fuckwit/nix-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Activity

Compare commits

base: fuckwit:13925c6490cbe380723d26ab47387c8843aa8088
Branches Tags
fuckwit:master
fuckwit:renovate/lock-file-maintenance
...
compare: fuckwit:1d2679af96be5455ba286f33fe65bc6c8364fd97
Branches Tags
fuckwit:master
fuckwit:renovate/lock-file-maintenance

2 Commits
13925c6490 ... 1d2679af96

Author SHA1 Message Date
fuckwit
1d2679af96 fix samba deprecations 2024-11-18 19:24:25 +01:00
fuckwit
ab27ee081a add backups for NAS 2024-11-18 19:21:50 +01:00
2 changed files with 35 additions and 5 deletions
Show Stats Expand all files Collapse all files

31
nixos/celestia/configuration.nix
View File

@ -35,6 +35,9 @@ in {
sops.secrets."tailscale-auth-key" = {}; sops.secrets."tailscale-auth-key" = {};
sops.secrets."act-runner-token" = {}; sops.secrets."act-runner-token" = {};
sops.secrets."photoprism-password-file" = {}; sops.secrets."photoprism-password-file" = {};
sops.secrets."restic_ssh_key" = {};
sops.secrets."restic_documents_repository_password" = {};
sops.secrets."restic_images_repository_password" = {};
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -161,8 +164,10 @@ in {
samba = { samba = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
extraConfig = "map to guest = bad user"; settings = {
shares = { global = {
"map to guest" = "bad user";
};
dump = { dump = {
path = "/tank/dump"; path = "/tank/dump";
browsable = "yes"; browsable = "yes";
@ -209,6 +214,28 @@ in {
}; };
}; };
restic = let
mkBackup = repo: paths: exclude: {
repository = "sftp:u169497-sub5@u169497.your-storagebox.de:${repo}";
passwordFile = config.sops.secrets."restic_${repo}_repository_password".path;
initialize = true;
extraOptions = [
"sftp.command='ssh -p23 u169497-sub5@u169497.your-storagebox.de -i ${config.sops.secrets."restic_ssh_key".path} -s sftp'"
];
paths = paths;
exclude = exclude;
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "1h";
};
};
in {
backups = {
documents = mkBackup "documents" ["/tank/documents"] [];
images = mkBackup "images" ["/tank/images"] ["/tank/images/import"];
};
};
nginx = { nginx = {
enable = true; enable = true;
clientMaxBodySize = "500m"; clientMaxBodySize = "500m";

