
* SNAPRAID
|
||||
It's a parity raid utility which creates a scheme similar to what UNRAID
|
||||
offered, except not in real time, I schedule it to run every night, so it keeps
|
||||
@ -899,13 +849,10 @@ programs = {
|
||||
#+end_src
|
||||
|
||||
* SERVICES
|
||||
|
||||
** MISC
|
||||
Miscellaneous services, most of which are managed by systemd.
|
||||
|
||||
#+begin_src nix
|
||||
services = {
|
||||
# vaultwarden.enable = true;
|
||||
minidlna = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
@ -917,35 +864,6 @@ services = {
|
||||
];
|
||||
};
|
||||
};
|
||||
postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "paperless" "nextcloud" "mealie" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "nextcloud";
|
||||
ensurePermissions = {
|
||||
"DATABASE nextcloud" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "paperless";
|
||||
ensurePermissions = {
|
||||
"DATABASE paperless" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "mealie";
|
||||
ensurePermissions = {
|
||||
"DATABASE mealie" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
];
|
||||
authentication = pkgs.lib.mkOverride 10 ''
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
};
|
||||
printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.hplip pkgs.hplipWithPlugin ];
|
||||
@ -981,99 +899,6 @@ services = {
|
||||
defaultEditor = true;
|
||||
package = pkgs.emacs;
|
||||
};
|
||||
#+end_src
|
||||
|
||||
** PIRACY
|
||||
All the fun stuff happens here >:).
|
||||
|
||||
#+begin_src nix
|
||||
prowlarr.enable = true;
|
||||
kavita = {
|
||||
enable = true;
|
||||
tokenKeyFile = "${pkgs.writeText "kavitaToken" "A\u002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjj\u002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}";
|
||||
};
|
||||
sonarr = {
|
||||
enable = true;
|
||||
package = unstable.pkgs.sonarr;
|
||||
group = "piracy";
|
||||
};
|
||||
radarr = {
|
||||
enable = true;
|
||||
package = unstable.pkgs.radarr;
|
||||
group = "piracy";
|
||||
};
|
||||
bazarr = {
|
||||
enable = true;
|
||||
group = "piracy";
|
||||
};
|
||||
jellyfin = {
|
||||
enable = true;
|
||||
group = "piracy";
|
||||
};
|
||||
#+end_src
|
||||
|
||||
** NEXTCLOUD
|
||||
This configuration may not 100% work on a fresh installation, as some of the
|
||||
settings declared take into account pre-existing configurations and apps.
|
||||
|
||||
#+begin_src nix
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
https = true;
|
||||
package = pkgs.nextcloud27;
|
||||
appstoreEnable = true;
|
||||
configureRedis = true;
|
||||
maxUploadSize = "512M";
|
||||
extraAppsEnable = true;
|
||||
enableImagemagick = true;
|
||||
hostName = "cloud.servidos.lat";
|
||||
config = {
|
||||
adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
|
||||
overwriteProtocol = "https";
|
||||
defaultPhoneRegion = "MX";
|
||||
dbtype = "pgsql";
|
||||
dbuser = "nextcloud";
|
||||
dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}";
|
||||
dbtableprefix = "oc_";
|
||||
dbname = "nextcloud";
|
||||
trustedProxies = [ "nginx" ];
|
||||
extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ];
|
||||
};
|
||||
phpOptions = {
|
||||
catch_workers_output = "yes";
|
||||
display_errors = "stderr";
|
||||
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
|
||||
expose_php = "Off";
|
||||
"opcache.enable_cli" = "1";
|
||||
"opcache.fast_shutdown" = "1";
|
||||
"opcache.interned_strings_buffer" = "16";
|
||||
"opcache.jit" = "1255";
|
||||
"opcache.jit_buffer_size" = "128M";
|
||||
"opcache.max_accelerated_files" = "10000";
|
||||
"opcache.memory_consumption" = "128";
|
||||
"opcache.revalidate_freq" = "1";
|
||||
"opcache.save_comments" = "1";
|
||||
"opcache.validate_timestamps" = "0";
|
||||
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
|
||||
short_open_tag = "Off";
|
||||
};
|
||||
extraOptions = {
|
||||
mail_smtpmode = "sendmail";
|
||||
mail_sendmailmode = "pipe";
|
||||
"installed" = true;
|
||||
"memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool";
|
||||
enabledPreviewProviders = [
|
||||
"OC\\Preview\\Image"
|
||||
"OC\\Preview\\HEIC"
|
||||
"OC\\Preview\\TIFF"
|
||||
"OC\\Preview\\MKV"
|
||||
"OC\\Preview\\MP4"
|
||||
"OC\\Preview\\AVI"
|
||||
"OC\\Preview\\Movie"
|
||||
];
|
||||
};
|
||||
phpExtraExtensions = all: [ all.pdlib all.bz2 ];
|
||||
};
|
||||
};
|
||||
#+end_src
|
||||
|
||||
@ -1083,62 +908,15 @@ the best way to define them for now, is using nix.
