From c93b98cc1b6e61761111223db362be1d3f480bee Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 13 Oct 2025 21:44:00 -0500 Subject: [PATCH] feat: added vaultwarden to syncthing backups --- modules/nixos/services/postgresql/default.nix | 13 ++++++------- modules/nixos/services/syncthing/default.nix | 2 ++ .../nixos/services/vaultwarden/default.nix | 19 +++++++++++++------ 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index 294e1bb..1d13f6f 100755 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -16,13 +16,12 @@ in enable = true; location = backupPath; # compression = "zstd"; - # startAt = "*-*-* 07:00:00"; - backupAll = true; - # databases = [ - # instances.mastodon.name - # instances.forgejo.name - # instances.firefly-iii.name - # ]; + startAt = "*-*-* 07:00:00"; + # backupAll = true; + databases = [ + instances.mastodon.name + instances.firefly-iii.name + ]; }; postgresql = { enable = true; diff --git a/modules/nixos/services/syncthing/default.nix b/modules/nixos/services/syncthing/default.nix index 9b36e95..70855fe 100755 --- a/modules/nixos/services/syncthing/default.nix +++ b/modules/nixos/services/syncthing/default.nix @@ -15,6 +15,7 @@ let localhost = instances.web.localhost.address1; postgres = instances.postgresql; forgejo = instances.forgejo; + vaultwarden = instances.vaultwarden; backupPath = "${service.paths.path1}"; syncDevices = { @@ -70,6 +71,7 @@ in "d ${backupPath} 0755 ${service.name} ${service.name} -" "d ${backupPath}/${postgres.name} 0755 ${postgres.name} ${service.name} -" "d ${backupPath}/${forgejo.name} 0750 ${forgejo.name} ${service.name} -" + "d ${backupPath}/${vaultwarden.name} 750 ${vaultwarden.name} ${service.name} -" ]; networking = { diff --git a/modules/nixos/services/vaultwarden/default.nix b/modules/nixos/services/vaultwarden/default.nix index 751c066..5e0e8b8 100755 --- a/modules/nixos/services/vaultwarden/default.nix +++ b/modules/nixos/services/vaultwarden/default.nix @@ -4,15 +4,18 @@ ... }: let - inherit (flake.config.services.instances) smtp vaultwarden web; - service = vaultwarden; - localhost = web.localhost.address0; + inherit (flake.config.services) instances; + service = instances.vaultwarden; + localhost = instances.web.localhost.address0; host = service.domains.url0; + syncthing = instances.syncthing; + + backupPath = "${syncthing.paths.path1}/${service.name}"; in { services = { vaultwarden = { - backupDir = service.paths.path0; + backupDir = backupPath; enable = true; environmentFile = config.sops.secrets."${service.name}/env".path; config = { @@ -24,8 +27,8 @@ in SMTP_EMBED_IMAGES = true; SMTP_FROM = service.email.address0; SMTP_FROM_NAME = service.label; - SMTP_HOST = smtp.hostname; - SMTP_PORT = smtp.ports.port0; + SMTP_HOST = instances.smtp.hostname; + SMTP_PORT = instances.smtp.ports.port0; SMTP_SECURITY = "starttls"; SMTP_USERNAME = service.email.address0; @@ -88,6 +91,10 @@ in "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" ]; + users.users.${service.name}.extraGroups = [ + syncthing.name + ]; + networking = { firewall = { allowedTCPPorts = [