diff options
| -rw-r--r-- | TODOs.org | 15 | ||||
| -rw-r--r-- | scripts/cronjobs/borg.sh | 10 | ||||
| -rw-r--r-- | secrets/passwords/nextcloud-database.txt | bin | 1022 -> 0 bytes | |||
| -rw-r--r-- | vps-configuration.nix | 24 |
4 files changed, 16 insertions, 33 deletions
@@ -1,4 +1,11 @@ * Tasks - v4 +** TODO Symlink stateful directories to inside =/data/= +- State "TODO" from [2020-09-23 mer. 14:45] + +Repositories to be kept across instances: +- /var/lib/acme/ +- /var/lib/matrix-synapse/ +- /var/lib/nextcloud/ ** DONE "Migration": use =euandreh_nextcloud_= prefix to database table CLOSED: [2020-09-22 mar. 18:55] ** DONE cgit: show README in about section @@ -23,7 +30,9 @@ CLOSED: [2020-09-22 mar. 18:56] ** DOING cron: borg, PostgreSQL backup and NixOS update and collect gargabe ** DOING snapshot with swap: nixos-rebuild switch takes too much memory Adding swap memory maybe be a lot slower, but allows me to stay inside the 512MB memory server plan -** TODO Configure PostgreSQL permissions correctly +** DONE Configure PostgreSQL permissions correctly +CLOSED: [2020-09-23 mer. 14:44] +- State "DONE" from "TODO" [2020-09-23 mer. 14:44] Or even better: switch to SQLite. ** TODO Harden the server *** TODO [#C] [[https://www.reddit.com/r/selfhosted/comments/bw8hqq/top_3_measures_to_secure_your_virtual_private/][Top 3 measures to secure your Virtual Private Server? (VPS)]] @@ -33,7 +42,9 @@ Or even better: switch to SQLite. *** DONE Move secrets outside the Nix store CLOSED: [2020-09-06 dim. 11:35] - State "DONE" from [2020-09-06 dim. 11:35] -*** TODO Properly configure PostgreSQL +*** DONE Properly configure PostgreSQL +CLOSED: [2020-09-23 mer. 14:45] +- State "DONE" from "TODO" [2020-09-23 mer. 14:45] *** TODO Separate lighttpd user ownership from =$GIT_ROOT=? ** DOING Add volume And put in to fstab diff --git a/scripts/cronjobs/borg.sh b/scripts/cronjobs/borg.sh index 665da5f..c0c69e5 100644 --- a/scripts/cronjobs/borg.sh +++ b/scripts/cronjobs/borg.sh @@ -7,10 +7,7 @@ BORG_PASSPHRASE="$(cat /data/secrets/borg-passphrase.txt)" export BORG_PASSPHRASE R='16686@ch-s010.rsync.net' -FIXME -postgresql backup? -nextcloud backup? -borg init +borg init FIXME borg create \ --verbose \ --stats \ @@ -18,8 +15,3 @@ borg create \ --compression lzma,6 \ "$R:vps-borg::{hostname}-{now}-cronjob" \ /data/ - - # /var/lib/acme/ \ - # /var/lib/matrix-synapse/ \ - # /var/lib/nextcloud/ \ - # /var/lib/postgresql/ \ diff --git a/secrets/passwords/nextcloud-database.txt b/secrets/passwords/nextcloud-database.txt Binary files differdeleted file mode 100644 index 084e356..0000000 --- a/secrets/passwords/nextcloud-database.txt +++ /dev/null diff --git a/vps-configuration.nix b/vps-configuration.nix index 978bbd0..b1ada60 100644 --- a/vps-configuration.nix +++ b/vps-configuration.nix @@ -169,16 +169,6 @@ in { }; }; - postgresql = { - enable = true; - ensureDatabases = [ "nextcloud" ]; - package = pkgs.postgresql_11; - ensureUsers = [{ - name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - }]; - }; - nextcloud = { enable = true; package = pkgs.nextcloud19; @@ -189,11 +179,7 @@ in { autoUpdateApps.enable = true; config = { overwriteProtocol = "https"; - dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbuser = "nextcloud"; - dbpassFile = "/data/secrets/nextcloud-database.txt"; - dbtableprefix = "euandreh_nextcloud_"; + dbtype = "sqlite"; adminuser = "andreh"; adminpassFile = "/data/secrets/nextcloud-admin.txt"; }; @@ -249,6 +235,7 @@ in { server_name = config.matrixDomain; # I created the new user by temporarily setting this to true enable_registration = false; + database_type = "sqlite3"; listeners = [{ port = config.matrixPort; bind_address = "::1"; @@ -270,13 +257,6 @@ in { }; }; - systemd.services = { - "nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - }; - users = { mutableUsers = false; extraUsers.andreh = { |