forked from c3d2/nix-config
server8: add restic-server
This commit is contained in:
parent
f1fff05b2d
commit
75c4b4d444
|
@ -32,7 +32,29 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."server8.cluster.zentralwerk.org" = {
|
||||||
|
default = true;
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/restic/" = {
|
||||||
|
proxyPass = "http://${config.services.restic.server.listenAddress}/";
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size 20M;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
openssh.enable = true;
|
openssh.enable = true;
|
||||||
|
|
||||||
|
restic.server = {
|
||||||
|
enable = true;
|
||||||
|
listenAddress = "127.0.0.1:8080";
|
||||||
|
privateRepos = true;
|
||||||
|
};
|
||||||
|
|
||||||
smartd.enable = true;
|
smartd.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -40,12 +62,20 @@
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets."machine-id" = {
|
secrets = {
|
||||||
mode = "444";
|
"ceph/osd.1/keyfile" = {};
|
||||||
path = "/etc/machine-id";
|
"ceph/osd.2/keyfile" = {};
|
||||||
|
"machine-id" = {
|
||||||
|
mode = "444";
|
||||||
|
path = "/etc/machine-id";
|
||||||
|
};
|
||||||
|
"restic/htpasswd" = {
|
||||||
|
group = config.systemd.services.restic-rest-server.serviceConfig.Group;
|
||||||
|
mode = "400";
|
||||||
|
owner = config.systemd.services.restic-rest-server.serviceConfig.User;
|
||||||
|
path = "/var/lib/restic/.htpasswd";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
secrets."ceph/osd.1/keyfile" = {};
|
|
||||||
secrets."ceph/osd.2/keyfile" = {};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3";
|
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3";
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
options = [ "zfsutil" ];
|
options = [ "zfsutil" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/var/lib/resitc" =
|
fileSystems."/var/lib/restic" =
|
||||||
{ device = "server8_hdd/restic";
|
{ device = "server8_hdd/restic";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
options = [ "zfsutil" ];
|
options = [ "zfsutil" ];
|
||||||
|
|
|
@ -4,6 +4,10 @@ ceph:
|
||||||
keyfile: ENC[AES256_GCM,data:p6ic3dssOo45ArTtX1HfbxO1NrpGjDIGrQHgcAouwucUP+oSWU3ZPw==,iv:g7mzt74BJ7I19QmwYmdeN2dlB+WSkC0Enn3odvU/nKY=,tag:Q0bf4yEkbvYbuT1A6gRTcw==,type:str]
|
keyfile: ENC[AES256_GCM,data:p6ic3dssOo45ArTtX1HfbxO1NrpGjDIGrQHgcAouwucUP+oSWU3ZPw==,iv:g7mzt74BJ7I19QmwYmdeN2dlB+WSkC0Enn3odvU/nKY=,tag:Q0bf4yEkbvYbuT1A6gRTcw==,type:str]
|
||||||
osd.2:
|
osd.2:
|
||||||
keyfile: ENC[AES256_GCM,data:PwOm1GNXLUYVhjoTQB1Ne/X0J1OUeUBk3ucGJv2qgbgpJUH6sXR/Ng==,iv:q7JUhvn2jeyT55/DTepQTa4ocXl1zN9SdzKz1CO/XEE=,tag:lPsfERwCcfyjvaCWEd4e7w==,type:str]
|
keyfile: ENC[AES256_GCM,data:PwOm1GNXLUYVhjoTQB1Ne/X0J1OUeUBk3ucGJv2qgbgpJUH6sXR/Ng==,iv:q7JUhvn2jeyT55/DTepQTa4ocXl1zN9SdzKz1CO/XEE=,tag:lPsfERwCcfyjvaCWEd4e7w==,type:str]
|
||||||
|
restic:
|
||||||
|
password: ENC[AES256_GCM,data:70U8dS3ho2t0IJP4PkAX+tYHxHLI/dYjTQsQ8/g6r/eAhstU7zKmoiOgm8SnQfVdnyDh1RYHhWBCyEUW4oUCA0ooybUTANigkIOsD2zaMWc=,iv:33zrYCT6eMleWkswFBlX06L1lwOvUMPlSRA2jPYv3RI=,tag:jSwuD8d74yFOevoeGTJ4tQ==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:wKIykk+mVh3I2Hyo2TZVftZxuPZzlAmPEIX41WO7eLka/03P01cTZQl6bmElMRprwWFY,iv:B1ujyiHpdDeNLFjntmRKaAEFknLVNzsxv52kTMx9hVw=,tag:hzyRxamPe7nSUoKFaUKJKw==,type:comment]
|
||||||
|
htpasswd: ENC[AES256_GCM,data:bZNDezRAChy6Szbuk5hq4NwqlGAqhyZifazlou2w057/q5aCCflu9yTubPSp/ytnerOnRk1joBBcoZBU56yB40P3XlxXsgXh+ZIlHPPmucacHQMh+Ue8HTZM1p0RLVD0qBGanEchwH1SDEJ5VTvQ0Fk6bgwRCZBlQxL5YO23kOhnIArwtrSQrg==,iv:pQxH4zuXJfuFJaa4lCYjI8tfjZateadxVnWlsUYRLXM=,tag:zDymWrPbtn54sKdWwP2y5A==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -28,8 +32,8 @@ sops:
|
||||||
bWl4MTZUak1Bb0JWRXhRQkR4ZUFnNHMKvKQnoxb3IC7jW0P/zewbR68yJI8Uzz7U
|
bWl4MTZUak1Bb0JWRXhRQkR4ZUFnNHMKvKQnoxb3IC7jW0P/zewbR68yJI8Uzz7U
|
||||||
iPaL8MoOlmXPu5dHBSTwn39CpFR6bPxIDMHUn+y9gtCUrbIIJQAaQQ==
|
iPaL8MoOlmXPu5dHBSTwn39CpFR6bPxIDMHUn+y9gtCUrbIIJQAaQQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-01-07T00:24:35Z"
|
lastmodified: "2023-05-15T21:48:28Z"
|
||||||
mac: ENC[AES256_GCM,data:SIUoQ94/cy5Jsi/q3Oft7+tTONl+xyrLaS+QFdFgedQRQPo1VQwFz3ATlescjMkkEl/rrFwaY83D1f1ISRz7wcSwo6Fb9ZAzxYpBlDkC4BKdtTWr/BycFyIXjSD34i8olBSRl9js65J1WHOxtgFWprHn7F12L4y9wasqCCkQXd0=,iv:0lJ2qtO8Q/DjafZNKMYg7f7C+bqp0ylLD2Zscfoefew=,tag:h2o/nuO40CiMUwRYlZvdyg==,type:str]
|
mac: ENC[AES256_GCM,data:ZhanhWQ5RqIAEaUe/HRcEWtUsv5TrjHo99RRPupx6BTrezpJ/0YIv4Sc+72wdA2y2hg3reyUC4pgcGYJnAgk1Hv90J1WK8zAKylc38UtUZJPWtey86fnWIPCjZgKcZf2rg2uI9yL/yK6B01RFB+G0RUdOWEQOwYL13QGpj1rNcY=,iv:mj5ps7Ay6YMWet6GDKu3BkNYfZJbi91AumuL4+Ts2Iw=,tag:ROU0jPhAwp8ItSlsWu1YmA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-12-27T23:54:07Z"
|
- created_at: "2022-12-27T23:54:07Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in New Issue
Block a user