os/hosts/pie/invoiceplane.nix

{
  flake,
  config,
  pkgs,
  lib,
  ...
}: let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
  backupDir = "/var/lib/invoiceplane/backup";
in {
  age.secrets."invoiceplane-db-password.age" = {
    file = "${flake.self}/secrets/invoiceplane-db-password.age";
    mode = "600";
    owner = "invoiceplane";
  };

  age.secrets."invoiceplane-db-secrets.env" = {
    file = "${flake.self}/secrets/invoiceplane-db-secrets.env";
    mode = "600";
  };

  services.invoiceplane.sites."invoicing.b12f.io" = {
    enable = true;

    database = {
      user = "invoiceplane";
      name = "invoiceplane";
      passwordFile = config.age.secrets."invoiceplane-db-password.age".path;
      host = "localhost";
      port = 3306;
      createLocally = false;
    };
  };

  virtualisation = {
    oci-containers = {
      backend = "docker";
      containers."invoiceplane-db" = {
        image = "mariadb:11";
        autoStart = true;
        ports = [ "3306:3306" ];
        volumes = [
          "/var/lib/invoiceplane/db:/var/lib/mysql"
        ];
        environmentFiles = [
          config.age.secrets."invoiceplane-db-secrets.env".path
        ];
      };
    };
  };

  systemd.tmpfiles.rules = [
    "d '${backupDir}' 0700 root root - -"
  ];

  services.restic.backups = {
    invoiceplane = {
      paths = [
        backupDir
        "/var/lib/invoiceplane/invoicing.b12f.io"
      ];
      initialize = true;
      passwordFile = config.age.secrets."restic-password.age".path;
      # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
      repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";
      backupPrepareCommand = ''
        PW=$(cat ${config.age.secrets."invoiceplane-db-password.age".path})
        ${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
      '';
      rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
    };
  };
}
feat: invoiceplane 2023-10-21 20:46:17 +00:00			`{`
			`flake,`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}: let`
			`psCfg = config.pub-solar;`
			`xdg = config.home-manager.users."${psCfg.user.name}".xdg;`
			`backupDir = "/var/lib/invoiceplane/backup";`
			`in {`
			`age.secrets."invoiceplane-db-password.age" = {`
			`file = "${flake.self}/secrets/invoiceplane-db-password.age";`
			`mode = "600";`
fix: fix networking issues on pie 2023-10-24 13:54:18 +00:00			`owner = "invoiceplane";`
feat: invoiceplane 2023-10-21 20:46:17 +00:00			`};`

			`age.secrets."invoiceplane-db-secrets.env" = {`
			`file = "${flake.self}/secrets/invoiceplane-db-secrets.env";`
			`mode = "600";`
			`};`

			`services.invoiceplane.sites."invoicing.b12f.io" = {`
			`enable = true;`

			`database = {`
			`user = "invoiceplane";`
			`name = "invoiceplane";`
			`passwordFile = config.age.secrets."invoiceplane-db-password.age".path;`
			`host = "localhost";`
fix: fix networking issues on pie 2023-10-24 13:54:18 +00:00			`port = 3306;`
feat: invoiceplane 2023-10-21 20:46:17 +00:00			`createLocally = false;`
			`};`
			`};`

			`virtualisation = {`
			`oci-containers = {`
			`backend = "docker";`
			`containers."invoiceplane-db" = {`
fix: fix networking issues on pie 2023-10-24 13:54:18 +00:00			`image = "mariadb:11";`
feat: invoiceplane 2023-10-21 20:46:17 +00:00			`autoStart = true;`
fix: fix networking issues on pie 2023-10-24 13:54:18 +00:00			`ports = [ "3306:3306" ];`
feat: invoiceplane 2023-10-21 20:46:17 +00:00			`volumes = [`
fix: fix networking issues on pie 2023-10-24 13:54:18 +00:00			`"/var/lib/invoiceplane/db:/var/lib/mysql"`
feat: invoiceplane 2023-10-21 20:46:17 +00:00			`];`
			`environmentFiles = [`
			`config.age.secrets."invoiceplane-db-secrets.env".path`
			`];`
			`};`
			`};`
			`};`

			`systemd.tmpfiles.rules = [`
			`"d '${backupDir}' 0700 root root - -"`
			`];`

			`services.restic.backups = {`
			`invoiceplane = {`
			`paths = [`
			`backupDir`
			`"/var/lib/invoiceplane/invoicing.b12f.io"`
			`];`
			`initialize = true;`
			`passwordFile = config.age.secrets."restic-password.age".path;`
			`# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/`
			`repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";`
			`backupPrepareCommand = ''`
fix: fix networking issues on pie 2023-10-24 13:54:18 +00:00			`PW=$(cat ${config.age.secrets."invoiceplane-db-password.age".path})`
			`${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"`
feat: invoiceplane 2023-10-21 20:46:17 +00:00			`'';`
			`rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;`
			`};`
			`};`
			`}`