Compare commits
2 commits
32aa2cd6ac
...
f74470e5ff
Author | SHA1 | Date | |
---|---|---|---|
Gabriel Simmer | f74470e5ff | ||
Gabriel Simmer | e12c0312bb |
|
@ -58,8 +58,8 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||||
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||||
allowedTCPPorts = [ 7000 7100 ];
|
allowedTCPPorts = [ 7000 7100 22000 ];
|
||||||
allowedUDPPorts = [ 6000 6001 7011 41641 3478 ];
|
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
|
||||||
trustedInterfaces = [ "tailscale0" ];
|
trustedInterfaces = [ "tailscale0" ];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
};
|
};
|
||||||
|
|
|
@ -7,7 +7,16 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
age.secrets.action-token.file = ../../secrets/vancouver-action-runner.age;
|
age.secrets.action-token.file = ../../secrets/vancouver-action-runner.age;
|
||||||
|
age.secrets.restic-b2-credentials = {
|
||||||
|
file = ../../secrets/vancouver-restic-b2.age;
|
||||||
|
group = "users";
|
||||||
|
mode = "770";
|
||||||
|
};
|
||||||
|
age.secrets.restic-password = {
|
||||||
|
file = ../../secrets/vancouver-restic-password.age;
|
||||||
|
group = "users";
|
||||||
|
mode = "770";
|
||||||
|
};
|
||||||
nix = {
|
nix = {
|
||||||
settings = {
|
settings = {
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
|
@ -26,6 +35,29 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
restic = {
|
||||||
|
backups = {
|
||||||
|
"gsimmer" = {
|
||||||
|
user = "gsimmer";
|
||||||
|
environmentFile = config.age.secrets.restic-b2-credentials.path;
|
||||||
|
repository = "s3:s3.us-west-000.backblazeb2.com/gsimmer-backup";
|
||||||
|
paths = [
|
||||||
|
"/Primary/gabriel/projects"
|
||||||
|
];
|
||||||
|
passwordFile = config.age.secrets.restic-password.path;
|
||||||
|
initialize = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
syncthing = {
|
||||||
|
enable = true;
|
||||||
|
overrideDevices = false;
|
||||||
|
overrideFolders = false;
|
||||||
|
user = "gsimmer";
|
||||||
|
dataDir = "/Primary/gabriel";
|
||||||
|
#configDir = "/Primary/gsimmer/.config/syncthing";
|
||||||
|
guiAddress = "100.116.48.47:8384";
|
||||||
|
};
|
||||||
prometheus.exporters = {
|
prometheus.exporters = {
|
||||||
blackbox = {
|
blackbox = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -287,8 +319,8 @@
|
||||||
trustedInterfaces = ["tailscale0" "virbr0"];
|
trustedInterfaces = ["tailscale0" "virbr0"];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [ 22 53 80 443 2049 4328 5432 9100 ];
|
allowedTCPPorts = [ 22 53 80 443 2049 4328 5432 9100 22000 ];
|
||||||
allowedUDPPorts = [ 53 41641 ];
|
allowedUDPPorts = [ 53 41641 22000 21027 ];
|
||||||
};
|
};
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
bridges = {
|
bridges = {
|
||||||
|
|
|
@ -52,11 +52,6 @@ end
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.syncthing = {
|
|
||||||
enable = true;
|
|
||||||
extraOptions = [ "--gui-address=100.116.48.47:8384" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.direnv = {
|
programs.direnv = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -7,4 +7,6 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"secrets/vancouver-action-runner.age".publicKeys = [ vancouver gsimmer ];
|
"secrets/vancouver-action-runner.age".publicKeys = [ vancouver gsimmer ];
|
||||||
|
"secrets/vancouver-restic-b2.age".publicKeys = [ vancouver gsimmer ];
|
||||||
|
"secrets/vancouver-restic-password.age".publicKeys = [ vancouver gsimmer ];
|
||||||
}
|
}
|
||||||
|
|
11
secrets/vancouver-restic-b2.age
Normal file
11
secrets/vancouver-restic-b2.age
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 oN6OTQ PC5ymJfXdL7Sl6t9CZTHICM97yfL3HixOR+OM2y7WQU
|
||||||
|
DPMKLTO/jNLd/u4Noy1tHE4iel93UlMEbDdmg1T8nJE
|
||||||
|
-> ssh-ed25519 qbziOw djby2UiTzKMppoToJxKXsocO1P/S8nKf4pQhble2JHY
|
||||||
|
Ww4VtVRPS57GFYNBaIo72zVJCsQb4+WQiJLw/OztB4I
|
||||||
|
-> Rf?-grease oTgL3-F LWSk
|
||||||
|
M/o0QQ7c488WiXoMDNwRbV2ZGwRTS7KfYIXpIbOkFC9q1+QRk6OWtki19GVcrcYX
|
||||||
|
diOQleh7G0fSkQxbz+5rqgS+sFRw
|
||||||
|
--- BEqzzXxyIsyQMepZGMa/eG439AjU4yazzjaJD7gsWs4
|
||||||
|
´TÛü´°0“OQŒÍ•î¢Ö9¯žEAêm3
|
||||||
|
søW¹:—„ô¥8v¤5Æñ=kò'4g+¹°ÜÄXz&Êš‚¦^ô°öÙ…–bËctªÔYâªzhâ8ázÖ÷žÞñ=S´KBŒwûO<C3BB>êYåÚú ž7^NŸÁ[€áG¬®ð8
|
BIN
secrets/vancouver-restic-password.age
Normal file
BIN
secrets/vancouver-restic-password.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue