1
0
nixfiles/hosts/clerie-backup/configuration.nix

148 lines
8.5 KiB
Nix

{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
../../configuration/proxmox-vm
./restic-server.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
networking.useDHCP = false;
networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffc1::6"; prefixLength = 64; } ];
networking.defaultGateway6 = { address = "2001:638:904:ffc1::1"; interface = "ens18"; };
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.borgbackup.repos = {
#clerie = {
# authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie" ];
# path = "/mnt/clerie-backup/clerie";
#};
cosima = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2x5h7F3rRy8G8r6twd549TRyIB/WsKOxJWIcUbAc3FFOIvbtXyT/zR91K58usZzcVdZjobyLa9aNfJNvA3ez2dO0PaqoRLg9Bgq44/bd6492N4ALROAgbmMwuTwA3gq2TYrWUCICGlYvBv7eVoSKrGECw4IZkAgoXu/pucz9yi10ccsu+cfZxuBRZtn5QmRIo8uhyGcjhtk9obB0JkUrGrubJRhxUazEH5j+bn/DHmYpmIyRV/82YvA+GR3B/PODF0fi7sFoeBQefCPTCHftYROB1P7G70wvO9rC9xTWSGPVeM7PmtArRKxOX89yqhVuHr2hWrPLLFMbY3wMNVKD5 cosima" ];
path = "/mnt/clerie-backup/cosima";
};
krypton = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDV3GpgaDqgTlWX0//DQ7AedYo0sD4e37OHl4/OqU7C+YfIuzaC8+KRfugTQS4R8UBKuxFHJC867aHq2rxIfKzKFtmyVPT7ywbpgNW3FDugQZ5MdPo8eHV19jnaZ9jkhUpJmMzayW+hU0GxT1fEXzSaewJknY3afdTKAi3dM+7LAcxVa82qwwArNuH06wrthU9eyva2QWMeZ6aEzzZgSxxrLQZFIXRtA81JcFmjL1IwxepDyUsbTj31Wmvf4n6YI6wxY9QhKyS4bahlnQmW0CpKwX6lKtGRRMVilTZLKa0aR0z15ltPE5h1USUnxiyo5YVB+1QA8luCnQAzIeZODEc3um8AfH4Z83MqU802K8yRmjJUhkoezJwRjewJito3Pfc4TOC2pdo7Na9bb5omTz7jiTRDvQkysWSZGyd22Vsl48tVuRTve/VkhBZuqOwH9yqBz5rl2hG7GHOiHD40kjxq+fJW8vge1hdu1TEQK8ubn1Cod/GuvuWFMTAwagYrJs0= clerie@krypton" ];
path = "/mnt/clerie-backup/krypton";
};
mail-1 = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqsAeI+iZ89MpkjNpLViJjC0FxHPVokpVVeU1IqD3KqhF70dqf3IuJSnhCfW4i2RPkwVwLkT1WsUmnI3Pp3izreBL+Y/RA2jG/x0380It/6RBwFtZA+6E7OgQtwca6APYIPSjlQnEfRrQV0Kz16qBZZRjo/VG20rDxUSiS+bPk5ar3JFjCSf4DnikeWR5u5brL6nFnHaiw7PbRTytdeb3y/g1TdBceLE0ISLtA/LJqlaRo5dKeDv69Loet65TA66PpCR3wp3yROaLVx7IF+Pr+x4WO6XMKjlaOjWygdW9zJ3fKa3pEhtzlcYHczDVLXyGszsKvUoRioP3m1GQY3gg7 root@mail-1" ];
path = "/mnt/clerie-backup/mail-1";
};
