From 53c9655b7b63337036d96c18a242ea9c0b0381ff Mon Sep 17 00:00:00 2001 From: inexcode Date: Fri, 26 Aug 2022 14:21:05 +0400 Subject: [PATCH] Switched to binds, volume management, new API --- api/api-module.nix | 38 +++++++++++++++++++++++++++++++- configuration.nix | 2 ++ git/gitea.nix | 8 ++++++- mailserver/system/mailserver.nix | 15 +++++++++++-- nextcloud/nextcloud.nix | 10 +++++++-- passmgr/bitwarden.nix | 12 +++++++++- social/pleroma.nix | 12 +++++++++- variables-module.nix | 36 ++++++++++++++++++++++++++++++ variables.nix | 9 ++++++++ volumes.nix | 15 +++++++++++++ webserver/nginx.nix | 1 + 11 files changed, 150 insertions(+), 8 deletions(-) create mode 100644 volumes.nix diff --git a/api/api-module.nix b/api/api-module.nix index 9d66dcb..4d830f0 100644 --- a/api/api-module.nix +++ b/api/api-module.nix @@ -57,12 +57,48 @@ in pkgs.mkpasswd pkgs.util-linux pkgs.e2fsprogs + pkgs.iproute2 ]; after = [ "network-online.target" ]; wantedBy = [ "network-online.target" ]; serviceConfig = { User = "root"; - ExecStart = "${pkgs.selfprivacy-api}/bin/app.py"; + ExecStart = "${pkgs.selfprivacy-graphql-api}/bin/app.py"; + Restart = "always"; + RestartSec = "5"; + }; + }; + systemd.services.selfprivacy-api-worker = { + description = "Task worker for SelfPrivacy API"; + environment = config.nix.envVars // { + inherit (config.environment.sessionVariables) NIX_PATH; + HOME = "/root"; + PYTHONUNBUFFERED = "1"; + ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0"); + B2_BUCKET = cfg.b2Bucket; + PYTHONPATH = pkgs.selfprivacy-graphql-api.pythonPath + ":${pkgs.selfprivacy-graphql-api}/lib/python3.9/site-packages/"; + } // config.networking.proxy.envVars; + path = [ + "/var/" + "/var/dkim/" + pkgs.coreutils + pkgs.gnutar + pkgs.xz.bin + pkgs.gzip + pkgs.gitMinimal + config.nix.package.out + pkgs.nixos-rebuild + pkgs.restic + pkgs.mkpasswd + pkgs.util-linux + pkgs.e2fsprogs + pkgs.iproute2 + ]; + after = [ "network-online.target" ]; + wantedBy = [ "network-online.target" ]; + serviceConfig = { + User = "root"; + ExecStart = "${pkgs.python39Packages.huey}/bin/huey_consumer.py selfprivacy_api.task_registry.huey"; Restart = "always"; RestartSec = "5"; }; diff --git a/configuration.nix b/configuration.nix index d69cc2f..70c1263 100644 --- a/configuration.nix +++ b/configuration.nix @@ -9,6 +9,7 @@ in ./variables-module.nix ./variables.nix ./files.nix + ./volumes.nix ./users.nix ./mailserver/system/mailserver.nix ./vpn/ocserv.nix @@ -75,6 +76,7 @@ in options = "--delete-older-than 7d"; }; }; + services.journald.extraConfig = "SystemMaxUse=500M"; boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; }; diff --git a/git/gitea.nix b/git/gitea.nix index 56f938e..961e9b2 100644 --- a/git/gitea.nix +++ b/git/gitea.nix @@ -1,8 +1,14 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let cfg = config.services.userdata; in { + fileSystems = lib.mkIf cfg.useBinds { + "/var/lib/gitea" = { + device = "/volumes/${cfg.gitea.location}/gitea"; + options = [ "bind" ]; + }; + }; services = { gitea = { enable = cfg.gitea.enable; diff --git a/mailserver/system/mailserver.nix b/mailserver/system/mailserver.nix index bd269e0..d97e102 100644 --- a/mailserver/system/mailserver.nix +++ b/mailserver/system/mailserver.nix @@ -13,6 +13,17 @@ in }) ]; + fileSystems = lib.mkIf cfg.useBinds { + "/var/vmail" = { + device = "/volumes/${cfg.email.location}/vmail"; + options = [ "bind" ]; + }; + "/var/sieve" = { + device = "/volumes/${cfg.email.location}/sieve"; + options = [ "bind" ]; + }; + }; + users.users = { virtualMail = { isNormalUser = false; @@ -32,7 +43,7 @@ in sieveScript = '' require ["fileinto", "mailbox"]; if header :contains "Chat-Version" "1.0" - { + { fileinto :create "DeltaChat"; stop; } @@ -46,7 +57,7 @@ in sieveScript = '' require ["fileinto", "mailbox"]; if header :contains "Chat-Version" "1.0" - { + { fileinto :create "DeltaChat"; stop; } diff --git a/nextcloud/nextcloud.nix b/nextcloud/nextcloud.nix index 2cacf85..5bebca0 100644 --- a/nextcloud/nextcloud.nix +++ b/nextcloud/nextcloud.nix @@ -1,11 +1,17 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, ... }: let cfg = config.services.userdata; in { + fileSystems = lib.mkIf cfg.useBinds { + "/var/lib/nextcloud" = { + device = "/volumes/${cfg.nextcloud.location}/nextcloud"; + options = [ "bind" ]; + }; + }; services.nextcloud = { enable = cfg.nextcloud.enable; - package = pkgs.nextcloud22; + package = pkgs.nextcloud23; hostName = "cloud.