Compare commits
No commits in common. "f74470e5ff83fedc38df7fd9163d240893609ae5" and "32aa2cd6acdf122da28716b994e99313244f560e" have entirely different histories.
f74470e5ff
...
32aa2cd6ac
|
@ -58,8 +58,8 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||||
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||||
allowedTCPPorts = [ 7000 7100 22000 ];
|
allowedTCPPorts = [ 7000 7100 ];
|
||||||
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
|
allowedUDPPorts = [ 6000 6001 7011 41641 3478 ];
|
||||||
trustedInterfaces = [ "tailscale0" ];
|
trustedInterfaces = [ "tailscale0" ];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
};
|
};
|
||||||
|
|
|
@ -7,16 +7,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
age.secrets.action-token.file = ../../secrets/vancouver-action-runner.age;
|
age.secrets.action-token.file = ../../secrets/vancouver-action-runner.age;
|
||||||
age.secrets.restic-b2-credentials = {
|
|
||||||
file = ../../secrets/vancouver-restic-b2.age;
|
|
||||||
group = "users";
|
|
||||||
mode = "770";
|
|
||||||
};
|
|
||||||
age.secrets.restic-password = {
|
|
||||||
file = ../../secrets/vancouver-restic-password.age;
|
|
||||||
group = "users";
|
|
||||||
mode = "770";
|
|
||||||
};
|
|
||||||
nix = {
|
nix = {
|
||||||
settings = {
|
settings = {
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
|
@ -35,29 +26,6 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
restic = {
|
|
||||||
backups = {
|
|
||||||
"gsimmer" = {
|
|
||||||
user = "gsimmer";
|
|
||||||
environmentFile = config.age.secrets.restic-b2-credentials.path;
|
|
||||||
repository = "s3:s3.us-west-000.backblazeb2.com/gsimmer-backup";
|
|
||||||
paths = [
|
|
||||||
"/Primary/gabriel/projects"
|
|
||||||
];
|
|
||||||
passwordFile = config.age.secrets.restic-password.path;
|
|
||||||
initialize = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
syncthing = {
|
|
||||||
enable = true;
|
|
||||||
overrideDevices = false;
|
|
||||||
overrideFolders = false;
|
|
||||||
user = "gsimmer";
|
|
||||||
dataDir = "/Primary/gabriel";
|
|
||||||
#configDir = "/Primary/gsimmer/.config/syncthing";
|
|
||||||
guiAddress = "100.116.48.47:8384";
|
|
||||||
};
|
|
||||||
prometheus.exporters = {
|
prometheus.exporters = {
|
||||||
blackbox = {
|
blackbox = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -319,8 +287,8 @@
|
||||||
trustedInterfaces = ["tailscale0" "virbr0"];
|
trustedInterfaces = ["tailscale0" "virbr0"];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [ 22 53 80 443 2049 4328 5432 9100 22000 ];
|
allowedTCPPorts = [ 22 53 80 443 2049 4328 5432 9100 ];
|
||||||
allowedUDPPorts = [ 53 41641 22000 21027 ];
|
allowedUDPPorts = [ 53 41641 ];
|
||||||
};
|
};
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
bridges = {
|
bridges = {
|
||||||
|
|
|
@ -53,6 +53,11 @@ end
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.syncthing = {
|
||||||
|
enable = true;
|
||||||
|
extraOptions = [ "--gui-address=100.116.48.47:8384" ];
|
||||||
|
};
|
||||||
|
|
||||||
programs.direnv = {
|
programs.direnv = {
|
||||||
enable = true;
|
enable = true;
|
||||||
nix-direnv.enable = true;
|
nix-direnv.enable = true;
|
||||||
|
|
|
@ -7,6 +7,4 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"secrets/vancouver-action-runner.age".publicKeys = [ vancouver gsimmer ];
|
"secrets/vancouver-action-runner.age".publicKeys = [ vancouver gsimmer ];
|
||||||
"secrets/vancouver-restic-b2.age".publicKeys = [ vancouver gsimmer ];
|
|
||||||
"secrets/vancouver-restic-password.age".publicKeys = [ vancouver gsimmer ];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 oN6OTQ PC5ymJfXdL7Sl6t9CZTHICM97yfL3HixOR+OM2y7WQU
|
|
||||||
DPMKLTO/jNLd/u4Noy1tHE4iel93UlMEbDdmg1T8nJE
|
|
||||||
-> ssh-ed25519 qbziOw djby2UiTzKMppoToJxKXsocO1P/S8nKf4pQhble2JHY
|
|
||||||
Ww4VtVRPS57GFYNBaIo72zVJCsQb4+WQiJLw/OztB4I
|
|
||||||
-> Rf?-grease oTgL3-F LWSk
|
|
||||||
M/o0QQ7c488WiXoMDNwRbV2ZGwRTS7KfYIXpIbOkFC9q1+QRk6OWtki19GVcrcYX
|
|
||||||
diOQleh7G0fSkQxbz+5rqgS+sFRw
|
|
||||||
--- BEqzzXxyIsyQMepZGMa/eG439AjU4yazzjaJD7gsWs4
|
|
||||||
´TÛü´°0“OQŒÍ•î¢Ö9¯žEAêm3
|
|
||||||
søW¹:—„ô¥8v¤5Æñ=kò'4g+¹°ÜÄXz&Êš‚¦^ô°öÙ…–bËctªÔYâªzhâ8ázÖ÷žÞñ=S´KBŒwûO<C3BB>êYåÚú ž7^NŸÁ[€áG¬®ð8
|
|
Binary file not shown.
Loading…
Reference in a new issue