|
||||
|
||||
#+begin_src nix
|
||||
systemd = {
|
||||
packages = [ pkgs.qbittorrent-nox ];
|
||||
services = {
|
||||
docker-compose = {
|
||||
"qbittorrent-nox@jawz" = {
|
||||
enable = true;
|
||||
restartIfChanged = true;
|
||||
description = "Start docker-compose servers";
|
||||
after = [ "docker.service" "docker.socket" ];
|
||||
requires = [ "docker.service" "docker.socket" ];
|
||||
wantedBy = [ "default.target" ];
|
||||
environment = {
|
||||
FILE = "/home/jawz/Development/Docker/docker-compose.yml";
|
||||
};
|
||||
path = [
|
||||
pkgs.docker-compose
|
||||
];
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = 30;
|
||||
ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
|
||||
ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
|
||||
};
|
||||
};
|
||||
nextcloud-cronjob = let jawzNextcloudCronjob = pkgs.writeScriptBin
|
||||
"nextcloud-cronjob" (builtins.readFile ./scripts/nextcloud-cronjob.sh); in {
|
||||
description = "Runs various nextcloud-related cronjobs";
|
||||
wantedBy = [ "default.target" ];
|
||||
path = [
|
||||
pkgs.bash
|
||||
jawzNextcloudCronjob
|
||||
];
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = 30;
|
||||
ExecStart = "${jawzNextcloudCronjob}/bin/nextcloud-cronjob";
|
||||
};
|
||||
};
|
||||
qbittorrent-nox = {
|
||||
enable = true;
|
||||
description = "qBittorrent-nox service";
|
||||
serviceConfig = {
|
||||
Type = "exec";
|
||||
ExecStart= "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=9091";
|
||||
User = "jawz";
|
||||
};
|
||||
overrideStrategy = "asDropin";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
timers = {
|
||||
nextcloud-cronjob = {
|
||||
enable = true;
|
||||
description = "Runs various nextcloud-related cronjobs";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "*:0/10";
|
||||
};
|
||||
};
|
||||
};
|
||||
timers = { };
|
||||
user = {
|
||||
services = {
|
||||
HentaiAtHome = {
|
||||
@ -1195,22 +973,6 @@ systemd = {
|
||||
ExecStart = "${jawzTasks}/bin/tasks";
|
||||
};
|
||||
};
|
||||
update-dns = let jawzUpdateDns = pkgs.writeScriptBin
|
||||
"update-dns" (builtins.readFile ./scripts/update-dns.sh); in {
|
||||
restartIfChanged = true;
|
||||
description = "update DNS of my websites";
|
||||
wantedBy = [ "default.target" ];
|
||||
path = [
|
||||
pkgs.bash
|
||||
pkgs.nix
|
||||
jawzUpdateDns
|
||||
];
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = 30;
|
||||
ExecStart = "${jawzUpdateDns}/bin/update-dns";
|
||||
};
|
||||
};
|
||||
qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in {
|
||||
restartIfChanged = true;
|
||||
description = "Tidy up my torrents";
|
||||
@ -1235,15 +997,6 @@ systemd = {
|
||||
OnCalendar = "*:0/10";
|
||||
};
|
||||
};
|
||||
update-dns = {
|
||||
enable = true;
|
||||
description = "update DNS of my websites";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = "1min";
|
||||
OnUnitActiveSec = "6h";
|
||||
};
|
||||
};
|
||||
qbit_manage = {
|
||||
enable = true;
|
||||
description = "Tidy up my torrents";
|
||||
@ -1265,23 +1018,22 @@ Open ports in the firewall.