9
nixos/celestia/secrets.yaml
View File

@ -2,6 +2,9 @@ acme.env: ENC[AES256_GCM,data:VgSJO2Q32csfN0DEH6kTsaN0z/hRa0fRHLUleju+gqBPjoQmZG
tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str] tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str]
act-runner-token: ENC[AES256_GCM,data:vNYCpt96yFeEUERCXYlk5p1NbVrQOBps7jEUI+4aXonxTDTDfyPZF8tjCjERfg==,iv:hMUz99UdHlXwhTGKr4QlrvkDTfy+jVCSOQlQEENTDI8=,tag:buvPFy10R0BKu4tQBMJhEg==,type:str] act-runner-token: ENC[AES256_GCM,data:vNYCpt96yFeEUERCXYlk5p1NbVrQOBps7jEUI+4aXonxTDTDfyPZF8tjCjERfg==,iv:hMUz99UdHlXwhTGKr4QlrvkDTfy+jVCSOQlQEENTDI8=,tag:buvPFy10R0BKu4tQBMJhEg==,type:str]
photoprism-password-file: ENC[AES256_GCM,data:a0fqrjRDc2M=,iv:H/kLPIJsti8QsOJjwPGFSELD4LHb8u8dIkq8pd7W61E=,tag:xp/vpqE/n+alm17d9eIRcA==,type:str] photoprism-password-file: ENC[AES256_GCM,data:a0fqrjRDc2M=,iv:H/kLPIJsti8QsOJjwPGFSELD4LHb8u8dIkq8pd7W61E=,tag:xp/vpqE/n+alm17d9eIRcA==,type:str]
restic_ssh_key: ENC[AES256_GCM,data:NK7WXhnnueZ6kVZJnjShZ/QaNXINrJ6+youN3EPBmNjiLBTJHFg4LVR3MCU1GaK2HJpbz3qEJa/kto9LPONRR0F6LO6/7U17O0fdzF7Ca7u4xHI7uKBE6x9/dhd5MHJ2yQpEUwJnTB6i/++OcbSfTJmp062jTgWxdarngt6skx0m5JIlu6lhLKyFzGa+cBIesFItredQ2SJroUC4rK3CiQLutuaBlhw90wys3T2uTtRRgzQ08AF90+JY5jqflZposQPT0ox+xEegOyZ4UJxX2WToxD998N7/eETxo2E94zL/5f2mGoubDxwPTZp8cPX+1g85tFjhn361OSgHBwgRRT3rs/js1xZkQQO2McKPyGZVHOzQ0GSrpvxiSiUZk8/49eynEkWUsY2YXQxvl3/s6r/Toh9Wbr9mo3X67A2phTx1beEnU8XMwWS/5ZnqtFNHvxC6tfkAIwblNvCc9mTigSYhOji9TBpcZNOCumY/MYzGSCzxSFXcOnsKZKjxdE3ByHFKcMvJ+uiaav000MbdplOOsYLCSpdQAAZH,iv:JFcu2GO8k7awfB8RV17tcFj5KhXmUxnzjnoEdmMaqxc=,tag:awy4njmuS/l5CCFqWdsy3A==,type:str]
restic_documents_repository_password: ENC[AES256_GCM,data:rcQ5PsvJW2i3e2v1FqbqCOoqiblqFDsqRifzY6YxIKZTNSNrRPgqUduqei/0aSGJTNG+zYS4YRCooCZ/E7mYFg==,iv:IO6OGY+Dfai0Hl/NWT7bqqhTkfhXlUqqnJyQjm87fSw=,tag:K3D112tm+kC5OpEF2t+oZQ==,type:str]
restic_images_repository_password: ENC[AES256_GCM,data:yNWUqZ9ddkfD15mO7NocUYwqNWPaTHXfLkMNq7yy5xgSG4I3G01mFTt5qCPbZ0n+Y6DFlhDQBLAC5SwOvVNggA==,iv:LqA7TG9TS7eyHZ/xqF+L1w5imPdogQGH0DyokaQj4Bc=,tag:1OLRp7VO8Lfy1nQcUr3OWA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -17,8 +20,8 @@ sops:
K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM
wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg== wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-26T08:34:59Z" lastmodified: "2024-11-18T18:21:19Z"
mac: ENC[AES256_GCM,data:bqt8+j+t4p2T6+y3+GkeZB2DsHpf9ugBNBnnR1+m9nyKRsS1bR7divl0GZyndlmPMEzOxGJSeHjDhTwrQ/w6szmmHFuUEpogkiJUxzZM9UUa/k4zBQlgVliQM/uuAvYEQJgWVwBJgkIEHsn/F3QGFPCOY/9N9epkhqr1BgfkMQo=,iv:3DhlnJQ70blHqK+n1DrV8FdjUj6qDQ7L8t/r7tOkEQY=,tag:exY8TN8XIuLvoRDhEHDWTQ==,type:str] mac: ENC[AES256_GCM,data:3QqYfYJpIb1kcd6Kh92BbfQIBrsniet3HYVR56V5g/eHRwJpy526A8Gpntc0vdu7Adpv/bbaaPzmCTeanhEXwXB38iXnEsWSsUBn/KyT0bhIi7HcXNfRM6al7cWA6YBwSyy12ElD0Bf/fX2ptUId39tOj3yr7Rg4VaXMr9gEsMk=,iv:s5LlkeHcjoqWeQDBQmoOTZWI7L18bJi/yz3yv8uGoSM=,tag:FH/CbzCyqBp1ebeKIPox8g==,type:str]
pgp: pgp:
- created_at: "2024-01-25T08:00:56Z" - created_at: "2024-01-25T08:00:56Z"
enc: |- enc: |-
@ -33,4 +36,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5FA64909521A5C85992F26E0F819AEFF941BB849 fp: 5FA64909521A5C85992F26E0F819AEFF941BB849
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.1