From 56a34de0cb24af8b3ae0c8405f0a5b53dcbef961 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 30 Apr 2023 19:24:18 +0200
Subject: [PATCH] hosts/clerie-backup,hosts/backup-4: add restic server backup
 nodes

---
 hosts/backup-4/configuration.nix      |  5 +++++
 hosts/backup-4/restic-server.nix      | 21 +++++++++++++++++++++
 hosts/clerie-backup/configuration.nix |  6 ++++++
 hosts/clerie-backup/restic-server.nix | 21 +++++++++++++++++++++
 4 files changed, 53 insertions(+)
 create mode 100644 hosts/backup-4/restic-server.nix
 create mode 100644 hosts/clerie-backup/restic-server.nix

diff --git a/hosts/backup-4/configuration.nix b/hosts/backup-4/configuration.nix
index 6b66b13..6748f68 100644
--- a/hosts/backup-4/configuration.nix
+++ b/hosts/backup-4/configuration.nix
@@ -7,6 +7,7 @@
       ../../configuration/proxmox-vm
 
       ./backup.nix
+      ./restic-server.nix
     ];
 
   boot.loader.grub.enable = true;
@@ -20,6 +21,10 @@
   networking.defaultGateway6 = { address = "2001:638:904:ffcb::1"; interface = "ens18"; };
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
+  services.nginx.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
   clerie.monitoring = {
     enable = true;
     id = "205";
diff --git a/hosts/backup-4/restic-server.nix b/hosts/backup-4/restic-server.nix
new file mode 100644
index 0000000..97fcc47
--- /dev/null
+++ b/hosts/backup-4/restic-server.nix
@@ -0,0 +1,21 @@
+{ ... }:
+
+{
+  services.restic.server = {
+    enable = true;
+    privateRepos = true;
+    dataDir = "/mnt/backup-4/magenta";
+    listenAddress = "[::1]:43242";
+  };
+
+  services.nginx.virtualHosts."magenta.backup.clerie.de" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://[::1]:43242/";
+      extraConfig = ''
+        client_max_body_size 10G;
+      '';
+    };
+  };
+}
diff --git a/hosts/clerie-backup/configuration.nix b/hosts/clerie-backup/configuration.nix
index d4d5f19..98b767c 100644
--- a/hosts/clerie-backup/configuration.nix
+++ b/hosts/clerie-backup/configuration.nix
@@ -5,6 +5,8 @@
     [
       ./hardware-configuration.nix
       ../../configuration/proxmox-vm
+
+      ./restic-server.nix
     ];
 
   boot.loader.grub.enable = true;
@@ -20,6 +22,10 @@
   networking.defaultGateway6 = { address = "2001:638:904:ffc1::1"; interface = "ens18"; };
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
+  services.nginx.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
   services.borgbackup.repos = {
     #clerie = {
     #  authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie" ];
diff --git a/hosts/clerie-backup/restic-server.nix b/hosts/clerie-backup/restic-server.nix
new file mode 100644
index 0000000..f18aa4e
--- /dev/null
+++ b/hosts/clerie-backup/restic-server.nix
@@ -0,0 +1,21 @@
+{ ... }:
+
+{
+  services.restic.server = {
+    enable = true;
+    privateRepos = true;
+    dataDir = "/mnt/clerie-backup/cyan";
+    listenAddress = "[::1]:43242";
+  };
+
+  services.nginx.virtualHosts."cyan.backup.clerie.de" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://[::1]:43242/";
+      extraConfig = ''
+        client_max_body_size 10G;
+      '';
+    };
+  };
+}