xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

a

Browse source
This commit is contained in:
Philipp Hochkamp 2022-04-23 01:38:20 +02:00
parent 33e4c75e19
commit 454665e77d
5 changed files with 22 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/ds9/default.nix
View file

@ -19,7 +19,10 @@ in
services.syncthing.enable = true; services.syncthing.enable = true;
services.syncthing.user = "ragon"; services.syncthing.user = "ragon";
services.syncoid.command = ragon.agenix.secrets."ds9OffsiteBackupSSH" = { owner = config.services.syncoid.user; };
services.syncoid.enable = true;
services.syncoid.sshKey = lib.mkForce "${config.age.secrets.ds9OffsiteBackupSSH.path}";
services.syncoid.commands =
let let
datasets = { datasets = {
backups = "rpool/content/local/backups"; backups = "rpool/content/local/backups";
@ -28,7 +31,7 @@ in
hassosvm = "rpool/content/safe/vms/hassos"; hassosvm = "rpool/content/safe/vms/hassos";
}; };
in in
builtins.mapAttrs (n: v: { target = "backup/${n}"; source = v; sendOptions = [ "w" ]; }) datasets; builtins.mapAttrs (n: v: { target = "backup/${n}"; source = v; sendOptions = "w"; }) datasets;
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
networking.useDHCP = true; networking.useDHCP = true;

1
hosts/ds9/hardware-configuration.nix
View file

@ -22,7 +22,6 @@
persistent = "rpool/content/safe/persist"; persistent = "rpool/content/safe/persist";
arcSize = 8; arcSize = 8;
}; };
services.syncoid.enable = false; # TODO setup offsite backups
services.sanoid.datasets."rpool/content/safe".recursive = true; services.sanoid.datasets."rpool/content/safe".recursive = true;
services.sanoid.datasets."rpool/content/local/backups" = { }; services.sanoid.datasets."rpool/content/local/backups" = { };

11
nixos-modules/services/paperless.nix
View file

@ -13,27 +13,26 @@ in
default = "paperless"; default = "paperless";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.paperless-ng = { services.paperless = {
enable = true; enable = true;
package = pkgs.paperless-ng.overrideAttrs (oldAttrs: rec { doCheck = false; doInstallCheck = false; });
mediaDir = mkDefault "/data/documents/paperless"; mediaDir = mkDefault "/data/documents/paperless";
consumptionDir = mkDefault "/data/applications/paperless-consumption"; consumptionDir = "/data/applications/paperless-consumption";
consumptionDirIsPublic = true; consumptionDirIsPublic = true;
passwordFile = "${config.age.secrets.paperlessAdminPW.path}"; passwordFile = "${config.age.secrets.paperlessAdminPW.path}";
extraConfig = { extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu+eng"; PAPERLESS_OCR_LANGUAGE = "deu+eng";
}; };
}; };
ragon.agenix.secrets.paperlessAdminPW = { group = "${config.services.paperless-ng.user}"; mode = "0440"; }; ragon.agenix.secrets.paperlessAdminPW = { group = "${config.services.paperless.user}"; mode = "0440"; };
services.nginx.clientMaxBodySize = "100m"; services.nginx.clientMaxBodySize = "100m";
services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = { services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = {
useACMEHost = "${domain}"; useACMEHost = "${domain}";
addSSL = true; addSSL = true;
locations."/".proxyPass = "http://${config.services.paperless-ng.address}:${toString config.services.paperless-ng.port}"; locations."/".proxyPass = "http://${config.services.paperless.address}:${toString config.services.paperless.port}";
locations."/".proxyWebsockets = true; locations."/".proxyWebsockets = true;
}; };
ragon.persist.extraDirectories = [ ragon.persist.extraDirectories = [
"${config.services.paperless-ng.dataDir}" "${config.services.paperless.dataDir}"
]; ];
}; };
} }

11
secrets/ds9OffsiteBackupSSH.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 IbXxfw 2bY8D4MwTRAlIJC/IPqR2sT0M7r3mIzTxNRqyWsIVlg
Ls8ipcH9B7LgPEOnOfFoe6zGlJgY3fPYm7MX+dlse00
-> ssh-ed25519 ugHWWw 3NecEQxzuriPw39On2S6d6F2KBepfnjzpZXyVMjpNW4
lvnErLbxlzt0EgrGia0sINCYBP1zocdy2myQwrCYvuw
-> ssh-ed25519 UU9RSA oe8XNsT+h0ZeAwS994tw2KhMINl6nYshS0S6GSc/c0Y
oDOUhJS58DaXOHGA9yu44Z+bm3OqhmkWY++8kMcG+xU
-> (i-grease t="[ CDeDs
i6bTwsfNz5+rcQs0N1c1
--- RtYYZM/2+RhILZMfyhrRhd7DhawxUMYNKdVFQxnCio8
4XæÛao4ûü£bù“],[2K€k˜Ž/XWÝÄÁ°íㇹ´üB?¢nëj QSQ=üÓVCr½¼¥<>§øò_ ÃWÀ-póŘ|#±ß} Ùð)J'ç>j4 „o|&nš (ä¦;ö9gÞ}Y‡Gg<+mÖï+Fn²…_ìió!¾˜Å¢FÉ@Ϊ¤'#7pæÃ[½ØÎøëCšUøNFUà<55>3`t4{Z´>†ðž`¾ú<C2BE>Ýï;<>KòA'i¨¨*1ÿXÅërÑÑ£º¯4báº<C3A1>å¡|iÉ ¡QêøÚs˜@¬d$ÁŠ5;ï4[xÞÚèÚ\#{¢¾ojF L9ÀXÒ­S>4®Œí‰‡¸!1=ÙÞ6<10>ˆo/§PÔ!ì1& ΫÔ¨vI1mQØ»áþ<C3A1>ùd5Û^å:uïZVt&‰¹Ö°ýñøT#²r¯>5œ¥Oÿ^Óž6žD™.+G:‰#5Ezx܃tEŠ1Çäxâ­i•J#»°¼AFáé9»Ð›´â,Æ¿FÇ?oHÉÎ…<C38E>\

1
secrets/secrets.nix
View file

@ -10,6 +10,7 @@ in
"ragonPasswd.age".publicKeys = pubkeys.ragon.computers; "ragonPasswd.age".publicKeys = pubkeys.ragon.computers;
"tailscaleKey.age".publicKeys = pubkeys.ragon.computers; "tailscaleKey.age".publicKeys = pubkeys.ragon.computers;
"paperlessAdminPW.age".publicKeys = pubkeys.ragon.host "ds9"; "paperlessAdminPW.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9OffsiteBackupSSH.age".publicKeys = pubkeys.ragon.host "ds9";
"hedgedocSecret.age".publicKeys = pubkeys.ragon.host "picard"; "hedgedocSecret.age".publicKeys = pubkeys.ragon.host "picard";
"gitlabInitialRootPassword.age".publicKeys = pubkeys.ragon.host "picard"; "gitlabInitialRootPassword.age".publicKeys = pubkeys.ragon.host "picard";
"gitlabSecretFile.age".publicKeys = pubkeys.ragon.host "picard"; "gitlabSecretFile.age".publicKeys = pubkeys.ragon.host "picard";