Compare commits
7 Commits
master
...
vpn-and-vo
Author | SHA1 | Date |
---|---|---|
Illia Chub | d1620a9680 | |
Illia Chub | 8878832ff9 | |
Illia Chub | cccbd177be | |
Inex Code | 2a15727170 | |
Inex Code | 84e0ae01f9 | |
Inex Code | 9f54887254 | |
Inex Code | b79acbaf6a |
|
@ -1,3 +1 @@
|
|||
userdata/userdata.json
|
||||
hardware-configuration.nix
|
||||
networking.nix
|
||||
userdata/userdata.json
|
|
@ -4,13 +4,19 @@ let
|
|||
in
|
||||
{
|
||||
services.restic.backups = {
|
||||
options = {
|
||||
passwordFile = "/etc/restic/resticPasswd";
|
||||
repository = "s3:s3.anazonaws.com/${cfg.backblaze.bucket}";
|
||||
varBackup = {
|
||||
passwordFile = "/var/lib/restic/pass";
|
||||
repository = "rclone:${cfg.backblaze.bucket}:/sfbackup";
|
||||
extraOptions = [ "rclone.args='serve restic --stdio'" ];
|
||||
rcloneConfig = {
|
||||
type = "b2";
|
||||
account = cfg.backblaze.accountId;
|
||||
key = cfg.backblaze.accountKey;
|
||||
hard_delete = false;
|
||||
};
|
||||
initialize = true;
|
||||
paths = [
|
||||
"/var/dkim"
|
||||
"/var/vmail"
|
||||
"/var"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = [ "daily" ];
|
||||
|
@ -25,11 +31,4 @@ in
|
|||
isNormalUser = false;
|
||||
isSystemUser = true;
|
||||
};
|
||||
environment.etc."restic/resticPasswd".text = ''
|
||||
${cfg.resticPassword}
|
||||
'';
|
||||
environment.etc."restic/s3Passwd".text = ''
|
||||
AWS_ACCESS_KEY_ID=${cfg.backblaze.accountId}
|
||||
AWS_SECRET_ACCESS_KEY=${cfg.backblaze.accountKey}
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -6,7 +6,6 @@ in
|
|||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
./variables-module.nix
|
||||
./variables.nix
|
||||
./files.nix
|
||||
|
@ -34,9 +33,14 @@ in
|
|||
boot.cleanTmpDir = true;
|
||||
networking = {
|
||||
hostName = config.services.userdata.hostname;
|
||||
usePredictableInterfaceNames = false;
|
||||
firewall = {
|
||||
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
|
||||
allowedUDPPorts = lib.mkForce [ 8443 ];
|
||||
extraCommands = ''
|
||||
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
|
||||
iptables --append FORWARD --in-interface vpn00 -j ACCEPT
|
||||
'';
|
||||
};
|
||||
nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
||||
};
|
||||
|
@ -84,4 +88,4 @@ in
|
|||
enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
}
|
|
@ -22,10 +22,11 @@ in
|
|||
'';
|
||||
in
|
||||
[
|
||||
(if cfg.bitwarden.enable then "d /var/lib/bitwarden 0777 bitwarden_rs bitwarden_rs -" else "")
|
||||
(if cfg.bitwarden.enable then "d /var/lib/bitwarden/backup 0777 bitwarden_rs bitwarden_rs -" else "")
|
||||
(if cfg.bitwarden.enable then "d /var/lib/bitwarden 0777 vaultwarden vaultwarden -" else "")
|
||||
(if cfg.bitwarden.enable then "d /var/lib/bitwarden/backup 0777 vaultwarden vaultwarden -" else "")
|
||||
(if cfg.pleroma.enable then "d /var/lib/pleroma 0700 pleroma pleroma - -" else "")
|
||||
"d /var/lib/restic 0600 restic - - -"
|
||||
"d /var 0760 root shared - -"
|
||||
"d /var/lib/restic 0700 restic - - -"
|
||||
"f+ /var/lib/restic/pass 0400 restic - - ${resticPass}"
|
||||
"f+ /root/.config/rclone/rclone.conf 0400 root root - ${rcloneConfig}"
|
||||
(if cfg.pleroma.enable then "f /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
{ modulesPath, ... }:
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
fileSystems = {
|
||||
"/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||
"/var" = { device = "/dev/sdb"; fsType = "ext4"; };
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue