diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-24 16:09:20 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-24 16:09:20 +0100 |
| commit | b5fc07416652a445f15946ce7e5fc48766cf6722 (patch) | |
| tree | de37587f0673e4aea12bc0532ee1b3879ab1e31c /system/services | |
| parent | fix(modules/back): Set now needed source code URL environment variable (diff) | |
| download | nixos-server-b5fc07416652a445f15946ce7e5fc48766cf6722.tar.gz nixos-server-b5fc07416652a445f15946ce7e5fc48766cf6722.zip | |
refactor(modules/impermanence): Migrate to by-name while distributing mods
Diffstat (limited to 'system/services')
| -rw-r--r-- | system/services/fail2ban/default.nix | 9 | ||||
| -rw-r--r-- | system/services/mail/default.nix | 4 | ||||
| -rw-r--r-- | system/services/mail/impermanence.nix | 46 | ||||
| -rw-r--r-- | system/services/mastodon/default.nix | 9 | ||||
| -rw-r--r-- | system/services/matrix/default.nix | 18 | ||||
| -rw-r--r-- | system/services/minecraft/default.nix | 9 | ||||
| -rw-r--r-- | system/services/murmur/default.nix | 9 | ||||
| -rw-r--r-- | system/services/taskserver/default.nix | 5 |
8 files changed, 109 insertions, 0 deletions
diff --git a/system/services/fail2ban/default.nix b/system/services/fail2ban/default.nix index f1487e4..1c47568 100644 --- a/system/services/fail2ban/default.nix +++ b/system/services/fail2ban/default.nix @@ -1,4 +1,13 @@ {...}: { + vhack.persist.directories = [ + { + directory = "/var/lib/fail2ban"; + user = "fail2ban"; + group = "fail2ban"; + mode = "0700"; + } + ]; + services.fail2ban = { enable = true; maxretry = 7; # ban after 7 failures diff --git a/system/services/mail/default.nix b/system/services/mail/default.nix index 382a87f..c69e6bd 100644 --- a/system/services/mail/default.nix +++ b/system/services/mail/default.nix @@ -6,6 +6,10 @@ ]; users = import ./users.nix {}; in { + imports = [ + ./impermanence.nix + ]; + mailserver = lib.recursiveUpdate { enable = true; diff --git a/system/services/mail/impermanence.nix b/system/services/mail/impermanence.nix new file mode 100644 index 0000000..22a5318 --- /dev/null +++ b/system/services/mail/impermanence.nix @@ -0,0 +1,46 @@ +{...}: { + vhack.persist.directories = [ + { + directory = "/var/lib/mail/backup"; + user = "virtualMail"; + group = "virtualMail"; + mode = "0700"; + } + { + directory = "/var/lib/mail/sieve"; + user = "virtualMail"; + group = "virtualMail"; + mode = "0700"; + } + { + directory = "/var/lib/mail/vmail"; + user = "virtualMail"; + group = "virtualMail"; + mode = "0700"; + } + { + directory = "/var/lib/mail/dkim"; + user = "opendkim"; + group = "opendkim"; + mode = "0700"; + } + { + directory = "/var/lib/postfix/data"; + user = "postfix"; + group = "postfix"; + mode = "0700"; + } + { + directory = "/var/lib/postfix/queue"; + user = "postfix"; + group = "postfix"; + mode = "0700"; + } + { + directory = "/var/lib/rspamd"; + user = "rspamd"; + group = "rspamd"; + mode = "0700"; + } + ]; +} diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index f613bf3..15b8609 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -9,6 +9,15 @@ patches = (attrs.patches or []) ++ [./patches/0001-feat-treewide-Increase-character-limit-to-5000-in-me.patch]; }); in { + vhack.persist.directories = [ + { + directory = "/var/lib/mastodon"; + user = "mastodon"; + group = "mastodon"; + mode = "0700"; + } + ]; + services.mastodon = { enable = true; diff --git a/system/services/matrix/default.nix b/system/services/matrix/default.nix index b75d1f1..043d9c0 100644 --- a/system/services/matrix/default.nix +++ b/system/services/matrix/default.nix @@ -14,6 +14,24 @@ in { networking.firewall.allowedTCPPorts = [80 443]; + vhack.persist.directories = [ + { + directory = "/var/lib/matrix"; + user = "matrix-synapse"; + group = "matrix-synapse"; + mode = "0700"; + } + { + directory = "/var/lib/mautrix-whatsapp"; + user = "mautrix-whatsapp"; + group = "matrix-synapse"; + mode = "0750"; + } + ]; + systemd.tmpfiles.rules = [ + "d /etc/matrix 0755 matrix-synapse matrix-synapse" + ]; + services = { postgresql = { enable = true; diff --git a/system/services/minecraft/default.nix b/system/services/minecraft/default.nix index e659af0..9bc98b9 100644 --- a/system/services/minecraft/default.nix +++ b/system/services/minecraft/default.nix @@ -1,4 +1,13 @@ {lib, ...}: { + vhack.persist.directories = [ + { + directory = "/var/lib/minecraft"; + user = "minecraft"; + group = "minecraft"; + mode = "0700"; + } + ]; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "minecraft-server" diff --git a/system/services/murmur/default.nix b/system/services/murmur/default.nix index 1dcd781..dec79ba 100644 --- a/system/services/murmur/default.nix +++ b/system/services/murmur/default.nix @@ -1,6 +1,15 @@ {...}: let murmurStore = "/var/lib/murmur"; in { + vhack.persist.directories = [ + { + directory = "/var/lib/murmur"; + user = "murmur"; + group = "murmur"; + mode = "0700"; + } + ]; + services.murmur = { enable = true; openFirewall = true; diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix index 2e4370f..04b6a8b 100644 --- a/system/services/taskserver/default.nix +++ b/system/services/taskserver/default.nix @@ -4,6 +4,11 @@ in { environment.etc = { "tmpfiles.d/taskserver.conf".source = config.age.secrets.taskserverSystemdTmpfiles.path; }; + + vhack.persist.directories = [ + "/var/lib/taskserver" + ]; + services.taskserver = { enable = true; pki.manual = { |