postgres: enable backups

2022-06-23 08:50:22 +10:00 · 2022-06-23 08:50:22 +10:00 · 4b89840421
parent 5dcefef47f
commit 4b89840421
7 changed files with 35 additions and 1 deletions
--- a/nix/sources.json
+++ b/nix/sources.json
@ -55,6 +55,18 @@
        "url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixos2111": {
        "branch": "nixos-21.11",
        "description": "Nix Packages collection",
        "homepage": "",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "63198c9ccefdbd337cef0d85db0ea2689f4ce418",
        "sha256": "05gc6xyv8a2dppngm1q44j85j769lr90lg20s6jv62gfg344i50r",
        "type": "tarball",
        "url": "https://github.com/nixos/nixpkgs/archive/63198c9ccefdbd337cef0d85db0ea2689f4ce418.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixpkgs": {
        "branch": "nixos-22.05",
        "builtin": false,
--- a/profiles/gitea.nix
+++ b/profiles/gitea.nix
@ -64,6 +64,8 @@
    ];
  };
  services.postgresqlBackup.databases = ["gitea"];
  services.nginx = {
    enable = true; # Enable Nginx
    recommendedGzipSettings = true;
--- a/profiles/hydra.nix
+++ b/profiles/hydra.nix
@ -39,6 +39,8 @@
    ];
  };
  services.postgresqlBackup.databases = ["hydra"];
  networking.firewall.allowedTCPPorts = [config.services.hydra.port];
  #services.hydra-dev = {
--- a/profiles/matrix.nix
+++ b/profiles/matrix.nix
@ -145,6 +145,8 @@
    };
  };
  services.postgresqlBackup.databases = ["matrix-synapse"];
  security.acme = {
    acceptTerms = true;
    certs = {
--- a/profiles/nextcloud.nix
+++ b/profiles/nextcloud.nix
@ -45,6 +45,8 @@
    ];
  };
  services.postgresqlBackup.databases = ["nextcloud"];
  services.nginx = {
    enable = true; # Enable Nginx
    recommendedGzipSettings = true;
--- a/profiles/server_common.nix
+++ b/profiles/server_common.nix
@ -4,7 +4,10 @@
  pkgs,
  lib,
  ...
-}: {
+}: let
  sources = import ../nix/sources.nix;
  nixpkgs2111 = (import sources.nixos2111 {}).pkgs;
 in {
  imports = [
    ../profiles/openssh.nix
    ../secrets/user-craige.nix
@ -16,6 +19,15 @@
    withUtempter = true;
  };
  services.postgresql = {
    package = nixpkgs2111.postgresql_9_6;
  };
  services.postgresqlBackup = {
    enable = true;
    compression = "zstd";
  };
  security.polkit.enable = false; # avoid CVE-2021-4034 (PwnKit)
  services.udisks2.enable = false; # disable udisks2 which enables polkit
 }
--- a/profiles/tt-rss.nix
+++ b/profiles/tt-rss.nix
@ -43,6 +43,8 @@
    ];
  };
  services.postgresqlBackup.databases = ["tt_rss"];
  services.nginx = {
    enable = true; # Enable Nginx
    recommendedGzipSettings = true;