From d0b926251d718c9572354d6bba26f330c6b3c1ee Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:47:06 +0000 Subject: [PATCH 01/21] nixos: services: mealie: persist data --- modules/nixos/services/mealie/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 664d5ba..7d3fd96 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -72,6 +72,16 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/${config.systemd.services.mealie.serviceConfig.StateDirectory}" + ]; + }; + + my.system.persist.directories = [ + "/var/lib/${config.systemd.services.mealie.serviceConfig.StateDirectory}" + ]; + services.fail2ban.jails = { mealie = '' enabled = true From cb0f8e91a05e4cdc415b15aab6a0f0c510283a57 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:40:29 +0100 Subject: [PATCH 02/21] nixos: services: monitoring: persist data --- modules/nixos/services/monitoring/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/monitoring/default.nix b/modules/nixos/services/monitoring/default.nix index 49919c1..4415cb5 100644 --- a/modules/nixos/services/monitoring/default.nix +++ b/modules/nixos/services/monitoring/default.nix @@ -130,5 +130,10 @@ in inherit (cfg.grafana) port; }; }; + + my.system.persist.directories = [ + config.services.grafana.dataDir + "/var/lib/${config.services.prometheus.stateDir}" + ]; }; } From dbb6b38eba61f9bec482867fd3a3e081d68bce06 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:23 +0100 Subject: [PATCH 03/21] nixos: services: navidrome: persist data --- modules/nixos/services/navidrome/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index c513b91..106e01d 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -53,6 +53,10 @@ in }; }; + my.system.persist.directories = [ + "/var/lib/${config.systemd.services.navidrome.serviceConfig.StateDirectory}" + ]; + services.fail2ban.jails = { navidrome = '' enabled = true From f581ef7113ac69f132e3c5d9682fe7436fa3137c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:37:51 +0100 Subject: [PATCH 04/21] nixos: services: nginx: persist SSL certificates --- modules/nixos/services/nginx/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 3bba9f4..32c1b7d 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -486,5 +486,9 @@ in } ]; }; + + my.system.persist.directories = [ + config.users.user.acme.home + ]; }; } From ed1a5b4924c97f8c973bcf92453923c97b28e33b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:35 +0100 Subject: [PATCH 05/21] nixos: services: nextcloud: persist data --- modules/nixos/services/nextcloud/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index fe94177..e561ce2 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -92,6 +92,11 @@ in ]; }; + my.system.persist.directories = [ + config.services.nextcloud.home + config.services.nextcloud.datadir + ]; + services.fail2ban.jails = { nextcloud = '' enabled = true From 89a43e8badeab30158fa20a8add19a81957d2629 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:12:42 +0100 Subject: [PATCH 06/21] nixos: services: paperless: persist data --- modules/nixos/services/paperless/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index c8967e1..22ca8ad 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -146,5 +146,10 @@ in config.services.paperless.mediaDir ]; }; + + my.system.persist.directories = [ + config.services.paperless-ng.dataDir + config.services.paperless-ng.mediaDir + ]; }; } From 3653918237a2fbfe24921e8f5e229ecfeff44e16 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:47:24 +0000 Subject: [PATCH 07/21] nixos: services: pdf-edit: persist data --- modules/nixos/services/pdf-edit/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/pdf-edit/default.nix b/modules/nixos/services/pdf-edit/default.nix index d59507b..0928a14 100644 --- a/modules/nixos/services/pdf-edit/default.nix +++ b/modules/nixos/services/pdf-edit/default.nix @@ -54,6 +54,10 @@ in }; }; + my.system.persist.directories = [ + "/var/lib/${config.systemd.services.stirling-pdf.serviceConfig.StateDirectory}" + ]; + services.fail2ban.jails = { stirling-pdf = '' enabled = true From 2ba35fd5e087ab3967c22b3fd3e25c544af03c3a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:58:07 +0100 Subject: [PATCH 08/21] nixos: services: pirate: persist data --- modules/nixos/services/servarr/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cf..3330b0f 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -19,6 +19,16 @@ let enable = true; group = "media"; }; + + my.system.persist.directories = + let + # Bazarr breaks the mold unfortunately + dataDir = + if service != "bazarr" + then config.services.${service}.dataDir + else config.users.user.