2022-12-04 13:45:43 +00:00
|
|
|
{
|
|
|
|
|
tree,
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: let
|
2022-11-15 14:52:49 +00:00
|
|
|
secrets = config.services.secrets.secrets;
|
2022-11-02 11:32:03 +00:00
|
|
|
in {
|
2022-10-27 16:25:26 +01:00
|
|
|
imports = with tree; [
|
|
|
|
|
users.root
|
|
|
|
|
|
|
|
|
|
profiles.base
|
|
|
|
|
profiles.sshd
|
2022-11-02 10:24:47 +00:00
|
|
|
profiles.nix-gc
|
|
|
|
|
profiles.nginx
|
2022-10-27 16:25:26 +01:00
|
|
|
|
2022-11-15 14:52:49 +00:00
|
|
|
hosts.storage.profiles.wireguard
|
|
|
|
|
hosts.storage.profiles.rclone-serve
|
|
|
|
|
hosts.storage.profiles.rclone-sync
|
|
|
|
|
|
2022-10-27 16:25:26 +01:00
|
|
|
./hardware.nix
|
2022-11-02 10:24:47 +00:00
|
|
|
./networking.nix
|
2022-11-02 11:32:03 +00:00
|
|
|
./secrets.nix
|
2022-10-27 16:25:26 +01:00
|
|
|
];
|
|
|
|
|
|
2022-11-02 10:24:47 +00:00
|
|
|
systemd.tmpfiles.rules = [
|
2022-11-17 12:06:16 +00:00
|
|
|
"d /root/.config - root root"
|
|
|
|
|
"d /root/.config/rclone - root root"
|
|
|
|
|
"L /root/.config/rclone/rclone.conf - - - - ${secrets.rclone_config.path}"
|
|
|
|
|
|
|
|
|
|
"d /home/storage/.config - storage storage"
|
|
|
|
|
"d /home/storage/.config/rclone - storage storage"
|
|
|
|
|
"L /home/storage/.config/rclone/rclone.conf - - - - ${secrets.rclone_config.path}"
|
2022-11-02 10:24:47 +00:00
|
|
|
];
|
|
|
|
|
|
2022-11-17 12:06:16 +00:00
|
|
|
home-manager.users.root = {
|
2022-12-04 13:45:43 +00:00
|
|
|
imports = with tree; [home.base home.dev.small];
|
2022-11-17 12:06:16 +00:00
|
|
|
home.stateVersion = "22.05";
|
|
|
|
|
};
|
|
|
|
|
|
2022-12-04 13:45:43 +00:00
|
|
|
users.groups.storage = {};
|
2022-10-27 20:27:22 +01:00
|
|
|
users.users.storage = {
|
|
|
|
|
isNormalUser = true;
|
2022-12-04 13:45:43 +00:00
|
|
|
extraGroups = ["storage"];
|
2022-10-27 20:27:22 +01:00
|
|
|
};
|
|
|
|
|
|
2022-11-15 14:52:49 +00:00
|
|
|
systemd.services.init-secrets = {
|
2022-12-04 13:45:43 +00:00
|
|
|
wantedBy = ["multi-user.target"];
|
|
|
|
|
after = ["network.target"];
|
|
|
|
|
path = with pkgs; [bash vault getent];
|
2022-10-27 20:27:22 +01:00
|
|
|
script = let
|
|
|
|
|
vault_username = "storage";
|
2022-11-15 14:52:49 +00:00
|
|
|
vault_password_file = "${secrets.vault_password.path}";
|
2022-10-27 20:27:22 +01:00
|
|
|
in ''
|
2022-11-15 14:52:49 +00:00
|
|
|
VAULT_ADDR="https://vault.owo.monster" \
|
|
|
|
|
vault login -no-print -method=userpass username=${vault_username} password=$(cat ${vault_password_file})
|
|
|
|
|
/run/current-system/sw/bin/secrets-init
|
2022-10-27 20:27:22 +01:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services.storage-mount = {
|
2022-12-04 13:45:43 +00:00
|
|
|
wantedBy = ["multi-user.target"];
|
|
|
|
|
after = ["network.target" "secrets-init.service"];
|
|
|
|
|
partOf = ["secrets-init.service"];
|
2022-10-28 13:56:51 +01:00
|
|
|
|
2022-12-04 13:45:43 +00:00
|
|
|
path = with pkgs; [bash rclone mount umount];
|
2022-10-27 20:27:22 +01:00
|
|
|
script = ''
|
|
|
|
|
set -e
|
2022-10-28 13:56:51 +01:00
|
|
|
umount /storage -fl || true
|
|
|
|
|
sleep 2
|
2022-11-17 12:06:16 +00:00
|
|
|
rclone --config ${secrets.rclone_config.path} mount StorageBox: /storage --allow-non-empty
|
2022-10-27 20:27:22 +01:00
|
|
|
'';
|
|
|
|
|
};
|
2022-10-27 16:25:26 +01:00
|
|
|
|
2022-10-28 13:56:51 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
rclone
|
|
|
|
|
cifs-utils
|
|
|
|
|
apacheHttpd
|
|
|
|
|
restic
|
|
|
|
|
];
|
2022-10-27 16:25:26 +01:00
|
|
|
|
|
|
|
|
networking.hostName = "storage";
|
|
|
|
|
time.timeZone = "Europe/London";
|
|
|
|
|
|
2022-11-23 15:58:12 +00:00
|
|
|
system.stateVersion = "22.05";
|
2022-10-27 16:25:26 +01:00
|
|
|
}
|
