diff --git a/flake.nix b/flake.nix index 23c123c..801db86 100644 --- a/flake.nix +++ b/flake.nix @@ -147,7 +147,7 @@ }; }; - configs.diphda = { + configs."diphda" = { system = "x86_64-linux"; common.nixpkgs = "stable"; @@ -155,7 +155,7 @@ networking = { firewall = { - allowedTCPPorts = [ 80 443 25565 24454 8089 ]; + allowedTCPPorts = [ 80 443 4533 7878 8096 8089 8902 8989 9000 9696 11112 24454 25565 25600 ]; }; }; }; diff --git a/hosts/diphda/hardware-configuration.nix b/hosts/diphda/hardware-configuration.nix index 8bed023..2772f75 100644 --- a/hosts/diphda/hardware-configuration.nix +++ b/hosts/diphda/hardware-configuration.nix @@ -37,6 +37,11 @@ options = [ "fmask=0022" "dmask=0022" ]; }; + fileSystems."/media" = + { device = "192.168.1.100:/volume1/Media"; + fsType = "nfs"; + }; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/diphda/mc-arcadia-backup.yaml b/hosts/diphda/mc-arcadia-backup.yaml new file mode 100644 index 0000000..22cc9bb --- /dev/null +++ b/hosts/diphda/mc-arcadia-backup.yaml @@ -0,0 +1,19 @@ +source_directories: + - /home/eesim/configs/mc-arcadia + +repositories: + - path: ssh://fbv1440u@fbv1440u.repo.borgbase.com/./repo + label: "Minecraft-Arcadia borgbase" + +exclude_if_present: + - .nobackup + +compression: auto,zstd +archive_name_format: '{hostname}-{now:%Y-%m-%d-%H%M%S}' +encryption_passcommand: 'cat /run/secrets/mc-arcadia/repo_password' + +keep_hourly: 24 +keep_daily: 7 +keep_weekly: 4 +keep_monthly: 2 +keep_yearly: 1 diff --git a/hosts/diphda/system.nix b/hosts/diphda/system.nix index 82ea2e7..8962672 100644 --- a/hosts/diphda/system.nix +++ b/hosts/diphda/system.nix @@ -16,6 +16,60 @@ }; }; + sops = { + defaultSopsFile = ../../secrets/diphda/secrets.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + secrets."mc-arcadia/repo_password" = {}; + }; + + systemd.timers."mc-arcadia-backup" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*-*-* *:00:00"; + Persistent = true; + }; + }; + + systemd.services."mc-arcadia-backup" = { + enable = true; + preStart = '' + ${pkgs.docker}/bin/docker exec mc-arcadia-mc-1 mc-send-to-console say Server backup starting in 5 minutes + sleep 5m + ''; + postStart = '' + ${pkgs.docker}/bin/docker exec mc-arcadia-mc-1 mc-send-to-console say Server backup starting + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = '' + systemd-inhibit --who="borgmatic" \ + --why="Prevent interrupting scheduled backup" \ + ${pkgs.borgmatic}/bin/borgmatic -c /etc/nixos/hosts/diphda/mc-arcadia-backup.yaml --verbosity 1 --syslog-verbosity 1 + ''; + }; + }; + + systemd.services."dl-manager" = { + enable = true; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.bash pkgs.lftp ]; + serviceConfig = { + Type = "simple"; + User = "eesim"; + WorkingDirectory = "/home/eesim/scripts"; + ExecStart = '' + /home/eesim/scripts/dl_manager_tokio -vv \ + -c /home/eesim/scripts/certs/fullchain.cer \ + -k /home/eesim/scripts/certs/download.simmer505.com.key \ + --script-dir /home/eesim/scripts/ \ + 0.0.0.0:11112 + ''; + }; + }; + # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/modules/nix/gui.nix b/modules/nix/gui.nix index f464ad5..20a82d1 100644 --- a/modules/nix/gui.nix +++ b/modules/nix/gui.nix @@ -49,7 +49,7 @@ in fontconfig = { defaultFonts = { - serif = [ "Noto Serif" "Noto Serif CJK JP" ]; + serif = [ "Noto Serif" "Noto Serif CJK JP" ]; sansSerif = [ "Noto Sans" "Noto Sans CJK JP" ]; monospace = [ "Ubuntu Mono" "Noto Sans Mono CJK JP" ]; }; diff --git a/secrets/diphda/backups.yaml b/secrets/diphda/secrets.yaml similarity index 100% rename from secrets/diphda/backups.yaml rename to secrets/diphda/secrets.yaml