Simmer/nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Simmer:24efea29a8e6e643a6e1fcc77a21e23c8ffe2684
Branches Tags
Simmer:master
..
compare: Simmer:13041313d01691a8f16a86363a707f2f172f4864
Branches Tags
Simmer:master

1 Commits
24efea29a8 ... 13041313d0

Author SHA1 Message Date
Ethan Simmons
13041313d0 Move diphda key 2024-10-22 14:34:10 -05:00
4 changed files with 15 additions and 24 deletions
Expand all files Collapse all files

2
flake.nix
View File

@@ -175,7 +175,7 @@
networking = { networking = {
firewall = { firewall = {
allowedTCPPorts = [ 80 443 3000 3843 4533 6600 6722 7474 7878 8000 8080 8081 8083 8089 8096 8120 8181 8443 8787 8889 8902 8989 8998 9000 9091 9696 11112 13378 24454 25565 25600 ]; allowedTCPPorts = [ 80 443 3843 4533 6722 7474 7878 8080 8081 8083 8089 8096 8120 8181 8443 8787 8889 8902 8989 8998 9000 9091 9696 11112 24454 25565 25600 ];
allowedUDPPorts = [ 3478 10001 ]; allowedUDPPorts = [ 3478 10001 ];
}; };
}; };

8
hosts/diphda/mc-dh-backup.yaml → hosts/diphda/mc-arcadia-backup.yaml
View File

@@ -1,16 +1,16 @@
source_directories: source_directories:
- /home/eesim/configs/mc-distant-horizons/ - /home/eesim/configs/mc-arcadia
repositories: repositories:
- path: ssh://lxojwl95@lxojwl95.repo.borgbase.com/./repo - path: ssh://fbv1440u@fbv1440u.repo.borgbase.com/./repo
label: "Minecraft-DH borgbase" label: "Minecraft-Arcadia borgbase"
exclude_if_present: exclude_if_present:
- .nobackup - .nobackup
compression: auto,zstd compression: auto,zstd
archive_name_format: '{hostname}-{now:%Y-%m-%d-%H%M%S}' archive_name_format: '{hostname}-{now:%Y-%m-%d-%H%M%S}'
encryption_passcommand: 'cat /run/secrets/mc-dh/repo_password' encryption_passcommand: 'cat /run/secrets/mc-arcadia/repo_password'
keep_hourly: 24 keep_hourly: 24
keep_daily: 7 keep_daily: 7

22
hosts/diphda/system.nix
View File

@@ -21,7 +21,6 @@
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."mc-arcadia/repo_password" = {}; secrets."mc-arcadia/repo_password" = {};
secrets."mc-dh/repo_password" = {};
secrets."tandoor/secret_key" = { secrets."tandoor/secret_key" = {
owner = "tandoor"; owner = "tandoor";
}; };
@@ -32,14 +31,9 @@
format = "binary"; format = "binary";
sopsFile = ../../secrets/diphda/porkbun.keytab; sopsFile = ../../secrets/diphda/porkbun.keytab;
}; };
secrets."caddy-porkbun.keytab" = {
format = "binary";
sopsFile = ../../secrets/diphda/porkbun.keytab;
path = "/home/eesim/configs/caddy/.env";
};
}; };
systemd.timers."mc-dh-backup" = { systemd.timers."mc-arcadia-backup" = {
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnCalendar = "*-*-* *:00:00"; OnCalendar = "*-*-* *:00:00";
@@ -47,14 +41,14 @@
}; };
}; };
systemd.services."mc-dh-backup" = { systemd.services."mc-arcadia-backup" = {
enable = true; enable = true;
preStart = '' preStart = ''
${pkgs.docker}/bin/docker exec mc-distant-horizons-mc-1 mc-send-to-console say Server backup starting in 5 minutes ${pkgs.docker}/bin/docker exec mc-arcadia-mc-1 mc-send-to-console say Server backup starting in 5 minutes
sleep 5m sleep 5m
''; '';
postStart = '' postStart = ''
${pkgs.docker}/bin/docker exec mc-distant-horizons-mc-1 mc-send-to-console say Server backup starting ${pkgs.docker}/bin/docker exec mc-arcadia-mc-1 mc-send-to-console say Server backup starting
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@@ -62,7 +56,7 @@
ExecStart = '' ExecStart = ''
systemd-inhibit --who="borgmatic" \ systemd-inhibit --who="borgmatic" \
--why="Prevent interrupting scheduled backup" \ --why="Prevent interrupting scheduled backup" \
${pkgs.borgmatic}/bin/borgmatic -c /etc/nixos/hosts/diphda/mc-dh-backup.yaml --verbosity 1 --syslog-verbosity 1 ${pkgs.borgmatic}/bin/borgmatic -c /etc/nixos/hosts/diphda/mc-arcadia-backup.yaml --verbosity 1 --syslog-verbosity 1
''; '';
}; };
}; };
@@ -108,12 +102,6 @@
}; };
}; };
services.mpd = {
enable = true;
musicDirectory = "/media/Music";
network.listenAddress = "any";
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "eesimmons9105@gmail.com"; defaults.email = "eesimmons9105@gmail.com";

