2020-12-25 11:09:59 +01:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports =
|
|
|
|
[
|
|
|
|
./hardware-configuration.nix
|
|
|
|
../../configuration/proxmox-vm
|
2023-04-30 19:24:18 +02:00
|
|
|
|
|
|
|
./restic-server.nix
|
2020-12-25 11:09:59 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
boot.loader.grub.enable = true;
|
|
|
|
boot.loader.grub.device = "/dev/vda";
|
|
|
|
|
|
|
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
|
|
|
|
|
|
|
networking.useDHCP = false;
|
|
|
|
networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffc1::6"; prefixLength = 64; } ];
|
|
|
|
networking.defaultGateway6 = { address = "2001:638:904:ffc1::1"; interface = "ens18"; };
|
|
|
|
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
|
|
|
|
|
2023-04-30 19:24:18 +02:00
|
|
|
services.nginx.enable = true;
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
2020-12-25 11:09:59 +01:00
|
|
|
services.borgbackup.repos = {
|
2020-12-25 23:10:04 +01:00
|
|
|
uberspace-ceea = {
|
|
|
|
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiUWufpvAj/Rdxt/frAjs5Q4+/lzaN2jmf5+W3Gazjzw+CH+Agplux6op+LlzF7kAA32yP+lwQto8Rz92NzReDssXd+0JhgAAHrSMrPOPnQbZrierKOfVvDOteklEM4k5JXqZ+xHIMtNomuMV3wCFc18nvwc8t95pDBOI/HwzAwn2mGhVBod0CNXZs8EyMeQJNKLCRwpUrddOX6fz5x/fbPYO4KB3iPkC0X+e/d5SuBvrmwFdnpr2RkCboMPdd6i/0AsY4MLdMV54arS9Ed2jaFKqYCQR5wRdLxndn+aByyVQHQxVU0gVfO9+53NOgiVzhOFzXm6K2KcC/HZR5uj1r ceea@olbers.uberspace.de" ];
|
|
|
|
path = "/mnt/clerie-backup/uberspace-ceea";
|
|
|
|
};
|
|
|
|
uberspace-cleriewi = {
|
|
|
|
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAeU+YezmGNNnntAkOL143NlkADi6ekEcaW9yf9yegdkDxwyIyxaWC89B110kRkNe+6KP+LDwrp9vnFJZjst8Gv+dMs0h9U0IdUafhO7TcbbkqynqmtzIwiSGsLby2K9XOYTMlAa2JOfeNScPWccZ8KgXsIBqRGjo3yQfCHXZu9U/8CGXvYPsTGY5QYNeAw5Uaikuf565GHy4ROx2BN7LGug9lK42Hfv8i1lhCLi7wkhQ0EPGBRPkscjz/0Kb2iABMzyUf6uMrDJX/usKrChxkLfidIM9C5YR1E+wXlmy9lijuNP85NpXUEyVTAp9/XLCp1vskfCjsBLO0l+40XNIt cleriewi@biela.uberspace.de" ];
|
|
|
|
path = "/mnt/clerie-backup/uberspace-cleriewi";
|
|
|
|
};
|
2020-12-25 11:09:59 +01:00
|
|
|
};
|
|
|
|
|
2021-04-11 12:17:47 +02:00
|
|
|
# fix borgbackup primary grouping
|
|
|
|
users.users.borg.group = "borg";
|
|
|
|
|
2022-01-11 21:31:25 +01:00
|
|
|
services.borgbackup.jobs = {
|
2023-02-25 23:24:41 +01:00
|
|
|
backup-replication-hetzner = {
|
|
|
|
paths = [
|
|
|
|
"/mnt/clerie-backup"
|
|
|
|
];
|
|
|
|
doInit = true;
|
|
|
|
repo = "u275370-sub2@u275370.your-storagebox.de:./clerie-backup/" ;
|
|
|
|
encryption = {
|
|
|
|
mode = "none";
|
|
|
|
};
|
|
|
|
environment = { BORG_RSH = "ssh -p 23 -i /var/src/secrets/ssh/borg-backup-replication-hetzner"; };
|
|
|
|
compression = "auto,lzma";
|
|
|
|
startAt = "*-*-* 04:07:00";
|
|
|
|
};
|
2022-01-11 21:31:25 +01:00
|
|
|
backup-replication-palladium = {
|
|
|
|
paths = [
|
|
|
|
"/mnt/clerie-backup"
|
|
|
|
];
|
|
|
|
doInit = true;
|
|
|
|
repo = "borg@palladium.net.clerie.de:." ;
|
|
|
|
encryption = {
|
|
|
|
mode = "none";
|
|
|
|
};
|
