{ flake, config, pkgs, lib, ... }: let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; backupDir = "/var/lib/invoiceplane/backup"; in { security.acme.certs = { "billing.faenix.eu" = {}; }; services.nginx.virtualHosts = { "billing.faenix.eu" = { forceSSL = true; useACMEHost = "billing.faenix.eu"; }; }; services.invoiceplane = { webserver = "nginx"; sites."billing.faenix.eu" = { enable = true; invoiceTemplates = [ flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template ]; settings = { IP_URL = "https://billing.faenix.eu"; DISABLE_SETUP = true; SETUP_COMPLETED = true; }; poolConfig = { "pm" = "dynamic"; "pm.max_children" = 32; "pm.max_requests" = 500; "pm.max_spare_servers" = 4; "pm.min_spare_servers" = 2; "pm.start_servers" = 2; "php_admin_value[date.timezone]" = "Europe/Berlin"; "php_admin_value[error_log]" = "/var/lib/invoiceplane/billing.faenix.eu/logs/php-error.log"; "php_admin_flag[display_errors]" = "off"; "php_admin_flag[log_errors]" = "on"; "catch_workers_output" = "yes"; }; }; }; systemd.tmpfiles.rules = [ "d '${backupDir}' 0700 root root - -" ]; #services.restic.backups = { # invoiceplane = { # paths = [ # backupDir # "/var/lib/invoiceplane/billing.faenix.eu" # ]; # initialize = true; # passwordFile = config.age.secrets."restic-password".path; # # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ # repository = "rclone:cloud.pub.solar:/backups/InvoicePlane"; # backupPrepareCommand = '' # PW=$(cat ${config.age.secrets."invoiceplane-db-password".path}) # ${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql" # ''; # rcloneConfigFile = config.age.secrets."rclone-pie.conf".path; # }; #}; }