terra = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHoEImO4ARWCJAMZSx5kgbO/PUjEdckQl0O99sK5ZCCv/bVy16UXOsh4+c0W0z7zJbhuuxavi/xccJGZWp8ZKE0N5oboMEK47QFlr4oQvG3BGjUu3WzCM5Z6T+S15yEVbRPlfW7hpg+UEDyg2g37oWqO1JUoBOzq1TnXUgNeeP3tvFwqZ6FVec3T30IRCPogF47PndTiQtCYO+lTjUJubwxHaj77JZu11uGKAdH3XOH+IFZCkvzbxpVSSc+FprGAgPyWEYqoS+iq/MWbxkxAVLL7mBEbjS8hfS+QdPWvHy/st8MPB/cEKGyCMoDg1nIOLbwy84L4/XXGnpaw4CdGYn/QzQ5+Crq7ehSpk6UGNDDScCQ5rsvg/sbqvoAqpRZBbTXxcLhLshGqu8q+a7BaPhIrFfkZ4N1jNaTq1P5V1rr9CHQtrtLCihhD3krgRxfDmi530jLA1RSVWO3PEt3LpTfYNeznzVLaD1/rA5RDUi+EC0QhHv5A+fksnU6cbiY6E= user@Arch-PC" ];
path = "/mnt/clerie-backup/terra";
};
uberspace-ceea = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiUWufpvAj/Rdxt/frAjs5Q4+/lzaN2jmf5+W3Gazjzw+CH+Agplux6op+LlzF7kAA32yP+lwQto8Rz92NzReDssXd+0JhgAAHrSMrPOPnQbZrierKOfVvDOteklEM4k5JXqZ+xHIMtNomuMV3wCFc18nvwc8t95pDBOI/HwzAwn2mGhVBod0CNXZs8EyMeQJNKLCRwpUrddOX6fz5x/fbPYO4KB3iPkC0X+e/d5SuBvrmwFdnpr2RkCboMPdd6i/0AsY4MLdMV54arS9Ed2jaFKqYCQR5wRdLxndn+aByyVQHQxVU0gVfO9+53NOgiVzhOFzXm6K2KcC/HZR5uj1r ceea@olbers.uberspace.de" ];
path = "/mnt/clerie-backup/uberspace-ceea";
};
uberspace-cleriewi = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAeU+YezmGNNnntAkOL143NlkADi6ekEcaW9yf9yegdkDxwyIyxaWC89B110kRkNe+6KP+LDwrp9vnFJZjst8Gv+dMs0h9U0IdUafhO7TcbbkqynqmtzIwiSGsLby2K9XOYTMlAa2JOfeNScPWccZ8KgXsIBqRGjo3yQfCHXZu9U/8CGXvYPsTGY5QYNeAw5Uaikuf565GHy4ROx2BN7LGug9lK42Hfv8i1lhCLi7wkhQ0EPGBRPkscjz/0Kb2iABMzyUf6uMrDJX/usKrChxkLfidIM9C5YR1E+wXlmy9lijuNP85NpXUEyVTAp9/XLCp1vskfCjsBLO0l+40XNIt cleriewi@biela.uberspace.de" ];
path = "/mnt/clerie-backup/uberspace-cleriewi";
};
web-2 = {
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKC1pw7u/LcriXMt9mRhjjw7IvKh3Hfj2R6sZbybk5x6 web-2"];
path = "/mnt/clerie-backup/web-2";
};
minecraft-2 = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3GLVwBZnwZhjZOZSzDnaPsQ00ak47lJ2dpmtIkBqgHDhwlo1jL83izdGysSqL0Pm1xDTy5dX52WWp4B2xr/M5QAj2pCymbRCb+doLQxc59TXsL0a6KhmMC3pdpERRukyh2QR4urVzSGu33ZnL7pIjc4kkiBeblSGm01HdHImbjbFEGO0smHJ12Zem7zhgzmHBE1fPgVTpLx1QeQlMvSQSASLrinj3zIPpDwtUaMqx1d0C3xgijSysNaZzBLVBAhMrMoCOueMhA0o/t3irnAjBzxPSomZqNAYBrZdIYL4zAj/lyJEz3+Bki0VaxR5woSVyQ9N3FKhyCqNrouCdaKbet76yIPvIixug4+E9oYXs+Iaj8ywcYh605sKMKGoeNJH7OFIl8H0SjSXRtef3q3lD0VSJUzK7fAqL8t3tBSiYuU4n5CCYeCEOedqPu8ATqR0t5riVPZLQO6L2r/2Q5Mjy8/ZZkBMFB0/iK2dXMbX+AYWZ4JnPiGRomjkPKiJXnmE= root@minecraft-2"];
path = "/mnt/clerie-backup/minecraft-2";
};
};
# fix borgbackup primary grouping
users.users.borg.group = "borg";
services.borgbackup.jobs = {
backup-replication-hetzner = {
paths = [
"/mnt/clerie-backup"
];
doInit = true;
repo = "u275370-sub2@u275370.your-storagebox.de:./clerie-backup/" ;
encryption = {
mode = "none";
};
environment = { BORG_RSH = "ssh -p 23 -i /var/src/secrets/ssh/borg-backup-replication-hetzner"; };
