diff --git a/flake.nix b/flake.nix index 1228b2d..b7adfbd 100644 --- a/flake.nix +++ b/flake.nix @@ -174,7 +174,8 @@ networking = { firewall = { - allowedTCPPorts = [ 80 443 4533 6722 7878 8080 8081 8083 8089 8096 8181 8787 8902 8989 9000 9696 11112 24454 25565 25600 ]; + allowedTCPPorts = [ 80 443 3843 4533 6722 7474 7878 8080 8081 8083 8089 8096 8120 8181 8443 8787 8889 8902 8989 8998 9000 9091 9696 11112 24454 25565 25600 ]; + allowedUDPPorts = [ 3478 10001 ]; }; }; }; diff --git a/hosts/diphda/system.nix b/hosts/diphda/system.nix index 2c11dd4..798c485 100644 --- a/hosts/diphda/system.nix +++ b/hosts/diphda/system.nix @@ -21,8 +21,12 @@ age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; secrets."mc-arcadia/repo_password" = {}; - secrets."tandoor/secret_key" = {}; - secrets."tandoor/db_password" = {}; + secrets."tandoor/secret_key" = { + owner = "tandoor"; + }; + secrets."tandoor/db_password" = { + owner = "tandoor"; + }; secrets."porkbun.keytab" = { format = "binary"; sopsFile = ../../secrets/diphda/porkbun.keytab; @@ -77,6 +81,27 @@ }; }; + systemd.services."qbit-update-port" = { + enable = true; + path = [ pkgs.bash pkgs.docker pkgs.curl pkgs.netcat ]; + serviceConfig = { + Type = "oneshot"; + User = "root"; + Group = "root"; + ExecStart = '' + /home/eesim/configs/qbittorrent/update-port.sh + ''; + }; + }; + + systemd.timers."qbit-update-port" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*:0/5"; + Persistent = true; + }; + }; + security.acme = { acceptTerms = true; defaults.email = "eesimmons9105@gmail.com"; @@ -122,6 +147,18 @@ ]; }; + users.users.tandoor = { + uid = 701; + group = "services"; + extraGroups = [ "keys" ]; + }; + + users.groups = { + services = { + gid = 1001; + }; + }; + system.stateVersion = "23.11"; }