c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

server8: add restic-server

This commit is contained in:
Sandro - 2023-05-15 23:49:16 +02:00
parent f1fff05b2d
commit 75c4b4d444
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
3 changed files with 42 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
hosts/server8/default.nix
View File

@ -32,7 +32,29 @@
};
services = {
nginx = {
enable = true;
virtualHosts."server8.cluster.zentralwerk.org" = {
default = true;
forceSSL = true;
enableACME = true;
locations."/restic/" = {
proxyPass = "http://${config.services.restic.server.listenAddress}/";
extraConfig = ''
client_max_body_size 20M;
'';
};
};
};
openssh.enable = true;
restic.server = {
enable = true;
listenAddress = "127.0.0.1:8080";
privateRepos = true;
};
smartd.enable = true;
};
@ -40,12 +62,20 @@
sops = {
defaultSopsFile = ./secrets.yaml;
secrets."machine-id" = {
mode = "444";
path = "/etc/machine-id";
secrets = {
"ceph/osd.1/keyfile" = {};
"ceph/osd.2/keyfile" = {};
"machine-id" = {
mode = "444";
path = "/etc/machine-id";
};
"restic/htpasswd" = {
group = config.systemd.services.restic-rest-server.serviceConfig.Group;
mode = "400";
owner = config.systemd.services.restic-rest-server.serviceConfig.User;
path = "/var/lib/restic/.htpasswd";
};
};
secrets."ceph/osd.1/keyfile" = {};
secrets."ceph/osd.2/keyfile" = {};
};
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3";

2
hosts/server8/hardware-configuration.nix
View File

@ -25,7 +25,7 @@
options = [ "zfsutil" ];
};
fileSystems."/var/lib/resitc" =
fileSystems."/var/lib/restic" =
{ device = "server8_hdd/restic";
fsType = "zfs";
options = [ "zfsutil" ];

8
hosts/server8/secrets.yaml
View File

@ -4,6 +4,10 @@ ceph:
keyfile: ENC[AES256_GCM,data:p6ic3dssOo45ArTtX1HfbxO1NrpGjDIGrQHgcAouwucUP+oSWU3ZPw==,iv:g7mzt74BJ7I19QmwYmdeN2dlB+WSkC0Enn3odvU/nKY=,tag:Q0bf4yEkbvYbuT1A6gRTcw==,type:str]
osd.2:
keyfile: ENC[AES256_GCM,data:PwOm1GNXLUYVhjoTQB1Ne/X0J1OUeUBk3ucGJv2qgbgpJUH6sXR/Ng==,iv:q7JUhvn2jeyT55/DTepQTa4ocXl1zN9SdzKz1CO/XEE=,tag:lPsfERwCcfyjvaCWEd4e7w==,type:str]
restic:
password: ENC[AES256_GCM,data:70U8dS3ho2t0IJP4PkAX+tYHxHLI/dYjTQsQ8/g6r/eAhstU7zKmoiOgm8SnQfVdnyDh1RYHhWBCyEUW4oUCA0ooybUTANigkIOsD2zaMWc=,iv:33zrYCT6eMleWkswFBlX06L1lwOvUMPlSRA2jPYv3RI=,tag:jSwuD8d74yFOevoeGTJ4tQ==,type:str]
#ENC[AES256_GCM,data:wKIykk+mVh3I2Hyo2TZVftZxuPZzlAmPEIX41WO7eLka/03P01cTZQl6bmElMRprwWFY,iv:B1ujyiHpdDeNLFjntmRKaAEFknLVNzsxv52kTMx9hVw=,tag:hzyRxamPe7nSUoKFaUKJKw==,type:comment]
htpasswd: ENC[AES256_GCM,data:bZNDezRAChy6Szbuk5hq4NwqlGAqhyZifazlou2w057/q5aCCflu9yTubPSp/ytnerOnRk1joBBcoZBU56yB40P3XlxXsgXh+ZIlHPPmucacHQMh+Ue8HTZM1p0RLVD0qBGanEchwH1SDEJ5VTvQ0Fk6bgwRCZBlQxL5YO23kOhnIArwtrSQrg==,iv:pQxH4zuXJfuFJaa4lCYjI8tfjZateadxVnWlsUYRLXM=,tag:zDymWrPbtn54sKdWwP2y5A==,type:str]
sops:
kms: []
gcp_kms: []
@ -28,8 +32,8 @@ sops:
bWl4MTZUak1Bb0JWRXhRQkR4ZUFnNHMKvKQnoxb3IC7jW0P/zewbR68yJI8Uzz7U
iPaL8MoOlmXPu5dHBSTwn39CpFR6bPxIDMHUn+y9gtCUrbIIJQAaQQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-07T00:24:35Z"
mac: ENC[AES256_GCM,data:SIUoQ94/cy5Jsi/q3Oft7+tTONl+xyrLaS+QFdFgedQRQPo1VQwFz3ATlescjMkkEl/rrFwaY83D1f1ISRz7wcSwo6Fb9ZAzxYpBlDkC4BKdtTWr/BycFyIXjSD34i8olBSRl9js65J1WHOxtgFWprHn7F12L4y9wasqCCkQXd0=,iv:0lJ2qtO8Q/DjafZNKMYg7f7C+bqp0ylLD2Zscfoefew=,tag:h2o/nuO40CiMUwRYlZvdyg==,type:str]
lastmodified: "2023-05-15T21:48:28Z"
mac: ENC[AES256_GCM,data:ZhanhWQ5RqIAEaUe/HRcEWtUsv5TrjHo99RRPupx6BTrezpJ/0YIv4Sc+72wdA2y2hg3reyUC4pgcGYJnAgk1Hv90J1WK8zAKylc38UtUZJPWtey86fnWIPCjZgKcZf2rg2uI9yL/yK6B01RFB+G0RUdOWEQOwYL13QGpj1rNcY=,iv:mj5ps7Ay6YMWet6GDKu3BkNYfZJbi91AumuL4+Ts2Iw=,tag:ROU0jPhAwp8ItSlsWu1YmA==,type:str]
pgp:
- created_at: "2022-12-27T23:54:07Z"
enc: |