${service}.home; + in + [ dataDir ]; }; mkRedirection = service: { From 52399cbb3eff2eaa7bb780020cad6a867ff7dc52 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:20:11 +0100 Subject: [PATCH 09/21] nixos: services: podgrab: persist data --- modules/nixos/services/podgrab/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index 3ced8d3..ec6ecb2 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -51,5 +51,10 @@ in inherit (cfg) port; }; }; + + my.system.persist.directories = [ + config.systemd.services.podgrab.environment.CONFIG + config.systemd.services.podgrab.environment.DATA + ]; }; } From 8b67a1da8eeb949eae37dbaed8b185b95598ea39 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:13:13 +0100 Subject: [PATCH 10/21] nixos: services: postgresql: persist data --- modules/nixos/services/postgresql/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index bbe46d4..cea4c88 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -18,6 +18,13 @@ in }; }) + # Only persist directory if the actual service is enabled + (lib.mkIf config.services.postgresql.enable { + my.system.persist.directories = [ + config.services.postgresql.dataDir + ]; + }) + # Taken from the manual (lib.mkIf cfg.upgradeScript { environment.systemPackages = From 07737b50767385b5d3f0ebc516e8f60ea93c7727 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:12:58 +0100 Subject: [PATCH 11/21] nixos: services: postgresql-backup: persist data --- modules/nixos/services/postgresql-backup/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/postgresql-backup/default.nix b/modules/nixos/services/postgresql-backup/default.nix index dff5494..3d6c03b 100644 --- a/modules/nixos/services/postgresql-backup/default.nix +++ b/modules/nixos/services/postgresql-backup/default.nix @@ -24,5 +24,9 @@ in (config.services.postgresqlBackup.location + "/*.prev.sql.gz") ]; }; + + my.system.persist.directories = [ + config.services.postgresqlBackup.location + ]; }; } From e55308b596f2f9a3ca953fa094c000e1e8d9c44e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:47:37 +0000 Subject: [PATCH 12/21] nixos: services: pyload: persist data --- modules/nixos/services/pyload/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix index 7257d0f..a8ec3b2 100644 --- a/modules/nixos/services/pyload/default.nix +++ b/modules/nixos/services/pyload/default.nix @@ -53,6 +53,11 @@ in }; }; + my.system.persist.directories = [ + cfg.downloadDirectory + "/var/lib/${config.systemd.services.pyload.StateDirectory}" + ]; + services.fail2ban.jails = { pyload = '' enabled = true From e77e65201ca53b829fb884a73364f32633a7ecec Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 21:51:04 +0100 Subject: [PATCH 13/21] nixos: services: quassel: persist data --- modules/nixos/services/quassel/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/quassel/default.nix b/modules/nixos/services/quassel/default.nix index 695f9e0..0065195 100644 --- a/modules/nixos/services/quassel/default.nix +++ b/modules/nixos/services/quassel/default.nix @@ -46,5 +46,9 @@ in # Because Quassel does not use the socket, I simply trust its connection authentication = "host quassel quassel localhost trust"; }; + + my.system.persist.directories = [ + config.services.quassel.dataDir + ]; }; } From 93729ccfa7a4ae0fdc3b8feb046fb478204bf7f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:21:42 +0100 Subject: [PATCH 14/21] nixos: services: rss-bridge: persist data --- modules/nixos/services/rss-bridge/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/rss-bridge/default.nix b/modules/nixos/services/rss-bridge/default.nix index 52b1030..977b431 100644 --- a/modules/nixos/services/rss-bridge/default.nix +++ b/modules/nixos/services/rss-bridge/default.nix @@ -22,5 +22,9 @@ in forceSSL = true; useACMEHost = config.networking.domain; }; + + my.system.persist.directories = [ + config.services.rss-bridge.dataDir + ]; }; } From feccb7ba2b2c9ac28b0ba05d9e43f7e7a8eca3b4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:25:44 +0100 Subject: [PATCH 15/21] nixos: services: sabnzbd: persist data --- modules/nixos/services/sabnzbd/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 9e0d9c3..86202ab 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -24,6 +24,10 @@ in }; }; + my.system.persist.files = [ + config.services.sabnzbd.configFile + ]; + services.fail2ban.jails = { sabnzbd = '' enabled = true From cc42b3f3d8384883beee46bb28baec67dde832b7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:47:51 +0000 Subject: [PATCH 16/21] nixos: services: tandoor-recipes: persist data --- modules/nixos/services/tandoor-recipes/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 3447bee..ea45e74 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -83,6 +83,19 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/${config.systemd.services.tandoor-recipes.StateDirectory}" + config.systemd.services.tandoor-recipes.environment.MEDIA_ROOT + ]; + }; + + my.system.persist.directories = [ + "/var/lib/${config.systemd.services.tandoor-recipes.StateDirectory}" + config.systemd.services.tandoor-recipes.environment.MEDIA_ROOT + ]; + + # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban }; } From bc8758dd950ef76d02fc8132aa6f526e682512f6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:25:50 +0100 Subject: [PATCH 17/21] nixos: services: transmission: persist data --- modules/nixos/services/transmission/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ac8b24d..674fa81 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -91,6 +91,10 @@ in allowedUDPPorts = [ cfg.peerPort ]; }; + my.system.persist.directories = [ + config.services.transmission.home + ]; + # NOTE: unfortunately transmission does not log connection failures