Compare commits
2 commits
32aa2cd6ac
...
f74470e5ff
Author | SHA1 | Date | |
---|---|---|---|
Gabriel Simmer | f74470e5ff | ||
Gabriel Simmer | e12c0312bb |
|
@ -58,8 +58,8 @@
|
|||
enable = true;
|
||||
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||
allowedTCPPorts = [ 7000 7100 ];
|
||||
allowedUDPPorts = [ 6000 6001 7011 41641 3478 ];
|
||||
allowedTCPPorts = [ 7000 7100 22000 ];
|
||||
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
checkReversePath = "loose";
|
||||
};
|
||||
|
|
|
@ -7,7 +7,16 @@
|
|||
];
|
||||
|
||||
age.secrets.action-token.file = ../../secrets/vancouver-action-runner.age;
|
||||
|
||||
age.secrets.restic-b2-credentials = {
|
||||
file = ../../secrets/vancouver-restic-b2.age;
|
||||
group = "users";
|
||||
mode = "770";
|
||||
};
|
||||
age.secrets.restic-password = {
|
||||
file = ../../secrets/vancouver-restic-password.age;
|
||||
group = "users";
|
||||
mode = "770";
|
||||
};
|
||||
nix = {
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
|
@ -26,6 +35,29 @@
|
|||
};
|
||||
|
||||
services = {
|
||||
restic = {
|
||||
backups = {
|
||||
"gsimmer" = {
|
||||
user = "gsimmer";
|
||||
environmentFile = config.age.secrets.restic-b2-credentials.path;
|
||||
repository = "s3:s3.us-west-000.backblazeb2.com/gsimmer-backup";
|
||||
paths = [
|
||||
"/Primary/gabriel/projects"
|
||||
];
|
||||
passwordFile = config.age.secrets.restic-password.path;
|
||||
initialize = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
syncthing = {
|
||||
enable = true;
|
||||
overrideDevices = false;
|
||||
overrideFolders = false;
|
||||
user = "gsimmer";
|
||||
dataDir = "/Primary/gabriel";
|
||||
#configDir = "/Primary/gsimmer/.config/syncthing";
|
||||
guiAddress = "100.116.48.47:8384";
|
||||
};
|
||||
prometheus.exporters = {
|
||||
blackbox = {
|
||||
enable = true;
|
||||
|
@ -287,8 +319,8 @@
|
|||
trustedInterfaces = ["tailscale0" "virbr0"];
|
||||
checkReversePath = "loose";
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 53 80 443 2049 4328 5432 9100 ];
|
||||
allowedUDPPorts = [ 53 41641 ];
|
||||
allowedTCPPorts = [ 22 53 80 443 2049 4328 5432 9100 22000 ];
|
||||
allowedUDPPorts = [ 53 41641 22000 21027 ];
|
||||
};
|
||||
useDHCP = false;
|
||||
bridges = {
|
||||
|
|
|
@ -53,11 +53,6 @@ end
|
|||
];
|
||||
};
|
||||
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
extraOptions = [ "--gui-address=100.116.48.47:8384" ];
|
||||
};
|
||||
|
||||
programs.direnv = {
|
||||
enable = true;
|
||||
nix-direnv.enable = true;
|
||||
|
|
|
@ -7,4 +7,6 @@ let
|
|||
in
|
||||
{
|
||||
"secrets/vancouver-action-runner.age".publicKeys = [ vancouver gsimmer ];
|
||||
"secrets/vancouver-restic-b2.age".publicKeys = [ vancouver gsimmer ];
|
||||
"secrets/vancouver-restic-password.age".publicKeys = [ vancouver gsimmer ];
|
||||
}
|
||||
|
|
11
secrets/vancouver-restic-b2.age
Normal file
11
secrets/vancouver-restic-b2.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 oN6OTQ PC5ymJfXdL7Sl6t9CZTHICM97yfL3HixOR+OM2y7WQU
|
||||
DPMKLTO/jNLd/u4Noy1tHE4iel93UlMEbDdmg1T8nJE
|
||||
-> ssh-ed25519 qbziOw djby2UiTzKMppoToJxKXsocO1P/S8nKf4pQhble2JHY
|
||||
Ww4VtVRPS57GFYNBaIo72zVJCsQb4+WQiJLw/OztB4I
|
||||
-> Rf?-grease oTgL3-F LWSk
|
||||
M/o0QQ7c488WiXoMDNwRbV2ZGwRTS7KfYIXpIbOkFC9q1+QRk6OWtki19GVcrcYX
|
||||
diOQleh7G0fSkQxbz+5rqgS+sFRw
|
||||
--- BEqzzXxyIsyQMepZGMa/eG439AjU4yazzjaJD7gsWs4
|
||||
´TÛü´°0“OQŒÍ•î¢Ö9¯žEAêm3
|
||||
søW¹:—„ô¥8v¤5Æñ=kò'4g+¹°ÜÄXz&Êš‚¦^ô°öÙ…–bËctªÔYâªzhâ8ázÖ÷žÞñ=S´KBŒwûO<C3BB>êYåÚú ž7^NŸÁ[€áG¬®ð8
|
BIN
secrets/vancouver-restic-password.age
Normal file
BIN
secrets/vancouver-restic-password.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue