Merge pull request 'API 2.1.0 support' (#24) from api-redis into master

Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/24

api/api.nix

@@ -3,7 +3,7 @@
   services.selfprivacy-api = {
     enable = true;
     enableSwagger = config.services.userdata.api.enableSwagger;
-    b2Bucket = config.services.userdata.backblaze.bucket;
+    b2Bucket = config.services.userdata.backup.bucket;
   };
 
   users.users."selfprivacy-api" = {

backup/restic.nix

@@ -6,7 +6,7 @@ in
   services.restic.backups = {
     options = {
       passwordFile = "/etc/restic/resticPasswd";
-      repository = "s3:s3.anazonaws.com/${cfg.backblaze.bucket}";
+      repository = "s3:s3.anazonaws.com/${cfg.backup.bucket}";
       initialize = true;
       paths = [
         "/var/dkim"

configuration.nix

@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 let
-  url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/master.tar.gz";
+  url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/redis.tar.gz";
   nix-overlay = (import (builtins.fetchTarball url-overlay));
 in
 {
@@ -30,6 +30,26 @@ in
 
   nixpkgs.overlays = [ (nix-overlay) ];
 
+  services.redis.servers.sp-api = {
+    enable = true;
+    save = [
+      [
+        30
+        1
+      ]
+      [
+        10
+        10
+      ]
+    ];
+    port = 0;
+    settings = {
+      notify-keyspace-events = "KEA";
+    };
+  };
+
+  services.do-agent.enable = if config.services.userdata.server.provider == "DIGITALOCEAN" then true else false;
+
   boot.cleanTmpDir = true;
   networking = {
     hostName = config.services.userdata.hostname;

files.nix

@@ -43,7 +43,7 @@ in
         echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
         echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
         echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-        ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.cloudflare.apiKey')/g" /var/lib/cloudflare/Credentials.ini
+        ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
         chmod 0440 /var/lib/cloudflare/Credentials.ini
         chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
       '';
@@ -56,8 +56,8 @@ in
         echo 'account = REPLACEME1' >> /root/.config/rclone/rclone.conf
         echo 'key = REPLACEME2' >> /root/.config/rclone/rclone.conf
 
-        ${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountId')/g" /root/.config/rclone/rclone.conf
-        ${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountKey')/g" /root/.config/rclone/rclone.conf
+        ${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountId')/g" /root/.config/rclone/rclone.conf
+        ${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountKey')/g" /root/.config/rclone/rclone.conf
 
         chmod 0400 /root/.config/rclone/rclone.conf
         chown root:root /root/.config/rclone/rclone.conf

git/gitea.nix

@@ -26,10 +26,10 @@ in
         path = "/var/lib/gitea/data/gitea.db";
         createDatabase = true;
       };
-      ssh = {
-        enable = true;
-        clonePort = 22;
-      };
+      # ssh = {
+      #   enable = true;
+      #   clonePort = 22;
+      # };
       lfs = {
         enable = true;
         contentDir = "/var/lib/gitea/lfs";

letsencrypt/acme.nix

@@ -8,7 +8,10 @@ in
   };
   security.acme = {
     acceptTerms = true;
+    defaults = {
       email = "${cfg.username}@${cfg.domain}";
+      server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
+    };
     certs = lib.mkForce {
       "${cfg.domain}" = {
         domain = "*.${cfg.domain}";

variables-module.nix

@@ -85,12 +85,28 @@ in
     #############
     #  Secrets  #
     #############
-    backblaze = {
+    dns = {
+      provider = mkOption {
+        description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE";
+        type = types.nullOr types.str;
+      };
+      useStagingACME = mkOption {
+        description = "Use staging ACME server. Default is false";
+        type = types.nullOr types.bool;
+      };
+    };
+    backup = {
       bucket = mkOption {
         description = "Bucket name used for userdata backups";
         type = types.nullOr types.str;
       };
     };
+    server = {
+      provider = mkOption {
+        description = "Server provider that was defined at the initial setup process. Default is HETZNER";
+        type = types.nullOr types.str;
+      };
+    };
     ##############
     #  Services  #
     ##############

variables.nix

@@ -18,8 +18,15 @@ in
       enableSwagger = lib.attrsets.attrByPath [ "api" "enableSwagger" ] false jsonData;
       skippedMigrations = lib.attrsets.attrByPath [ "api" "skippedMigrations" ] [ ] jsonData;
     };
-    backblaze = {
-      bucket = lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData;
+    dns = {
+      provider = lib.attrsets.attrByPath [ "dns" "provider" ] "CLOUDFLARE" jsonData;
+      useStagingACME = lib.attrsets.attrByPath [ "dns" "useStagingACME" ] false jsonData;
+    };
+    backup = {
+      bucket = lib.attrsets.attrByPath [ "backup" "bucket" ] (lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData) jsonData;
+    };
+    server = {
+      provider = lib.attrsets.attrByPath [ "server" "provider" ] "HETZNER" jsonData;
     };
     bitwarden = {
       enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData;