NoLog.cz/gancio-upstream
6
0
Fork 0
mirror of https://framagit.org/les/gancio.git synced 2025-01-31 16:42:22 +01:00
Code Issues Projects Releases Packages Wiki Activity

doc: add instructions to enable Gancio service on NixOS

Browse source 
as well as some examples of useful related configuration (eg. backup).
This commit is contained in:
Arg Adenn 2024-10-29 18:45:18 +01:00
parent 4ecf8ff1f6
commit 0c679b788a
No known key found for this signature in database
GPG key ID: 5B8189248D51B03C
2 changed files with 96 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/install/install.md
View file

@ -14,6 +14,7 @@ has_toc: false
## Install ## Install
- [Install on Debian]({% link install/debian.md %}) - [Install on Debian]({% link install/debian.md %})
- [Install on NixOS]({% link install/nixos.md %})
- [Install using Docker]({% link install/docker.md %}) - [Install using Docker]({% link install/docker.md %})
- [Install using YunoHost](https://apps.yunohost.org/app/gancio) - [Install using YunoHost](https://apps.yunohost.org/app/gancio)

95
docs/install/nixos.md Normal file
View file

@ -0,0 +1,95 @@
---
title: NixOS
permalink: /install/nixos
nav_order: 1
parent: Install
---
## Enable Gancio service on NixOS
Gancio is available as a nixOS service since NixOS 24.11, by default it will use sqlite and nginx (with ssl activated).
#### Example configuration for use with PostgresSQL and Telegram plugin
```nix
{
pkgs,
...
}: {
services.gancio = {
enable = true;
package = pkgs.gancio;
plugins = [ pkgs.gancioPlugins.telegram-bridge ];
settings = {
hostname = "agenda.example.org";
db.dialect = "postgres";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}
```
The `services.gancio.settings` attribute is used to generate the configuration file, see [gancio configuration]({% link install/configuration.md %}) for available options.
Other options for the NixOS Gancio service are documented on [search.nixos.org](https://search.nixos.org/options?channel=unstable&query=services.gancio.).
### Additional useful configuration
#### Automatic backup with Restic
Eg. on a nextcloud instance:
```nix
{
pkgs,
...
}: {
services.restic.backups.gancio = {
user = "gancio";
initialize = true;
repository = "rclone:nextcloud:gancio";
rcloneConfigFile = /path/to/rclone.config;
passwordFile = /path/to/restic-backup-password;
paths = [
"/var/lib/gancio"
];
backupPrepareCommand = ''
cd /var/lib/gancio
${pkgs.postgresql}/bin/pg_dump -Fc gancio > gancio-db.dump
'';
pruneOpts = [
"--keep-daily 3"
"--keep-weekly 1"
"--keep-monthly 1"
];
};
}
```
with `rclone.config` being something like
```ini
[nextcloud]
type = webdav
url = https://nexcloud.example.com/remote.php/dav/files/gancio-backup
vendor = nextcloud
user = gancio-backup
pass = xxxxx
```
#### Intrusion prevention with Fail2Ban
```nix
{
...
}: {
services.fail2ban = {
enable = true;
bantime-increment.enable = true;
jails = {
nginx-http-auth.settings.enabled = true;
nginx-botsearch.settings.enabled = true;
nginx-bad-request.settings.enabled = true;
};
};
}
```