Added fixes for disk expansion and VPN networking

.gitignore

@@ -1,3 +1 @@
-userdata/userdata.json
-hardware-configuration.nix
-networking.nix
+userdata/userdata.json

backup/restic.nix

@@ -4,13 +4,19 @@ let
 in
 {
   services.restic.backups = {
-    options = {
-      passwordFile = "/etc/restic/resticPasswd";
-      repository = "s3:s3.anazonaws.com/${cfg.backblaze.bucket}";
+    varBackup = {
+      passwordFile = "/var/lib/restic/pass";
+      repository = "rclone:${cfg.backblaze.bucket}:/sfbackup";
+      extraOptions = [ "rclone.args='serve restic --stdio'" ];
+      rcloneConfig = {
+        type = "b2";
+        account = cfg.backblaze.accountId;
+        key = cfg.backblaze.accountKey;
+        hard_delete = false;
+      };
       initialize = true;
       paths = [
-        "/var/dkim"
-        "/var/vmail"
+        "/var"
       ];
       timerConfig = {
         OnCalendar = [ "daily" ];
@@ -25,11 +31,4 @@ in
     isNormalUser = false;
     isSystemUser = true;
   };
-  environment.etc."restic/resticPasswd".text = ''
-    ${cfg.resticPassword}
-  '';
-  environment.etc."restic/s3Passwd".text = ''
-    AWS_ACCESS_KEY_ID=${cfg.backblaze.accountId}
-    AWS_SECRET_ACCESS_KEY=${cfg.backblaze.accountKey}
-  '';
 }

configuration.nix

@@ -6,7 +6,6 @@ in
 {
   imports = [
     ./hardware-configuration.nix
-
     ./variables-module.nix
     ./variables.nix
     ./files.nix
@@ -34,9 +33,14 @@ in
   boot.cleanTmpDir = true;
   networking = {
     hostName = config.services.userdata.hostname;
+    usePredictableInterfaceNames = false;
     firewall = {
       allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
       allowedUDPPorts = lib.mkForce [ 8443 ];
+      extraCommands = ''
+        iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
+        iptables --append FORWARD --in-interface vpn00 -j ACCEPT
+      '';
     };
     nameservers = [ "1.1.1.1" "1.0.0.1" ];
   };
@@ -84,4 +88,4 @@ in
       enable = true;
     };
   };
-}
+}

files.nix

@@ -22,10 +22,11 @@ in
       '';
     in
     [
-      (if cfg.bitwarden.enable then "d /var/lib/bitwarden 0777 bitwarden_rs bitwarden_rs -" else "")
-      (if cfg.bitwarden.enable then "d /var/lib/bitwarden/backup 0777 bitwarden_rs bitwarden_rs -" else "")
+      (if cfg.bitwarden.enable then "d /var/lib/bitwarden 0777 vaultwarden vaultwarden -" else "")
+      (if cfg.bitwarden.enable then "d /var/lib/bitwarden/backup 0777 vaultwarden vaultwarden -" else "")
       (if cfg.pleroma.enable then "d /var/lib/pleroma 0700 pleroma pleroma - -" else "")
-      "d /var/lib/restic 0600 restic - - -"
+      "d /var 0760 root shared - -"
+      "d /var/lib/restic 0700 restic - - -"
       "f+ /var/lib/restic/pass 0400 restic - - ${resticPass}"
       "f+ /root/.config/rclone/rclone.conf 0400 root root - ${rcloneConfig}"
       (if cfg.pleroma.enable then "f /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")

hardware-configuration.nix

@@ -0,0 +1,9 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/sda";
+  fileSystems = {
+    "/" = { device = "/dev/sda1"; fsType = "ext4"; };
+    "/var" = { device = "/dev/sdb"; fsType = "ext4"; };
+  };
+}

users.nix

@@ -21,5 +21,10 @@ in
         };
       })
       cfg.users);
+    groups = {
+      shared = {
+        members = [ "restic" ];
+      };
+    };  
   };
 }