Compare commits
2 Commits
8ffd3c0de4
...
1ea4d41852
| Author | SHA1 | Date | |
|---|---|---|---|
|
1ea4d41852 | ||
|
|
9c26cd9dc5 |
15
flake.nix
15
flake.nix
@@ -160,6 +160,8 @@
|
||||
repo = "t643s856@t643s856.repo.borgbase.com:repo";
|
||||
excludes = [
|
||||
"/home/eesim/.cache/"
|
||||
"/home/eesim/configs/mc-distant-horizons"
|
||||
"/home/eesim/configs/mc-arcadia"
|
||||
];
|
||||
key = "/home/eesim/.ssh/id_ed25519";
|
||||
passphrase = "/run/secrets/borgbase/nix-alpheratz";
|
||||
@@ -189,6 +191,19 @@
|
||||
options = {
|
||||
openssh.enable = true;
|
||||
|
||||
backup = {
|
||||
enable = true;
|
||||
user = "eesim";
|
||||
paths = [ "/home/eesim" ];
|
||||
repo = "ssh://p9h977h3@p9h977h3.repo.borgbase.com/./repo";
|
||||
excludes = [
|
||||
"/home/eesim/.cache"
|
||||
];
|
||||
passphrase = "/run/secrets/backup/repo_password";
|
||||
key = "/home/eesim/.ssh/id_ed25519_borgbase";
|
||||
repeat = "daily";
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 80 443 3000 3843 4533 6600 6722 7474 7878 8000 8080 8081 8083 8089 8096 8120 8181 8443 8787 8889 8902 8989 8998 9000 9091 9696 11112 13378 24454 25565 25600 ];
|
||||
|
||||
@@ -20,8 +20,13 @@
|
||||
defaultSopsFile = ../../secrets/diphda/secrets.yaml;
|
||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
secrets."backup/repo_password" = {
|
||||
owner = "eesim";
|
||||
};
|
||||
|
||||
secrets."mc-arcadia/repo_password" = {};
|
||||
secrets."mc-dh/repo_password" = {};
|
||||
|
||||
secrets."tandoor/secret_key" = {
|
||||
owner = "tandoor";
|
||||
};
|
||||
@@ -36,54 +41,6 @@
|
||||
secrets."caddy/porkbun_secret_key" = {};
|
||||
};
|
||||
|
||||
systemd.timers."mc-dh-backup" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* *:00:00";
|
||||
Persistent = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."mc-dh-backup" = {
|
||||
enable = true;
|
||||
preStart = ''
|
||||
${pkgs.docker}/bin/docker exec mc-distant-horizons-mc-1 mc-send-to-console say Server backup starting in 5 minutes
|
||||
sleep 5m
|
||||
'';
|
||||
postStart = ''
|
||||
${pkgs.docker}/bin/docker exec mc-distant-horizons-mc-1 mc-send-to-console say Server backup starting
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "root";
|
||||
ExecStart = ''
|
||||
systemd-inhibit --who="borgmatic" \
|
||||
--why="Prevent interrupting scheduled backup" \
|
||||
${pkgs.borgmatic}/bin/borgmatic -c /etc/nixos/hosts/diphda/mc-dh-backup.yaml --verbosity 1 --syslog-verbosity 1
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."dl-manager" = {
|
||||
enable = true;
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.bash pkgs.lftp ];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = "eesim";
|
||||
Group = "acme";
|
||||
WorkingDirectory = "/home/eesim/scripts";
|
||||
ExecStart = ''
|
||||
/home/eesim/scripts/dl_manager_tokio -vv \
|
||||
-c /var/lib/acme/download.simmer505.com/cert.pem \
|
||||
-k /var/lib/acme/download.simmer505.com/key.pem \
|
||||
--script-dir /home/eesim/scripts/ \
|
||||
0.0.0.0:11112
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."qbit-update-port" = {
|
||||
enable = true;
|
||||
path = [ pkgs.bash pkgs.docker pkgs.curl pkgs.netcat ];
|
||||
@@ -105,21 +62,6 @@
|
||||
};
|
||||
};
|
||||
|
||||
services.mpd = {
|
||||
enable = true;
|
||||
musicDirectory = "/media/Music";
|
||||
network.listenAddress = "any";
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "eesimmons9105@gmail.com";
|
||||
certs."download.simmer505.com" = {
|
||||
dnsProvider = "porkbun";
|
||||
environmentFile = "${config.sops.secrets."porkbun.keytab".path}";
|
||||
};
|
||||
};
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
Reference in New Issue
Block a user