${cfg.domain}"; # Use HTTPS for links diff --git a/passmgr/bitwarden.nix b/passmgr/bitwarden.nix index 0a3ff6c..b798a09 100644 --- a/passmgr/bitwarden.nix +++ b/passmgr/bitwarden.nix @@ -1,8 +1,18 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, ... }: let cfg = config.services.userdata; in { + fileSystems = lib.mkIf cfg.useBinds { + "/var/lib/bitwarden" = { + device = "/volumes/${cfg.bitwarden.location}/bitwarden"; + options = [ "bind" ]; + }; + "/var/lib/bitwarden_rs" = { + device = "/volumes/${cfg.bitwarden.location}/bitwarden_rs"; + options = [ "bind" ]; + }; + }; services.vaultwarden = { enable = cfg.bitwarden.enable; dbBackend = "sqlite"; diff --git a/social/pleroma.nix b/social/pleroma.nix index 9ffb88c..34bcc7c 100644 --- a/social/pleroma.nix +++ b/social/pleroma.nix @@ -1,8 +1,18 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, ... }: let cfg = config.services.userdata; in { + fileSystems = lib.mkIf cfg.useBinds { + "/var/lib/pleroma" = { + device = "/volumes/${cfg.pleroma.location}/pleroma"; + options = [ "bind" ]; + }; + "/var/lib/postgresql" = { + device = "/volumes/${cfg.pleroma.location}/postgresql"; + options = [ "bind" ]; + }; + }; services = { pleroma = { enable = cfg.pleroma.enable; diff --git a/variables-module.nix b/variables-module.nix index 2b0a7ea..43bc7fd 100644 --- a/variables-module.nix +++ b/variables-module.nix @@ -99,24 +99,46 @@ in default = false; type = types.nullOr types.bool; }; + location = mkOption { + default = "sda1"; + type = types.nullOr types.str; + }; + }; + email = { + location = mkOption { + default = "sda1"; + type = types.nullOr types.str; + }; }; gitea = { enable = mkOption { default = false; type = types.nullOr types.bool; }; + location = mkOption { + default = "sda1"; + type = types.nullOr types.str; + }; }; nextcloud = { enable = mkOption { default = true; type = types.nullOr types.bool; }; + location = mkOption { + default = "sda1"; + type = types.nullOr types.str; + }; }; pleroma = { enable = mkOption { default = false; type = types.nullOr types.bool; }; + location = mkOption { + default = "sda1"; + type = types.nullOr types.str; + }; }; jitsi = { enable = mkOption { @@ -163,5 +185,19 @@ in type = types.nullOr (types.listOf (types.attrsOf types.anything)); default = [ ]; }; + ############## + # Volumes # + ############## + volumes = mkOption { + description = '' + Volumes that will be created on the server + ''; + type = types.nullOr (types.listOf (types.attrsOf types.anything)); + default = [ ]; + }; + useBinds = mkOption { + type = types.nullOr types.bool; + default = false; + }; }; } diff --git a/variables.nix b/variables.nix index 32bd57c..6651999 100644 --- a/variables.nix +++ b/variables.nix @@ -23,15 +23,19 @@ in }; bitwarden = { enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData; + location = lib.attrsets.attrByPath [ "bitwarden" "location" ] "sda1" jsonData; }; gitea = { enable = lib.attrsets.attrByPath [ "gitea" "enable" ] false jsonData; + location = lib.attrsets.attrByPath [ "gitea" "location" ] "sda1" jsonData; }; nextcloud = { enable = lib.attrsets.attrByPath [ "nextcloud" "enable" ] false jsonData; + location = lib.attrsets.attrByPath [ "nextcloud" "location" ] "sda1" jsonData; }; pleroma = { enable = lib.attrsets.attrByPath [ "pleroma" "enable" ] false jsonData; + location = lib.attrsets.attrByPath [ "pleroma" "location" ] "sda1" jsonData; }; jitsi = { enable = lib.attrsets.attrByPath [ "jitsi" "enable" ] false jsonData; @@ -44,6 +48,11 @@ in rootKeys = lib.attrsets.attrByPath [ "ssh" "rootKeys" ] [ "" ] jsonData; passwordAuthentication = lib.attrsets.attrByPath [ "ssh" "passwordAuthentication" ] true jsonData; }; + email = { + location = lib.attrsets.attrByPath [ "email" "location" ] "sda1" jsonData; + }; users = lib.attrsets.attrByPath [ "users" ] [ ] jsonData; + volumes = lib.attrsets.attrByPath [ "volumes" ] [ ] jsonData; + useBinds = lib.attrsets.attrByPath [ "useBinds" ] false jsonData; }; } diff --git a/volumes.nix b/volumes.nix new file mode 100644 index 0000000..45cf6f6 --- /dev/null +++ b/volumes.nix @@ -0,0 +1,15 @@ +{ pkgs, config, ... }: +let + cfg = config.services.userdata; +in +{ + fileSystems = { } // builtins.listToAttrs (builtins.map + (volume: { + name = "${volume.mountPoint}"; + value = { + device = "${volume.device}"; + fsType = "${volume.fsType}"; + }; + }) + cfg.volumes); +} diff --git a/webserver/nginx.nix b/webserver/nginx.nix index cdd6936..dda81fb 100644 --- a/webserver/nginx.nix +++ b/webserver/nginx.nix @@ -126,6 +126,7 @@ in locations = { "/" = { proxyPass = "http://127.0.0.1:5050"; + proxyWebsockets = true; }; }; };