working sql dump over ssh

configuration.nix

@@ -1,15 +1,20 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
 {
-  imports =
-    [ # Include the results of the hardware scan.
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
     ./hardware-configuration.nix
   ];
 
+  services.postgresql = {
+    dataDir = "/pool/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
+  };
+
   nix.settings.experimental-features = ["nix-command" "flakes"];
   powerManagement.enable = false;
 
@@ -17,8 +22,8 @@
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sdc";
   boot.loader.grub.useOSProber = true;
-
-  networking.hostName = "nixos"; # Define your hostname.
+  networking = {
+    hostName = "nixos"; # Define your hostname.
     # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
     # Configure network proxy if necessary
@@ -26,7 +31,15 @@
     # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 
     # Enable networking
-  networking.networkmanager.enable = true;
+    networkmanager.enable = true;
+
+    # Open ports in the firewall.
+    firewall.allowedTCPPorts = [80 443];
+
+    extraHosts = ''
+      192.168.1.88 nas
+    '';
+  };
 
   # Set your time zone.
   time.timeZone = "Europe/Stockholm";
@@ -106,7 +119,6 @@
     openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMYGJCpFIiWqzy8YbfWh7+i52XVwyhUu+P0rUglVR5uV gws@nixos"];
   };
 
-
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
@@ -126,20 +138,23 @@
     nil
     starship
     tailscale
+    alejandra
   ];
-
-  programs.fish= {
+  programs = {
+    ssh.startAgent = true;
+    fish = {
       enable = true;
       shellInit = "starship init fish | source";
     };
-  programs.starship.enable = true;
-  programs.starship.settings = {
+    starship.enable = true;
+    starship.settings = {
       shell = {
         disabled = false;
         fish_indicator = "";
         bash_indicator = "BASH";
       };
     };
+  };
 
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
@@ -165,9 +180,6 @@
       environmentFile = "/etc/nixos/.secrets/cloudflare_dns_tokend";
     };
   };
-
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
@@ -180,5 +192,4 @@
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "23.11"; # Did you read the comment?
-
 }

filebrowser.nix

@@ -12,7 +12,7 @@ in
       After="network-online.target";
     };
     serviceConfig = {
-      ExecStart = "${filebrowser}/bin/filebrowser -r /mnt/movie_drive -d /var/lib/filebrowser/filebrowser.db";
+      ExecStart = "${filebrowser}/bin/filebrowser -r /pool/media/ -d /var/lib/filebrowser/filebrowser.db";
       User= "jellyfin";
       Type= "simple";
     };

flake.lock

@@ -58,11 +58,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1712745070,
-        "narHash": "sha256-75kSMjyCD5/IliSPkBcBSBamwPYF30Ddr8Ef2XxDfiE=",
+        "lastModified": 1713880523,
+        "narHash": "sha256-/dMwfs3toYi2SzrItwpTLKWMSIquAptdCClC2FB608Y=",
         "ref": "refs/heads/main",
-        "rev": "c2650ecab1c7b9b2e10d690b40e82817d257b53a",
-        "revCount": 28,
+        "rev": "5e986b284d6a7b81fd437822f6279dd915494c54",
+        "revCount": 29,
         "type": "git",
         "url": "https://git.sondell.org/glennwso/home.git"
       },

flake.nix

@@ -30,6 +30,7 @@
         ./tail.nix
         ./matrix.nix
         ./coturn.nix  
+        ./vaultwarden.nix
         (import ./mail.nix {inherit mailserver;})
         (import ./homepage.nix {inherit homepage;})
       ];

forgejo.nix

@@ -7,6 +7,7 @@ in
 {
   services.forgejo = {
     enable = true;
+    stateDir = "/pool/var/lib/forgejo";
     settings = {
       service = {
         # DISABLE_REGISTRATION = true;

hardware-configuration.nix

@@ -21,7 +21,10 @@
     { device = "/dev/disk/by-uuid/f3463885-fde8-4488-9442-37ced2b2c8f3";
       fsType = "ext4";
     };
-
+  fileSystems."/pool" = {
+    device = "/dev/pool1/vol1";
+    fsType = "ext4";
+  };
 
   swapDevices = [ ];
 

nextcloud.nix

@@ -8,6 +8,27 @@ in
   environment.systemPackages = [
     nextcloud
   ];
+  systemd.timers."nextcloud-backup" = {
+    wantedBy = [ "timers.target" ];
+      timerConfig = {
+        # OnBootSec = "5m";
+        # OnUnitActiveSec = "5m";
+        OnCalendar="*-*-* 2:00:00";
+        Unit = "nextcloud-backup.service";
+      };
+  };
+
+  systemd.services."nextcloud-backup" = {
+    script = with pkgs; ''
+      set -eu
+      ${postgresql}/bin/pg_dump "nextcloud" | ${openssh}/bin/ssh -i /etc/nixos/.secrets/tulpan Glenn@nas "cat - > back/nextcloud/dump.sql" 
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "postgres";
+    };
+  };
+  
   services = {
     nginx.virtualHosts = {
       ${domain} = {

vaultwarden.nix

@@ -0,0 +1,22 @@
+{ ... }:
+
+let
+  domain = "pw.sondell.org";
+  port = "8222";
+in
+{
+  # 
+  services.vaultwarden = {
+    enable = true;
+  };
+
+
+  services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${port}/";
+    };
+  };
+}
+