More configuration for docker containers

Fix gtk config
2024-06-22 20:12:23 -05:00 · 2024-06-22 20:11:29 -05:00
8 changed files with 84 additions and 11 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -2,8 +2,8 @@
  "nodes": {
    "currentSystem": {
      "locked": {
-        "lastModified": 1717721450,
-        "narHash": "sha256-V2OISNdFOCaFrUjA6fLVe3HsZC9nn7vMjGfhKSHTRIk=",
+        "lastModified": 1718580560,
+        "narHash": "sha256-M69Hx8goDX65ZC/F7ENITsGr3XYBCSsa4B+vDOnOGXs=",
        "path": "/etc/nixos/hostname",
        "type": "path"
      },
--- a/flake.nix
+++ b/flake.nix
@@ -147,20 +147,15 @@
            };
        };

-        configs.diphda = {
+        configs."diphda" = {
            system = "x86_64-linux";
            common.nixpkgs = "stable";

            openssh.enable = true;

-            gui = {
-                enable = false;
-                sway.enable = false;
-            };
-
            networking = {
                firewall = {
-                    allowedTCPPorts = [ 80 443 25565 24454 8089 ];
+                    allowedTCPPorts = [ 80 443 4533 7878 8096 8089 8902 8989 9000 9696 11112 24454 25565 25600 ];
                };
            };
        };
--- a/hosts/diphda/hardware-configuration.nix
+++ b/hosts/diphda/hardware-configuration.nix
@@ -37,6 +37,11 @@
      options = [ "fmask=0022" "dmask=0022" ];
    };

+  fileSystems."/media" = 
+  { device = "192.168.1.100:/volume1/Media";
+    fsType = "nfs";
+  };
+
  swapDevices = [ ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/hosts/diphda/mc-arcadia-backup.yaml
+++ b/hosts/diphda/mc-arcadia-backup.yaml
@@ -0,0 +1,19 @@
+source_directories:
+    - /home/eesim/configs/mc-arcadia
+
+repositories:
+    - path: ssh://fbv1440u@fbv1440u.repo.borgbase.com/./repo
+      label: "Minecraft-Arcadia borgbase"
+
+exclude_if_present:
+    - .nobackup
+
+compression: auto,zstd
+archive_name_format: '{hostname}-{now:%Y-%m-%d-%H%M%S}'
+encryption_passcommand: 'cat /run/secrets/mc-arcadia/repo_password'
+
+keep_hourly: 24
+keep_daily: 7
+keep_weekly: 4
+keep_monthly: 2
+keep_yearly: 1
--- a/hosts/diphda/system.nix
+++ b/hosts/diphda/system.nix
@@ -16,6 +16,60 @@
        };
    };

+    sops = {
+        defaultSopsFile = ../../secrets/diphda/secrets.yaml;
+        age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+        secrets."mc-arcadia/repo_password" = {};
+    };
+
+    systemd.timers."mc-arcadia-backup" = {
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+            OnCalendar = "*-*-* *:00:00";
+            Persistent = true;
+        };
+    };
+
+    systemd.services."mc-arcadia-backup" = {
+        enable = true;
+        preStart = ''
+            ${pkgs.docker}/bin/docker exec mc-arcadia-mc-1 mc-send-to-console say Server backup starting in 5 minutes
+            sleep 5m
+        '';
+        postStart = ''
+            ${pkgs.docker}/bin/docker exec mc-arcadia-mc-1 mc-send-to-console say Server backup starting
+        '';
+        serviceConfig = {
+            Type = "oneshot"; 
+            User = "root";
+            ExecStart = ''
+                systemd-inhibit --who="borgmatic" \
+                --why="Prevent interrupting scheduled backup" \
+                ${pkgs.borgmatic}/bin/borgmatic -c /etc/nixos/hosts/diphda/mc-arcadia-backup.yaml --verbosity 1 --syslog-verbosity 1
+                '';
+        };
+    };
+
+    systemd.services."dl-manager" = {
+        enable = true;
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        path = [ pkgs.bash pkgs.lftp ];
+        serviceConfig = {
+            Type = "simple";
+            User = "eesim";
+            WorkingDirectory = "/home/eesim/scripts";
+            ExecStart = ''
+                /home/eesim/scripts/dl_manager_tokio -vv \
+                    -c /home/eesim/scripts/certs/fullchain.cer \
+                    -k /home/eesim/scripts/certs/download.simmer505.com.key \
+                    --script-dir /home/eesim/scripts/ \
+                    0.0.0.0:11112
+            '';
+        };
+    };
+
    # Use the systemd-boot EFI boot loader.
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
--- a/modules/home/gtk.nix
+++ b/modules/home/gtk.nix
@@ -6,7 +6,7 @@
 }:

 with lib; let
-    gui = systemConfig.gui;
+    gui = config.simmer.gui;
 in
 {
    config = {
--- a/modules/nix/gui.nix
+++ b/modules/nix/gui.nix
@@ -49,7 +49,7 @@ in
             fontconfig = {

                defaultFonts = {
-                    serif = [  "Noto Serif" "Noto Serif CJK JP" ];
+                    serif = [ "Noto Serif" "Noto Serif CJK JP" ];
                    sansSerif = [ "Noto Sans" "Noto Sans CJK JP" ];
                    monospace = [ "Ubuntu Mono" "Noto Sans Mono CJK JP" ];
                };
--- a/secrets/diphda/secrets.yaml
+++ b/secrets/diphda/secrets.yaml
Author	SHA1	Message	Date
Ethan Simmons	16fa1884e9	More configuration for docker containers	2024-06-22 20:12:23 -05:00
Ethan Simmons	55a9a835b9	Fix gtk config	2024-06-22 20:11:29 -05:00