for fail2ban }; } From 0a251fa775fda3748df60d0770beb7ffe9b696b4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 14:43:16 +0100 Subject: [PATCH 18/21] nixos: services: vikunja: persist data --- modules/nixos/services/vikunja/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 2753da3..d902449 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -100,6 +100,10 @@ in ]; }; + my.system.persist.directories = [ + config.services.vikunja.settings.files.basepath + ]; + # NOTE: unfortunately vikunja does not log connection failures for fail2ban }; } From 044ad20349efb4a7d548704dd7d904b5589e3fcc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 14:43:16 +0100 Subject: [PATCH 19/21] WIP: add notes for missing persistence/backup TODO: * Do home-manager * Look at for more inspiration github.com:nix-community/impermanence/pull/108 * Common files github.com:nix-community/impermanence/issues/10 * Useful config: github.com:chayleaf/dotfiles/blob/f77271b249e0c08368573c22a5c34f0737d3a766/system/modules/impermanence.nix --- modules/nixos/services/drone/runner-docker/default.nix | 2 ++ modules/nixos/services/drone/runner-exec/default.nix | 2 ++ modules/nixos/services/drone/server/default.nix | 2 ++ modules/nixos/services/nextcloud/collabora.nix | 2 ++ modules/nixos/services/woodpecker/agent-docker/default.nix | 2 ++ modules/nixos/services/woodpecker/agent-exec/default.nix | 2 ++ modules/nixos/services/woodpecker/server/default.nix | 2 ++ modules/nixos/system/printing/default.nix | 2 ++ 8 files changed, 16 insertions(+) diff --git a/modules/nixos/services/drone/runner-docker/default.nix b/modules/nixos/services/drone/runner-docker/default.nix index e53c608..1db263b 100644 --- a/modules/nixos/services/drone/runner-docker/default.nix +++ b/modules/nixos/services/drone/runner-docker/default.nix @@ -39,5 +39,7 @@ in extraGroups = [ "docker" ]; # Give access to the daemon }; users.groups.drone-runner-docker = { }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/drone/runner-exec/default.nix b/modules/nixos/services/drone/runner-exec/default.nix index a9bb563..c30a1a2 100644 --- a/modules/nixos/services/drone/runner-exec/default.nix +++ b/modules/nixos/services/drone/runner-exec/default.nix @@ -63,5 +63,7 @@ in group = "drone-runner-exec"; }; users.groups.drone-runner-exec = { }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index a3a1e49..b5d5df7 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -50,5 +50,7 @@ in inherit (cfg) port; }; }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index f8f42a7..dce1a99 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -46,5 +46,7 @@ in ]; }; }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/woodpecker/agent-docker/default.nix b/modules/nixos/services/woodpecker/agent-docker/default.nix index 79d3299..2e74b67 100644 --- a/modules/nixos/services/woodpecker/agent-docker/default.nix +++ b/modules/nixos/services/woodpecker/agent-docker/default.nix @@ -38,5 +38,7 @@ in ]; }; }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/woodpecker/agent-exec/default.nix b/modules/nixos/services/woodpecker/agent-exec/default.nix index 24161b0..4210242 100644 --- a/modules/nixos/services/woodpecker/agent-exec/default.nix +++ b/modules/nixos/services/woodpecker/agent-exec/default.nix @@ -62,5 +62,7 @@ in ]; }; }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index adf533e..5d25284 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -61,5 +61,7 @@ in port = cfg.rpcPort; }; }; + + # FIXME: persistence }; } diff --git a/modules/nixos/system/printing/default.nix b/modules/nixos/system/printing/default.nix index 0dfab0f..3e21b25 100644 --- a/modules/nixos/system/printing/default.nix +++ b/modules/nixos/system/printing/default.nix @@ -65,5 +65,7 @@ in # Allow resolution of '.local' addresses nssmdns4 = true; }; + + # FIXME: persistence? }; } From b31ecd0250ac94c9a7bce4803ed087cedd7aefdd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 22:00:58 +0000 Subject: [PATCH 20/21] WIP: even more directories? Maybe? --- modules/nixos/system/persist/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix index e0a1eeb..3033595 100644 --- a/modules/nixos/system/persist/default.nix +++ b/modules/nixos/system/persist/default.nix @@ -58,6 +58,10 @@ in "/var/log" # Logs "/var/lib/nixos" # UID/GID maps "/var/lib/systemd/coredump" # Coredumps + + "/var/lib/systemd" # FIXME: needed? + "/var/spool" # FIXME: needed? + "/var/tmp" # FIXME: needed? ] ++ cfg.directories ; From 4cfe0a784663b520a75d7f9d2ab16a50d8f0de5b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 22:01:38 +0000 Subject: [PATCH 21/21] WIP: add note about 'iwd' --- modules/nixos/hardware/networking/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/hardware/networking/default.nix b/modules/nixos/hardware/networking/default.nix index dac5e9a..9e85966 100644 --- a/modules/nixos/hardware/networking/default.nix +++ b/modules/nixos/hardware/networking/default.nix @@ -23,6 +23,8 @@ in (lib.mkIf cfg.wireless.enable { networking.networkmanager.enable = true; + # IWD needs persistence if enabled + # Persist NetworkManager files my.system.persist.files = [ "/var/lib/NetworkManager/secret_key"