2022-10-27 16:25:26 +01:00
|
|
|
{ modulesPath, tree, config, pkgs, lib, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = with tree; [
|
|
|
|
users.root
|
|
|
|
users.chaos
|
|
|
|
|
|
|
|
profiles.base
|
|
|
|
profiles.tailscale
|
|
|
|
profiles.sshd
|
|
|
|
|
|
|
|
./hardware.nix
|
|
|
|
./misc.nix
|
|
|
|
];
|
|
|
|
|
2022-10-27 20:27:22 +01:00
|
|
|
users.groups.storage = { };
|
|
|
|
users.users.storage = {
|
|
|
|
isNormalUser = true;
|
|
|
|
extraGroups = [ "storage" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.populate-rclone-config = {
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
after = [ "network.target" ];
|
|
|
|
path = with pkgs; [ bash rclone vault getent jq ];
|
|
|
|
script = let
|
|
|
|
vault_username = "storage";
|
|
|
|
vault_password_file = "/secrets/vault_password";
|
|
|
|
in ''
|
|
|
|
mkdir -p /home/storage/.config/rclone
|
|
|
|
|
|
|
|
VAULT_ADDR="https://vault.owo.monster" bash ${
|
|
|
|
./populate-rclone-config.sh
|
|
|
|
} ${vault_username} ${vault_password_file} ${
|
|
|
|
./rclone_config.template
|
|
|
|
} /home/storage/.config/rclone/rclone.conf
|
|
|
|
chown storage:storage /home/storage/.config/rclone/rclone.conf
|
|
|
|
chmod 660 /home/storage/.config/rclone/rclone.conf
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.storage-mount = {
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2022-10-28 13:56:51 +01:00
|
|
|
after = [ "network.target" ];
|
|
|
|
wants = [ "populate-rclone-config.service" ];
|
|
|
|
|
|
|
|
path = with pkgs; [ bash rclone mount umount ];
|
2022-10-27 20:27:22 +01:00
|
|
|
script = ''
|
|
|
|
set -e
|
2022-10-28 13:56:51 +01:00
|
|
|
umount /storage -fl || true
|
|
|
|
sleep 2
|
|
|
|
rclone --config /home/storage/.config/rclone/rclone.conf mount StorageBox: /storage --allow-non-empty
|
2022-10-27 20:27:22 +01:00
|
|
|
'';
|
|
|
|
};
|
2022-10-27 16:25:26 +01:00
|
|
|
|
2022-10-27 20:27:22 +01:00
|
|
|
security.acme = {
|
|
|
|
defaults = { email = "chaoticryptidz@owo.monster"; };
|
|
|
|
acceptTerms = true;
|
|
|
|
};
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
commonHttpConfig = "";
|
|
|
|
clientMaxBodySize = "512m";
|
|
|
|
serverNamesHashBucketSize = 1024;
|
|
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
|
|
|
services.rclone-serve = {
|
|
|
|
enable = true;
|
2022-10-28 13:56:51 +01:00
|
|
|
remotes = [
|
|
|
|
{
|
|
|
|
user = "storage";
|
|
|
|
remote = "StorageBox:";
|
|
|
|
type = "webdav";
|
|
|
|
wants = [ "populate-rclone-config.service" ];
|
|
|
|
extraArgs = [ "--addr=:4242" "--htpasswd=/secrets/webdav_htpasswd" ];
|
|
|
|
}
|
|
|
|
{
|
|
|
|
user = "storage";
|
|
|
|
remote = "StorageBox:Chaos-Backups/HetznerVM";
|
|
|
|
type = "restic";
|
|
|
|
wants = [ "populate-rclone-config.service" ];
|
|
|
|
extraArgs = [
|
|
|
|
"--addr=:4243"
|
|
|
|
"--htpasswd=/secrets/restic_hetznervm_htpasswd"
|
|
|
|
"--baseurl=/HetznerVM/"
|
|
|
|
];
|
|
|
|
}
|
|
|
|
{
|
|
|
|
user = "storage";
|
|
|
|
remote = "StorageBox:Chaos-Backups/Music";
|
|
|
|
type = "restic";
|
|
|
|
wants = [ "populate-rclone-config.service" ];
|
|
|
|
extraArgs = [
|
|
|
|
"--addr=:4244"
|
|
|
|
"--htpasswd=/secrets/restic_music_htpasswd"
|
|
|
|
"--baseurl=/Music/"
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."storage-webdav.owo.monster" = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
locations = { "/".proxyPass = "http://localhost:4242"; };
|
2022-10-27 20:27:22 +01:00
|
|
|
};
|
|
|
|
|
2022-10-28 13:56:51 +01:00
|
|
|
services.nginx.virtualHosts."storage-restic.owo.monster" = {
|
2022-10-27 20:27:22 +01:00
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
2022-10-28 13:56:51 +01:00
|
|
|
locations = {
|
|
|
|
"/HetznerVM/".proxyPass = "http://localhost:4243";
|
|
|
|
"/Music/".proxyPass = "http://localhost:4244";
|
|
|
|
};
|
2022-10-27 20:27:22 +01:00
|
|
|
};
|
|
|
|
|
2022-10-28 13:56:51 +01:00
|
|
|
services.rclone-sync = {
|
|
|
|
enable = true;
|
|
|
|
user = "storage";
|
|
|
|
sync_jobs = [
|
|
|
|
{
|
|
|
|
source = "StorageBox:Chaos-Backups";
|
|
|
|
dest = "B2-Chaos-Backups:";
|
|
|
|
wants = [ "populate-rclone-config.service" ];
|
|
|
|
timerConfig = {
|
|
|
|
OnStartupSec = "60";
|
|
|
|
OnCalendar = "4h";
|
|
|
|
};
|
|
|
|
}
|
|
|
|
{
|
|
|
|
source = "StorageBox:Chaos-Photos";
|
|
|
|
dest = "B2-Chaos-Photos:";
|
|
|
|
wants = [ "populate-rclone-config.service" ];
|
|
|
|
timerConfig = {
|
|
|
|
OnStartupSec = "60";
|
|
|
|
OnCalendar = "4h";
|
|
|
|
};
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
rclone
|
|
|
|
cifs-utils
|
|
|
|
apacheHttpd
|
|
|
|
restic
|
|
|
|
];
|
2022-10-27 16:25:26 +01:00
|
|
|
|
|
|
|
home-manager.users.root = {
|
|
|
|
imports = with tree; [ home.base home.dev.small ];
|
|
|
|
home.stateVersion = "22.05";
|
|
|
|
};
|
|
|
|
home-manager.users.chaos = {
|
|
|
|
imports = with tree; [ home.base home.dev.small ];
|
|
|
|
home.stateVersion = "22.05";
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.hostName = "storage";
|
|
|
|
time.timeZone = "Europe/London";
|
|
|
|
|
|
|
|
system.stateVersion = "21.11";
|
|
|
|
}
|
|
|
|
|