|
|
|
environment = { BORG_RSH = "ssh -i /var/src/secrets/ssh/borg-backup-replication-palladium"; };
|
|
|
|
compression = "auto,lzma";
|
2022-01-13 13:43:34 +01:00
|
|
|
startAt = "*-*-* 06:23:00";
|
2022-01-11 21:31:25 +01:00
|
|
|
};
|
2022-06-12 21:51:19 +02:00
|
|
|
backup-replication-external-drive = {
|
|
|
|
paths = [
|
|
|
|
"/mnt/clerie-backup"
|
|
|
|
];
|
|
|
|
doInit = true;
|
|
|
|
repo = "borg@palladium.net.clerie.de:." ;
|
|
|
|
encryption = {
|
|
|
|
mode = "none";
|
|
|
|
};
|
|
|
|
environment = {
|
|
|
|
BORG_RSH = "ssh -i /var/src/secrets/ssh/borg-backup-replication-external-drive";
|
|
|
|
BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
|
|
|
|
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
|
|
|
|
};
|
|
|
|
compression = "auto,lzma";
|
|
|
|
startAt = "*-*-* 08:37:00";
|
|
|
|
};
|
2022-01-11 21:31:25 +01:00
|
|
|
};
|
|
|
|
|
2021-04-11 12:17:47 +02:00
|
|
|
users.users.backup-replication = {
|
|
|
|
isNormalUser = true;
|
|
|
|
group = "backup-replication";
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8kCLiDfVFKgoNvEoMb34jp2n1lQG+k7wigzc4qGmrROlWkJ46/Ym4UrSeQJAd6hwHTcKTZkeOrqDAjZZ+jlidpncJHT5VMW5Ah965pxbBq6Qh1Yz5tKj7nLAQ/+bwEH4qqBFNd796876n3pY/FqhwAHWONqWhLKzMXpFursMSITUPmRXcaPwJrgS9DIYspZ9bBhhRSdQ5N1SiGtaszOQwdevLnNYqdtFOBG4rt9SO6IBIHtaiTIHrrMGS2Lt3NMwkq+O+N+TGaKLjbwqtfUPfPOCmY0XH12OawjxHP9hZ+WH3dPtcu5p+VORciSybPvyh9qzXUrDeO4HDuii2GEFU8JFELYXdT/qBwdIMp82tkgww0zKbTJuc0y/9eR7LCXop4OALhR8+8xWDI9c1ccxu3T7S7zUI1OmTlR9i8rx85D4sz2dtp1jirDoW2KVuIdwe6G3NLfTL95FZRmveEQM3MO8MPpfzZ4EvaMbiQQd/c4VAmGovtSLQhySTpT6qSv0= root@backup-4"
|
2022-06-12 21:51:19 +02:00
|
|
|
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRANmJ2LYUr0Mavz/JJ7j+7p1zkqvizf6ZLt5XOJ2fj0enDuK7Dc5fxiESLGYTsLRVWuY4hNXVIL7aeJUj1LPf6LEX87APP4hb95t+TFxcES87tFfnFO48eiBbSd25Av2jmHGb6/wY2viYBxfk/vrLjPR6RgICqFsWFcz20bsWmc48FdzXYJCGJfKjHiW+Ut95VL+M/AlGBQHo33FNDyPXV4zh+MeWVkOFicwfh0k+4NH7Psj5n93m9szAlz306t5YZ32HnhSlvObkMk1Ugy6AzPKXrgKBu11pmatf7sFRx1ikYGUiKiezGjatt/8lYZfE8rQKQjwH+6LPt3ZPv06ncfKpH2vbZfonM0KhSsm1OIhJTse+X7ZMxizO6QqYM+BRJJGMbhH1g+6kFRsdlwakHNPE9YvG4NxZ1NxWTUr6F0gPhUEy61LkTnznt3ct1hgQR02KDQ+9i8PvaYeIIzZzRKufv4tV7OZkDLbN97tvAMkgpLjF+8fCg3qjn2Lckzc= root@palladium"
|
2021-04-11 12:17:47 +02:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
users.groups.backup-replication = {};
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
bindfs
|
|
|
|
];
|
|
|
|
|
|
|
|
fileSystems."/clerie-backup-replication" = {
|
|
|
|
device = "/mnt/clerie-backup";
|
|
|
|
fsType = "fuse.bindfs";
|
|
|
|
options = [
|
|
|
|
"ro"
|
|
|
|
"force-user=backup-replication"
|
|
|
|
"force-group=backup-replication"
|
|
|
|
"perms=0000:ug=rD"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2021-02-24 02:12:53 +01:00
|
|
|
clerie.monitoring = {
|
|
|
|
enable = true;
|
|
|
|
id = "204";
|
|
|
|
pubkey = "p6OEQ0HG6qiMHlGgCt48sXBuawPkoskSoIuMUVo2Dyc=";
|
|
|
|
};
|
|
|
|
|
2020-12-25 11:09:59 +01:00
|
|
|
system.stateVersion = "21.03";
|
|
|
|
}
|