|
||||
networking = {
|
||||
firewall = let
|
||||
open_firewall_ports = [
|
||||
80 # http
|
||||
443 # https
|
||||
6969 # HentaiAtHome
|
||||
25152 # ssh
|
||||
51413 # torrent
|
||||
];
|
||||
open_firewall_port_ranges = [
|
||||
{ from = 1714; to = 1764; } # kdeconnect
|
||||
];
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
allowedTCPPorts = open_firewall_ports;
|
||||
allowedUDPPorts = open_firewall_ports;
|
||||
allowedTCPPortRanges = open_firewall_port_ranges;
|
||||
allowedUDPPortRanges = open_firewall_port_ranges;
|
||||
};
|
||||
};
|
||||
# networking.firewall.enable = false;
|
||||
#+end_src
|
||||
|
||||
* MISC SETTINGS
|
||||
|
||||
10
nginx.nix
10
nginx.nix
@ -101,12 +101,12 @@ in {
|
||||
"library.servidos.lat" = proxy kavitaPort // { };
|
||||
"bookmarks.servidos.lat" = proxy shioriPort // { };
|
||||
"start.servidos.lat" = proxy flamePort // { };
|
||||
"qampqwn4wprhqny8h8zj.servidos.lat" = proxy secretFlamePort // { };
|
||||
"music.servidos.lat" = proxy lidarrPort // { };
|
||||
"subs.servidos.lat" = proxy bazarrPort // { };
|
||||
"series.servidos.lat" = proxy sonarrPort // { };
|
||||
"vault.servidos.lat" = proxy vaultPort // { };
|
||||
"searx.servidos.lat" = proxy searxPort // { };
|
||||
"qampqwn4wprhqny8h8zj.servidos.lat" = proxy secretFlamePort // { };
|
||||
"flix.servidos.lat" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
@ -192,4 +192,12 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
networking = {
|
||||
firewall = let open_firewall_ports = [ 80 443 ];
|
||||
in {
|
||||
enable = true;
|
||||
allowedTCPPorts = open_firewall_ports;
|
||||
allowedUDPPorts = open_firewall_ports;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
218
servers.nix
Normal file
218
servers.nix
Normal file
@ -0,0 +1,218 @@
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
let
|
||||
unstable = import
|
||||
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
|
||||
config = config.nixpkgs.config;
|
||||
};
|
||||
in {
|
||||
imports = [ ./nginx.nix ];
|
||||
users.groups = {
|
||||
nextcloud.gid = 990;
|
||||
piracy.gid = 985;
|
||||
kavita.gid = 982;
|
||||
};
|
||||
users.users = let
|
||||
base = uid: {
|
||||
uid = uid;
|
||||
group = "piracy";
|
||||
isSystemUser = true;
|
||||
};
|
||||
in {
|
||||
prowlarr = base 987 // { };
|
||||
sonarr = base 274 // { };
|
||||
radarr = base 275 // { };
|
||||
nextcloud = {
|
||||
isSystemUser = true;
|
||||
uid = 990;
|
||||
group = "nextcloud";
|
||||
extraGroups = [ "render" ];
|
||||
packages = (with pkgs; [
|
||||
nodejs_14
|
||||
perl
|
||||
(perlPackages.buildPerlPackage rec {
|
||||
pname = "Image-ExifTool";
|
||||
version = "12.60";
|
||||
src = fetchurl {
|
||||
url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
|
||||
hash = "sha256-c9vgbQBMMQgqVueNfyRvK7AAL7sYNUR7wyorB289Mq0=";
|
||||
};
|
||||
})
|
||||
]);
|
||||
};
|
||||
};
|
||||
services = let
|
||||
base = {
|
||||
enable = true;
|
||||
group = "piracy";
|
||||
};
|
||||
in {
|
||||
prowlarr.enable = true;
|
||||
kavita = {
|
||||
enable = true;
|
||||
tokenKeyFile = "${pkgs.writeText "kavitaToken"
|
||||
"Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}";
|
||||
};
|
||||
sonarr = base // { package = unstable.pkgs.sonarr; };
|
||||
radarr = base // { package = unstable.pkgs.radarr; };
|
||||
bazarr = base // { };
|
||||
jellyfin = base // { };
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
https = true;
|
||||
package = pkgs.nextcloud27;
|
||||
appstoreEnable = true;
|
||||
configureRedis = true;
|
||||
extraAppsEnable = true;
|
||||
enableImagemagick = true;
|
||||
maxUploadSize = "512M";
|
||||
hostName = "cloud.servidos.lat";
|
||||
config = {
|
||||
adminpassFile = "${pkgs.writeText "adminpass"
|
||||
"Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
|
||||
overwriteProtocol = "https";
|
||||
defaultPhoneRegion = "MX";
|
||||
dbtype = "pgsql";
|
||||
dbuser = "nextcloud";
|
||||
dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}";
|
||||
dbtableprefix = "oc_";
|
||||
dbname = "nextcloud";
|
||||
trustedProxies = [ "nginx" ];
|
||||
extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ];
