From 4242423a053a4351704b76796ccbfafd659b2808 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Mon, 5 Jun 2023 21:08:21 +0200
Subject: [PATCH] mobilizon: 23.05, backups

postgis fails to build
---
 .sops.yaml                  |  8 ++++
 flake.nix                   |  1 +
 hosts/mobilizon/default.nix | 74 +++++++++++++++++++++----------------
 3 files changed, 51 insertions(+), 32 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index 3ffacb4d..b4c91285 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -48,6 +48,7 @@ keys:
   - &matemat age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
   - &matrix age1s2ww76ll6nclz74gny27tk42xfsepl23z2k0849a8jv8xpnmpe3shgunxr
   - &mediawiki age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
+  - &mobilizon age182ms3ygypflk7mtpemp4k4ks9rz4gwhvzc9jlk95u4py5q68ppxstzu2e3
   - &mucbot age1cqeh03zq0hvz5l78r678q93ey5mlw49lqy4whvgqxgenudth7g6skee6kh
   - &nfsroot age18yxgwpakrkzq8ca2enayf79py25se3d8dsed2q523869re30jcaqx6rjln
   - &nncp age15853dr2kd6r2329tkcanwnruh6zd2xvsu5twc7gnxeyu3h7t6q5scckaq8
@@ -84,6 +85,7 @@ creation_rules:
       - *matemat
       - *matrix
       - *mediawiki
+      - *mobilizon
       - *ticker
       - *polygon-snowflake
   - path_regex: modules/cluster/[^/]+\.yaml$
@@ -279,6 +281,12 @@ creation_rules:
       age:
       - *mediawiki
       - *polygon-snowflake
+  - path_regex: hosts/mobilizon/[^/]+\.yaml$
+    key_groups:
+    - pgp: *admins
+      age:
+      - *mobilizon
+      - *polygon-snowflake
   - path_regex: hosts/oparl/secrets\.yaml$
     key_groups:
     - pgp: *admins
diff --git a/flake.nix b/flake.nix
index ee9d28a0..24a60983 100644
--- a/flake.nix
+++ b/flake.nix
@@ -523,6 +523,7 @@
             self.nixosModules.microvm
             ./hosts/mobilizon
           ];
+          nixos = inputs.nixos-23-05;
         };
 
         mucbot = nixosSystem' {
diff --git a/hosts/mobilizon/default.nix b/hosts/mobilizon/default.nix
index 66918ac4..7cc8c610 100644
--- a/hosts/mobilizon/default.nix
+++ b/hosts/mobilizon/default.nix
@@ -6,45 +6,55 @@
 
   networking.hostName = "mobilizon";
 
-  services.mobilizon = {
-    enable = true;
-    settings.":mobilizon".":instance" = {
-      name = "C3D2 Mobilizon";
-      hostname = "mobilizon.c3d2.de";
-      registrations_open = true;
-      default_language = "de";
+  services = {
+    mobilizon = {
+      enable = true;
+      settings.":mobilizon".":instance" = {
+        name = "C3D2 Mobilizon";
+        hostname = "mobilizon.c3d2.de";
+        registrations_open = true;
+        default_language = "de";
+      };
+      settings.":mobilizon"."Mobilizon.Web.Email.Mailer" = {
+        adapter = { value = "Bamboo.SMTPAdapter"; _elixirType = "raw"; };
+        server = "mail.c3d2.de";
+        hostname = config.networking.hostName;
+        auth = false;
+        port = 587;
+        ssl = false;
+        tls = { value = ":if_available"; _elixirType = "atom"; };
+        allowed_tls_versions = { value = ''[:tlsv1, :"tlsv1.1", :"tlsv1.2"]''; _elixirType = "raw"; };
+        retries = 1;
+        no_mx_lookups = true;
+      };
+      settings.":mobilizon".":logger" = {
+        level = { value = ":all"; _elixirType = "atom"; };
+      };
     };
-    settings.":mobilizon"."Mobilizon.Web.Email.Mailer" = {
-      adapter = { value = "Bamboo.SMTPAdapter"; _elixirType = "raw"; };
-      server = "mail.c3d2.de";
-      hostname = config.networking.hostName;
-      auth = false;
-      port = 587;
-      ssl = false;
-      tls = { value = ":if_available"; _elixirType = "atom"; };
-      allowed_tls_versions = { value = ''[:tlsv1, :"tlsv1.1", :"tlsv1.2"]''; _elixirType = "raw"; };
-      retries = 1;
-      no_mx_lookups = true;
+
+    nginx = {
+      enable = true;
+      virtualHosts."mobilizon.c3d2.de" = {
+        default = true;
+        forceSSL = true;
+        enableACME = true;
+      };
     };
-    settings.":mobilizon".":logger" = {
-      level = { value = ":all"; _elixirType = "atom"; };
+
+    postgresql = {
+      extraPlugins = with config.services.postgresql.package.pkgs; [ postgis ];
+      package = pkgs.postgresql_15;
+      upgrade.stopServices = [ "mobilizon" ];
     };
   };
 
-  services.nginx = {
-    enable = true;
-    virtualHosts."mobilizon.c3d2.de" = {
-      default = true;
-      forceSSL = true;
-      enableACME = true;
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      "restic/password".owner = "root";
+      "restic/repository/server8".owner = "root";
     };
   };
 
-  services.postgresql = {
-    extraPlugins = with config.services.postgresql.package.pkgs; [ postgis ];
-    package = pkgs.postgresql_15;
-    upgrade.stopServices = [ "mobilizon" ];
-  };
-
   system.stateVersion = "22.05";
 }