server8: add restic-server
This commit is contained in:
parent
f1fff05b2d
commit
75c4b4d444
|
@ -32,7 +32,29 @@
|
|||
};
|
||||
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."server8.cluster.zentralwerk.org" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/restic/" = {
|
||||
proxyPass = "http://${config.services.restic.server.listenAddress}/";
|
||||
extraConfig = ''
|
||||
client_max_body_size 20M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
openssh.enable = true;
|
||||
|
||||
restic.server = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1:8080";
|
||||
privateRepos = true;
|
||||
};
|
||||
|
||||
smartd.enable = true;
|
||||
};
|
||||
|
||||
|
@ -40,12 +62,20 @@
|
|||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."machine-id" = {
|
||||
mode = "444";
|
||||
path = "/etc/machine-id";
|
||||
secrets = {
|
||||
"ceph/osd.1/keyfile" = {};
|
||||
"ceph/osd.2/keyfile" = {};
|
||||
"machine-id" = {
|
||||
mode = "444";
|
||||
path = "/etc/machine-id";
|
||||
};
|
||||
"restic/htpasswd" = {
|
||||
group = config.systemd.services.restic-rest-server.serviceConfig.Group;
|
||||
mode = "400";
|
||||
owner = config.systemd.services.restic-rest-server.serviceConfig.User;
|
||||
path = "/var/lib/restic/.htpasswd";
|
||||
};
|
||||
};
|
||||
secrets."ceph/osd.1/keyfile" = {};
|
||||
secrets."ceph/osd.2/keyfile" = {};
|
||||
};
|
||||
|
||||
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3";
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/resitc" =
|
||||
fileSystems."/var/lib/restic" =
|
||||
{ device = "server8_hdd/restic";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
|
|
|
@ -4,6 +4,10 @@ ceph:
|
|||
keyfile: ENC[AES256_GCM,data:p6ic3dssOo45ArTtX1HfbxO1NrpGjDIGrQHgcAouwucUP+oSWU3ZPw==,iv:g7mzt74BJ7I19QmwYmdeN2dlB+WSkC0Enn3odvU/nKY=,tag:Q0bf4yEkbvYbuT1A6gRTcw==,type:str]
|
||||
osd.2:
|
||||
keyfile: ENC[AES256_GCM,data:PwOm1GNXLUYVhjoTQB1Ne/X0J1OUeUBk3ucGJv2qgbgpJUH6sXR/Ng==,iv:q7JUhvn2jeyT55/DTepQTa4ocXl1zN9SdzKz1CO/XEE=,tag:lPsfERwCcfyjvaCWEd4e7w==,type:str]
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:70U8dS3ho2t0IJP4PkAX+tYHxHLI/dYjTQsQ8/g6r/eAhstU7zKmoiOgm8SnQfVdnyDh1RYHhWBCyEUW4oUCA0ooybUTANigkIOsD2zaMWc=,iv:33zrYCT6eMleWkswFBlX06L1lwOvUMPlSRA2jPYv3RI=,tag:jSwuD8d74yFOevoeGTJ4tQ==,type:str]
|
||||
#ENC[AES256_GCM,data:wKIykk+mVh3I2Hyo2TZVftZxuPZzlAmPEIX41WO7eLka/03P01cTZQl6bmElMRprwWFY,iv:B1ujyiHpdDeNLFjntmRKaAEFknLVNzsxv52kTMx9hVw=,tag:hzyRxamPe7nSUoKFaUKJKw==,type:comment]
|
||||
htpasswd: ENC[AES256_GCM,data:bZNDezRAChy6Szbuk5hq4NwqlGAqhyZifazlou2w057/q5aCCflu9yTubPSp/ytnerOnRk1joBBcoZBU56yB40P3XlxXsgXh+ZIlHPPmucacHQMh+Ue8HTZM1p0RLVD0qBGanEchwH1SDEJ5VTvQ0Fk6bgwRCZBlQxL5YO23kOhnIArwtrSQrg==,iv:pQxH4zuXJfuFJaa4lCYjI8tfjZateadxVnWlsUYRLXM=,tag:zDymWrPbtn54sKdWwP2y5A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -28,8 +32,8 @@ sops:
|
|||
bWl4MTZUak1Bb0JWRXhRQkR4ZUFnNHMKvKQnoxb3IC7jW0P/zewbR68yJI8Uzz7U
|
||||
iPaL8MoOlmXPu5dHBSTwn39CpFR6bPxIDMHUn+y9gtCUrbIIJQAaQQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-07T00:24:35Z"
|
||||
mac: ENC[AES256_GCM,data:SIUoQ94/cy5Jsi/q3Oft7+tTONl+xyrLaS+QFdFgedQRQPo1VQwFz3ATlescjMkkEl/rrFwaY83D1f1ISRz7wcSwo6Fb9ZAzxYpBlDkC4BKdtTWr/BycFyIXjSD34i8olBSRl9js65J1WHOxtgFWprHn7F12L4y9wasqCCkQXd0=,iv:0lJ2qtO8Q/DjafZNKMYg7f7C+bqp0ylLD2Zscfoefew=,tag:h2o/nuO40CiMUwRYlZvdyg==,type:str]
|
||||
lastmodified: "2023-05-15T21:48:28Z"
|
||||
mac: ENC[AES256_GCM,data:ZhanhWQ5RqIAEaUe/HRcEWtUsv5TrjHo99RRPupx6BTrezpJ/0YIv4Sc+72wdA2y2hg3reyUC4pgcGYJnAgk1Hv90J1WK8zAKylc38UtUZJPWtey86fnWIPCjZgKcZf2rg2uI9yL/yK6B01RFB+G0RUdOWEQOwYL13QGpj1rNcY=,iv:mj5ps7Ay6YMWet6GDKu3BkNYfZJbi91AumuL4+Ts2Iw=,tag:ROU0jPhAwp8ItSlsWu1YmA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-27T23:54:07Z"
|
||||
enc: |
|
||||
|
|
Loading…
Reference in New Issue