chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

rotate all keys for everything, add btop & iftop, tune rclone sync better, add rclone-sync-stop-all

Browse source
This commit is contained in:
chaos 2023-09-28 14:04:35 +01:00
parent dd3790c14d
commit 0e9e741ae3
No known key found for this signature in database
9 changed files with 64 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
data/wireguard/chaosInternalWireGuardPubKeys.json
View file

@ -1,7 +1,7 @@
{ {
"vault": "u8hSeht8xR48O9AN+0cSsXPK0ZZFNcnPhOxdc+rsrlI=", "vault": "0jGdR0yBnjY5CUCQpqWIaWAfgT36QdGdhZXtaAV+MkE=",
"raspberry": "Ghrs0ps2RCsg0My9seLq+8ZFZCM4NLZWE8RiY3g9/RU=", "raspberry": "DXXUfkR4qlytdsf37NGzgzVhDxPuhz8oxRcSxOX2fQk=",
"lappy-t495": "8aZBM3f8/qThiHvGlGP1IHLoe61m/3VTwNzCi7CrhF8=", "lappy-t495": "kyykcuDMWy1WRxX97PImEYgwWw8HUbhM53kW6bEyryA=",
"iphone8": "jHPQuWXO5TTBACr4o/tk4bpb+N/x/AjCPGbmqkopOko=", "iphone8": "1u/G60EWg2bo1iyViWAGXs8HXES2zenZCVdD5X+yJi4=",
"hetzner-arm": "2SS9jT6Sba61lB2ayhp+2fz+GN706Jr1Ydr6/RveqUQ=" "hetzner-arm": "rCkptlaz5IFSZ+4OPaylbyKVoUwYNWBNkaT63QApymA="
} }

48
flake.lock
View file

@ -47,11 +47,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694166985, "lastModified": 1695831427,
"narHash": "sha256-8tVqDfKfZ4vbOV5i+E2xWhiNAQVJhaI6shx3e0925S8=", "narHash": "sha256-wyWgooFXg8SLF1DYMLU4JP6aB/zkwRCLBajO8sIeHQM=",
"owner": "ChaotiCryptidz", "owner": "ChaotiCryptidz",
"repo": "gitlab_archiver", "repo": "gitlab_archiver",
"rev": "4aac975a7cc375084c7f9eb4bc60a1c0948c1c28", "rev": "090ace071629556b50087a2e80f9255340b286df",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -73,11 +73,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694166776, "lastModified": 1695831616,
"narHash": "sha256-wMTnkW98Fx/BpRpSABf9b0PlruVnzd4m3zEQaopE2+o=", "narHash": "sha256-86pme6c8WtplRoZVcZp/zjsq9XnGuBjPrO6V/pAmW94=",
"owner": "ChaotiCryptidz", "owner": "ChaotiCryptidz",
"repo": "gitlab_artifacts_sync", "repo": "gitlab_artifacts_sync",
"rev": "09a5988927a3493585357f5d61abdce3a9e4da17", "rev": "5099274ccff8fae50979ce94eb5287c3dcf5b914",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -93,11 +93,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695224363, "lastModified": 1695738267,
"narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=", "narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00", "rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -119,11 +119,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694166910, "lastModified": 1695831628,
"narHash": "sha256-6Vxz6H4H3bfl1PUCeHTmIKg96PHwJEzkE7XRN09y5nM=", "narHash": "sha256-UyVJXVWjbZ4TLgCeOVYUE44ekfD5duUfA2akoc1VGj0=",
"owner": "ChaotiCryptidz", "owner": "ChaotiCryptidz",
"repo": "musicutil", "repo": "musicutil",
"rev": "7580e1fd0164e414a11e03c1037b37722160df25", "rev": "0e9aceb2b9b418f876a5fcd549420edbf8e8fdcb",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -134,11 +134,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1694959747, "lastModified": 1695644571,
"narHash": "sha256-CXQ2MuledDVlVM5dLC4pB41cFlBWxRw4tCBsFrq3cRk=", "narHash": "sha256-asS9dCCdlt1lPq0DLwkVBbVoEKuEuz+Zi3DG7pR/RxA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "970a59bd19eff3752ce552935687100c46e820a5", "rev": "6500b4580c2a1f3d0f980d32d285739d8e156d92",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -150,11 +150,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1695239195, "lastModified": 1695844033,
"narHash": "sha256-0wA8qj7pssnjYAHyt57Js+i96qycM6b0cYXy/nzpBCc=", "narHash": "sha256-UX5sbK9dc/bOupgDGWer75zBjoh7eWIheyGGCjD7FIg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "e088ab8be212d3c2c5eeb36bac25d384b4dda779", "rev": "f08568d903901b7ac1017572b9af9855e935155a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -176,11 +176,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695255877, "lastModified": 1695847501,
"narHash": "sha256-QKRrwgVS0hHP34IqxjdTC0Lpp7mBVeqFNX22Lbqgmh8=", "narHash": "sha256-UxYiNfUApZ6IYJ0U83CzRBSRvmApDHMWa5o9WT99ukM=",
"owner": "ChaotiCryptidz", "owner": "ChaotiCryptidz",
"repo": "piped-flake", "repo": "piped-flake",
"rev": "76f688b1e63ce9ef2b2435cd64e30d10d98fa9cd", "rev": "2a03d86df5075f5060704bb68742af2ace8973e3",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -268,11 +268,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694618271, "lastModified": 1695831820,
"narHash": "sha256-8y2/x27QkhRtTZ/3A0HOmfNJT0hDSk+2ZSGyKB46Q40=", "narHash": "sha256-ZhSQqGg32WA/WYsjPMuYU96GgyljszPcjvc+GBLZVpY=",
"owner": "ChaotiCryptidz", "owner": "ChaotiCryptidz",
"repo": "VaultUI", "repo": "VaultUI",
"rev": "6365eb49cec7eb8a76a24160b25363cf4a8bfa40", "rev": "d5fc05612e44cc2c8307186b0d36f7022d7a2f91",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {

2
home/dev/all/info.nix
View file

@ -1,3 +1,3 @@
{pkgs, ...}: { {pkgs, ...}: {
home.packages = with pkgs; [neofetch inxi htop pciutils usbutils iotop iptraf-ng]; home.packages = with pkgs; [neofetch inxi btop htop pciutils usbutils iotop iptraf-ng];
} }

2
home/dev/all/network.nix
View file

@ -9,5 +9,7 @@
openssh openssh
nmap nmap
tcpdump tcpdump
iftop
speedtest-cli
]; ];
} }

7
hosts/hetzner-arm/containers/storage/profiles/rcloneSync.nix
View file

@ -10,11 +10,16 @@
wants = ["auto-secrets.service"]; wants = ["auto-secrets.service"];
}; };
timerConfig = { timerConfig = {
OnStartupSec = "60"; OnStartupSec = "120";
OnCalendar = "4h"; OnCalendar = "4h";
}; };
extraArgs = [ extraArgs = [
"--fast-list" "--fast-list"
"--check-first"
"--delete-before"
"--b2-upload-concurrency=4"
"--transfers=4"
"--bwlimit 80M"
]; ];
}) [ }) [
# My B2 # My B2

20
hosts/hetzner-arm/containers/storage/rclone_config.template
View file

@ -1,4 +1,4 @@
[StorageBox-Remote] [StorageBox-Remote-WebDAV]
type = webdav type = webdav
vendor = other vendor = other
host = u323231.your-storagebox.de host = u323231.your-storagebox.de
@ -6,6 +6,22 @@ url = https://u323231.your-storagebox.de
user = u323231 user = u323231
pass = STORAGEBOX_PASSWORD pass = STORAGEBOX_PASSWORD
[StorageBox-Remote-SFTP]
type = sftp
host = u323231.your-storagebox.de
user = u323231
port = 23
pass = STORAGEBOX_PASSWORD
shell_type = unix
md5sum_command = md5 -r
sha1sum_command = sha1 -r
# Can change which protocol to use at runtime by editing config
# after deploy or redeploying with different alias if storagebox breaks
[StorageBox-Remote]
type = alias
remote = StorageBox-Remote-SFTP:
[StorageBox-Hasher] [StorageBox-Hasher]
type = hasher type = hasher
remote = StorageBox-Remote: remote = StorageBox-Remote:
@ -101,4 +117,4 @@ password2 = STORAGE_MEDIA_CRYPT_SALT
[Media-Combine-Serve] [Media-Combine-Serve]
type = combine type = combine
upstreams = "Media=Storage-Media-Crypt:" "PutIO=PutIO-WebDAV:" upstreams = "Media=Storage-Media-Crypt:" "PutIO=PutIO-WebDAV:"

6
modules/nixos/rclone-sync.nix
View file

@ -84,6 +84,12 @@ in {
(mkIf (cfg.enable && cfg.syncJobs != []) { (mkIf (cfg.enable && cfg.syncJobs != []) {
environment.systemPackages = environment.systemPackages =
[ [
(pkgs.writeShellScriptBin "rclone-sync-stop-all" (concatStringsSep "\n" (map (
job: ''
systemctl stop rclone-sync-${job.id}.service
''
)
cfg.syncJobs)))
(pkgs.writeShellScriptBin "rclone-sync-all" (concatStringsSep "\n" (map ( (pkgs.writeShellScriptBin "rclone-sync-all" (concatStringsSep "\n" (map (
job: '' job: ''
${pkgs.rclone}/bin/rclone sync ${job.source} ${job.dest} ${concatStringsSep " " job.extraArgs} -P $@ ${pkgs.rclone}/bin/rclone sync ${job.source} ${job.dest} ${concatStringsSep " " job.extraArgs} -P $@

2
users/chaos.nix
View file

@ -15,7 +15,7 @@
"rtkit" "rtkit"
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAeN3T1aZkTm5xS0b66cRDyKUbdEQCFyzVWXeW+eIbsa chaos@chaos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZpvkllLt7HinNpisOx7hWT2br68UoCg0sXKTxHEeUB chaos@chaos"
]; ];
}; };
} }

2
users/root.nix
View file

@ -1,7 +1,7 @@
{...}: { {...}: {
users.users.root = { users.users.root = {
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAeN3T1aZkTm5xS0b66cRDyKUbdEQCFyzVWXeW+eIbsa chaos@chaos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZpvkllLt7HinNpisOx7hWT2br68UoCg0sXKTxHEeUB chaos@chaos"
]; ];
}; };
} }