feat: added vaultwarden to syncthing backups

2025-12-07 13:32:15 -06:00 · 2025-10-13 21:44:00 -05:00 · 2025-10-13 21:44:00 -05:00 · c93b98cc1b
commit c93b98cc1b
parent 47061534c0
3 changed files with 21 additions and 13 deletions
--- a/modules/nixos/services/postgresql/default.nix
+++ b/modules/nixos/services/postgresql/default.nix
@ -16,13 +16,12 @@ in
      enable = true;
      location = backupPath;
      # compression = "zstd";
-      # startAt = "*-*-* 07:00:00";
-      backupAll = true;
-      # databases = [
-      #   instances.mastodon.name
-      #   instances.forgejo.name
-      #   instances.firefly-iii.name
-      # ];
+      startAt = "*-*-* 07:00:00";
+      # backupAll = true;
+      databases = [
+        instances.mastodon.name
+        instances.firefly-iii.name
+      ];
    };
    postgresql = {
      enable = true;
--- a/modules/nixos/services/syncthing/default.nix
+++ b/modules/nixos/services/syncthing/default.nix
@ -15,6 +15,7 @@ let
  localhost = instances.web.localhost.address1;
  postgres = instances.postgresql;
  forgejo = instances.forgejo;
+  vaultwarden = instances.vaultwarden;
  backupPath = "${service.paths.path1}";

  syncDevices = {
@ -70,6 +71,7 @@ in
    "d ${backupPath} 0755 ${service.name} ${service.name} -"
    "d ${backupPath}/${postgres.name} 0755 ${postgres.name} ${service.name} -"
    "d ${backupPath}/${forgejo.name} 0750 ${forgejo.name} ${service.name} -"
+    "d ${backupPath}/${vaultwarden.name} 750 ${vaultwarden.name} ${service.name} -"
  ];

  networking = {
--- a/modules/nixos/services/vaultwarden/default.nix
+++ b/modules/nixos/services/vaultwarden/default.nix
@ -4,15 +4,18 @@
  ...
 }:
 let
-  inherit (flake.config.services.instances) smtp vaultwarden web;
-  service = vaultwarden;
-  localhost = web.localhost.address0;
+  inherit (flake.config.services) instances;
+  service = instances.vaultwarden;
+  localhost = instances.web.localhost.address0;
  host = service.domains.url0;
+  syncthing = instances.syncthing;
+
+  backupPath = "${syncthing.paths.path1}/${service.name}";
 in
 {
  services = {
    vaultwarden = {
-      backupDir = service.paths.path0;
+      backupDir = backupPath;
      enable = true;
      environmentFile = config.sops.secrets."${service.name}/env".path;
      config = {
@ -24,8 +27,8 @@ in
        SMTP_EMBED_IMAGES = true;
        SMTP_FROM = service.email.address0;
        SMTP_FROM_NAME = service.label;
-        SMTP_HOST = smtp.hostname;
-        SMTP_PORT = smtp.ports.port0;
+        SMTP_HOST = instances.smtp.hostname;
+        SMTP_PORT = instances.smtp.ports.port0;
        SMTP_SECURITY = "starttls";
        SMTP_USERNAME = service.email.address0;

@ -88,6 +91,10 @@ in
    "Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
  ];

+  users.users.${service.name}.extraGroups = [
+    syncthing.name
+  ];
+
  networking = {
    firewall = {
      allowedTCPPorts = [