|
||||
};
|
||||
phpOptions = {
|
||||
catch_workers_output = "yes";
|
||||
display_errors = "stderr";
|
||||
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
|
||||
expose_php = "Off";
|
||||
"opcache.enable_cli" = "1";
|
||||
"opcache.fast_shutdown" = "1";
|
||||
"opcache.interned_strings_buffer" = "16";
|
||||
"opcache.jit" = "1255";
|
||||
"opcache.jit_buffer_size" = "128M";
|
||||
"opcache.max_accelerated_files" = "10000";
|
||||
"opcache.memory_consumption" = "128";
|
||||
"opcache.revalidate_freq" = "1";
|
||||
"opcache.save_comments" = "1";
|
||||
"opcache.validate_timestamps" = "0";
|
||||
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
|
||||
short_open_tag = "Off";
|
||||
};
|
||||
extraOptions = {
|
||||
mail_smtpmode = "sendmail";
|
||||
mail_sendmailmode = "pipe";
|
||||
"installed" = true;
|
||||
"memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool";
|
||||
enabledPreviewProviders = [
|
||||
"OC\\Preview\\Image"
|
||||
"OC\\Preview\\HEIC"
|
||||
"OC\\Preview\\TIFF"
|
||||
"OC\\Preview\\MKV"
|
||||
"OC\\Preview\\MP4"
|
||||
"OC\\Preview\\AVI"
|
||||
"OC\\Preview\\Movie"
|
||||
];
|
||||
};
|
||||
phpExtraExtensions = all: [ all.pdlib all.bz2 ];
|
||||
};
|
||||
postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "paperless" "nextcloud" "mealie" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "nextcloud";
|
||||
ensurePermissions = { "DATABASE nextcloud" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
{
|
||||
name = "paperless";
|
||||
ensurePermissions = { "DATABASE paperless" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
{
|
||||
name = "mealie";
|
||||
ensurePermissions = { "DATABASE mealie" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
authentication = pkgs.lib.mkOverride 10 ''
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
};
|
||||
};
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
storageDriver = "btrfs";
|
||||
};
|
||||
systemd = {
|
||||
services = {
|
||||
docker-compose = {
|
||||
enable = true;
|
||||
restartIfChanged = true;
|
||||
description = "Start docker-compose servers";
|
||||
after = [ "docker.service" "docker.socket" ];
|
||||
requires = [ "docker.service" "docker.socket" ];
|
||||
wantedBy = [ "default.target" ];
|
||||
environment = {
|
||||
FILE = "/home/jawz/Development/Docker/docker-compose.yml";
|
||||
};
|
||||
path = [ pkgs.docker-compose ];
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = 30;
|
||||
ExecStart =
|
||||
"${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
|
||||
ExecStop =
|
||||
"${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
|
||||
};
|
||||
};
|
||||
nextcloud-cronjob = let
|
||||
jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob"
|
||||
(builtins.readFile ./scripts/nextcloud-cronjob.sh);
|
||||
in {
|
||||
description = "Runs various nextcloud-related cronjobs";
|
||||
wantedBy = [ "default.target" ];
|
||||
path = [ pkgs.bash jawzNextcloudCronjob ];
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = 30;
|
||||
# ${config.services.nextcloud.package}
|
||||
ExecStart = "${jawzNextcloudCronjob}/bin/nextcloud-cronjob";
|
||||
};
|
||||
};
|
||||
};
|
||||
timers = {
|
||||
nextcloud-cronjob = {
|
||||
enable = true;
|
||||
description = "Runs various nextcloud-related cronjobs";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = { OnCalendar = "*:0/10"; };
|
||||
};
|
||||
};
|
||||
user.services = {
|
||||
update-dns = let
|
||||
jawzUpdateDns = pkgs.writeScriptBin "update-dns"
|
||||
(builtins.readFile ./scripts/update-dns.sh);
|
||||
in {
|
||||
restartIfChanged = true;
|
||||
description = "update DNS of my websites";
|
||||
wantedBy = [ "default.target" ];
|
||||
path = [ pkgs.bash pkgs.nix jawzUpdateDns ];
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = 30;
|
||||
ExecStart = "${jawzUpdateDns}/bin/update-dns";
|
||||
};
|
||||
};
|
||||
};
|
||||
user.timers = {
|
||||
update-dns = {
|
||||
enable = true;
|
||||
description = "update DNS of my websites";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = "1min";
|
||||
OnUnitActiveSec = "6h";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user