os/hosts/fae/invoiceplane.nix

{
  flake,
  config,
  pkgs,
  lib,
  ...
}: let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
  backupDir = "/var/lib/invoiceplane/backup";
in {
  security.acme.certs = {
    "billing.faenix.eu" = {};
  };

  services.nginx.virtualHosts = {
    "billing.faenix.eu" = {
      forceSSL = true;
      useACMEHost = "billing.faenix.eu";
    };
  };

  services.invoiceplane = {
    webserver = "nginx";
    sites."billing.faenix.eu" = {
      enable = true;

      invoiceTemplates = [ flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template ];

      settings = {
        IP_URL = "https://billing.faenix.eu";
        DISABLE_SETUP = true;
        SETUP_COMPLETED = true;
      };

      poolConfig = {
        "pm" = "dynamic";
        "pm.max_children" = 32;
        "pm.max_requests" = 500;
        "pm.max_spare_servers" = 4;
        "pm.min_spare_servers" = 2;
        "pm.start_servers" = 2;
        "php_admin_value[date.timezone]" = "Europe/Berlin";
        "php_admin_value[error_log]" = "/var/lib/invoiceplane/billing.faenix.eu/logs/php-error.log";
        "php_admin_flag[display_errors]" = "off";
        "php_admin_flag[log_errors]" = "on";
        "catch_workers_output" = "yes";
      };
    };
  };

  systemd.tmpfiles.rules = [
    "d '${backupDir}' 0700 root root - -"
  ];

  #services.restic.backups = {
  #  invoiceplane = {
  #    paths = [
  #      backupDir
  #      "/var/lib/invoiceplane/billing.faenix.eu"
  #    ];
  #    initialize = true;
  #    passwordFile = config.age.secrets."restic-password".path;
  #    # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
  #    repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";
  #    backupPrepareCommand = ''
  #      PW=$(cat ${config.age.secrets."invoiceplane-db-password".path})
  #      ${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
  #    '';
  #    rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
  #  };
  #};
}
fae: add invoiceplane 2024-06-24 21:00:22 +00:00			`{`
			`flake,`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}: let`
			`psCfg = config.pub-solar;`
			`xdg = config.home-manager.users."${psCfg.user.name}".xdg;`
			`backupDir = "/var/lib/invoiceplane/backup";`
			`in {`
			`security.acme.certs = {`
			`"billing.faenix.eu" = {};`
			`};`

			`services.nginx.virtualHosts = {`
			`"billing.faenix.eu" = {`
			`forceSSL = true;`
			`useACMEHost = "billing.faenix.eu";`
			`};`
			`};`

			`services.invoiceplane = {`
			`webserver = "nginx";`
			`sites."billing.faenix.eu" = {`
			`enable = true;`

			`invoiceTemplates = [ flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template ];`

			`settings = {`
			`IP_URL = "https://billing.faenix.eu";`
			`DISABLE_SETUP = true;`
			`SETUP_COMPLETED = true;`
			`};`

			`poolConfig = {`
			`"pm" = "dynamic";`
			`"pm.max_children" = 32;`
			`"pm.max_requests" = 500;`
			`"pm.max_spare_servers" = 4;`
			`"pm.min_spare_servers" = 2;`
			`"pm.start_servers" = 2;`
			`"php_admin_value[date.timezone]" = "Europe/Berlin";`
			`"php_admin_value[error_log]" = "/var/lib/invoiceplane/billing.faenix.eu/logs/php-error.log";`
			`"php_admin_flag[display_errors]" = "off";`
			`"php_admin_flag[log_errors]" = "on";`
			`"catch_workers_output" = "yes";`
			`};`
			`};`
			`};`

			`systemd.tmpfiles.rules = [`
			`"d '${backupDir}' 0700 root root - -"`
			`];`

			`#services.restic.backups = {`
			`# invoiceplane = {`
			`# paths = [`
			`# backupDir`
			`# "/var/lib/invoiceplane/billing.faenix.eu"`
			`# ];`
			`# initialize = true;`
			`# passwordFile = config.age.secrets."restic-password".path;`
			`# # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/`
			`# repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";`
			`# backupPrepareCommand = ''`
			`# PW=$(cat ${config.age.secrets."invoiceplane-db-password".path})`
			`# ${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"`
			`# '';`
			`# rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;`
			`# };`
			`#};`
			`}`