compression = "auto,lzma";
startAt = "*-*-* 04:07:00";
};
backup-replication-palladium = {
paths = [
"/mnt/clerie-backup"
];
doInit = true;
repo = "borg@palladium.net.clerie.de:." ;
encryption = {
mode = "none";
};
environment = { BORG_RSH = "ssh -i /var/src/secrets/ssh/borg-backup-replication-palladium"; };
compression = "auto,lzma";
startAt = "*-*-* 06:23:00";
};
backup-replication-external-drive = {
paths = [
"/mnt/clerie-backup"
];
doInit = true;
repo = "borg@palladium.net.clerie.de:." ;
encryption = {
mode = "none";
};
environment = {
BORG_RSH = "ssh -i /var/src/secrets/ssh/borg-backup-replication-external-drive";
BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
};
compression = "auto,lzma";
startAt = "*-*-* 08:37:00";
};
};
users.users.backup-replication = {
isNormalUser = true;
group = "backup-replication";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8kCLiDfVFKgoNvEoMb34jp2n1lQG+k7wigzc4qGmrROlWkJ46/Ym4UrSeQJAd6hwHTcKTZkeOrqDAjZZ+jlidpncJHT5VMW5Ah965pxbBq6Qh1Yz5tKj7nLAQ/+bwEH4qqBFNd796876n3pY/FqhwAHWONqWhLKzMXpFursMSITUPmRXcaPwJrgS9DIYspZ9bBhhRSdQ5N1SiGtaszOQwdevLnNYqdtFOBG4rt9SO6IBIHtaiTIHrrMGS2Lt3NMwkq+O+N+TGaKLjbwqtfUPfPOCmY0XH12OawjxHP9hZ+WH3dPtcu5p+VORciSybPvyh9qzXUrDeO4HDuii2GEFU8JFELYXdT/qBwdIMp82tkgww0zKbTJuc0y/9eR7LCXop4OALhR8+8xWDI9c1ccxu3T7S7zUI1OmTlR9i8rx85D4sz2dtp1jirDoW2KVuIdwe6G3NLfTL95FZRmveEQM3MO8MPpfzZ4EvaMbiQQd/c4VAmGovtSLQhySTpT6qSv0= root@backup-4"
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRANmJ2LYUr0Mavz/JJ7j+7p1zkqvizf6ZLt5XOJ2fj0enDuK7Dc5fxiESLGYTsLRVWuY4hNXVIL7aeJUj1LPf6LEX87APP4hb95t+TFxcES87tFfnFO48eiBbSd25Av2jmHGb6/wY2viYBxfk/vrLjPR6RgICqFsWFcz20bsWmc48FdzXYJCGJfKjHiW+Ut95VL+M/AlGBQHo33FNDyPXV4zh+MeWVkOFicwfh0k+4NH7Psj5n93m9szAlz306t5YZ32HnhSlvObkMk1Ugy6AzPKXrgKBu11pmatf7sFRx1ikYGUiKiezGjatt/8lYZfE8rQKQjwH+6LPt3ZPv06ncfKpH2vbZfonM0KhSsm1OIhJTse+X7ZMxizO6QqYM+BRJJGMbhH1g+6kFRsdlwakHNPE9YvG4NxZ1NxWTUr6F0gPhUEy61LkTnznt3ct1hgQR02KDQ+9i8PvaYeIIzZzRKufv4tV7OZkDLbN97tvAMkgpLjF+8fCg3qjn2Lckzc= root@palladium"
];
};
users.groups.backup-replication = {};
environment.systemPackages = with pkgs; [
bindfs
];
fileSystems."/clerie-backup-replication" = {
device = "/mnt/clerie-backup";
fsType = "fuse.bindfs";
options = [
"ro"
"force-user=backup-replication"
"force-group=backup-replication"
"perms=0000:ug=rD"
];
};
clerie.monitoring = {
enable = true;
id = "204";
pubkey = "p6OEQ0HG6qiMHlGgCt48sXBuawPkoskSoIuMUVo2Dyc=";
};
system.stateVersion = "21.03";
}