7
secrets/diphda/secrets.yaml
View File

@@ -5,6 +5,9 @@ tandoor:
db_password: ENC[AES256_GCM,data:lkYU5lFHDo+4/6uVuV6VZ6/XQHQ=,iv:1Htc76J25m9iW6YCosEtSGT4nfYsfywbYVoAf7XXrDI=,tag:RdymUdMjiQqRPutTsQNGaw==,type:str] db_password: ENC[AES256_GCM,data:lkYU5lFHDo+4/6uVuV6VZ6/XQHQ=,iv:1Htc76J25m9iW6YCosEtSGT4nfYsfywbYVoAf7XXrDI=,tag:RdymUdMjiQqRPutTsQNGaw==,type:str]
mc-dh: mc-dh:
repo_password: ENC[AES256_GCM,data:iD1isjDUlJixMPaiE+bDhhKgzLM=,iv:pf9q2M8wRh7B0quYaezdZ81B/8JtsN7jFj8/00YXzcQ=,tag:f5/KHzsc+B21sF+dE8I2Nw==,type:str] repo_password: ENC[AES256_GCM,data:iD1isjDUlJixMPaiE+bDhhKgzLM=,iv:pf9q2M8wRh7B0quYaezdZ81B/8JtsN7jFj8/00YXzcQ=,tag:f5/KHzsc+B21sF+dE8I2Nw==,type:str]
caddy:
porkbun_api_key: ENC[AES256_GCM,data:5UkeI2g1Q7k2BgCy5egoYrGsD/+yky6WDU7k44pZASyxHrGLthswjDsNnQDeWapu3dHgV74esC1cKJLlq1sYoe1SSj8=,iv:Qu3sgwvRXfYaksP8HpOPpwx+A5C9bdtWmFB40jGg6pM=,tag:ZRhZ4in9YbSbCnulyOmqTw==,type:str]
porkbun_secret_key: ENC[AES256_GCM,data:5sZiwTlfVXBUBZRR25Y/CdapZHo58lkwt/r3rhCa6e0p3AX6J7BUNppL4qI4+wr7L6H0ERBkBtfeOAxyjMVmVsgRJ38=,iv:t+OUaBdfy+KBk+gWl4qnhFE627WTg+gcMXcXUpdMc8w=,tag:61eYqKTiwTOBxqnMqRn+dA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -38,8 +41,8 @@ sops:
eUxTaTJVRlpNNWZodE8yZXpWTlpCWVkKHtJFmHUSNfy46J1BJdOvIRjegQrTWdfH eUxTaTJVRlpNNWZodE8yZXpWTlpCWVkKHtJFmHUSNfy46J1BJdOvIRjegQrTWdfH
KSbKbz7ezBOOPlrR7eDEx2FIjP4TVBRksYq+NYockmKVk+VGsc5pBQ== KSbKbz7ezBOOPlrR7eDEx2FIjP4TVBRksYq+NYockmKVk+VGsc5pBQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-21T21:38:20Z" lastmodified: "2024-10-22T19:33:56Z"
mac: ENC[AES256_GCM,data:9xwuUolD29FFk44FTcQogSlulGrqyd6NLR6Jl1vAJkKcuoA531GZVUIvyhKhpwezGuheVBiH+AjqmEAoCK6pIMWO1METDlc3Q2jshLURyc6v0a0dgKpUoU5d1afc09NIVOUpdfQIAOHbOaHJDbUzSb2xIu5Rie8cNbi8vkWC0Rw=,iv:AZ6HnHb3yFvSDU8LeF5+rRZZv4eywY3QlhDeWLfJG+c=,tag:y6a7bg0BfmzwsbCqQfFdwQ==,type:str] mac: ENC[AES256_GCM,data:XaWrqy8GTvvc9b+pvqEKc0Pnai5THfeFg+OEyWbzcxPyNFPKD54kWUWm8t0PGntyWM/G8j/Ar36jnnoprInNyy/g7HuAPCNUojdFUFgvTST1TJqSbLprUJ/buCjbph38xWXCxDNxAycv0TdTHfT+q5laCEv1mNkcv4ZPJ0vJq7A=,iv:xROcRftKIIXkU6TBG5U72fF7F4VTbapqudJIcka0BLo=,tag:PbRoRKW1W8KBZD/GuaKi2w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1