diff --git a/hosts/hetzner-arm/containers/storage/data/rclone_config.template b/hosts/hetzner-arm/containers/storage/data/rclone_config.template index 3177d4f..3d46826 100644 --- a/hosts/hetzner-arm/containers/storage/data/rclone_config.template +++ b/hosts/hetzner-arm/containers/storage/data/rclone_config.template @@ -1,74 +1,15 @@ [Storage] type = combine -upstreams = "Backups=B2-Chaos-Backups:Chaos-Backups" "Photos=B2-Chaos-Photos:Chaos-Photos" "Music=B2-Chaos-Music:Chaos-Music" "Public=B2-Chaos-Public:Chaos-Public" "Notes=Notes:" "Media=Media:" "Personal=B2-Chaos-Personal:Chaos-Personal" "Uploads=B2-Chaos-Uploads:Chaos-Uploads" +upstreams = "Backups=B2:Chaos-Backups" "Photos=B2:Chaos-Photos" "Music=B2:Chaos-Music" "Public=B2:Chaos-Public" "Notes=Notes:" "Personal=B2:Chaos-Personal" "Uploads=B2:Chaos-Uploads" -[B2-Chaos-Backups] +[B2] type = b2 -account = B2_CHAOS_BACKUPS_ACCOUNT -key = B2_CHAOS_BACKUPS_KEY +account = B2_ACCOUNT +key = B2_KEY hard_delete = true -[B2-Chaos-Photos] -type = b2 -account = B2_CHAOS_PHOTOS_ACCOUNT -key = B2_CHAOS_PHOTOS_KEY -hard_delete = true - -[B2-Chaos-Music] -type = b2 -account = B2_CHAOS_MUSIC_ACCOUNT -key = B2_CHAOS_MUSIC_KEY -hard_delete = true - -[B2-Chaos-Personal] -type = b2 -account = B2_CHAOS_PERSONAL_ACCOUNT -key = B2_CHAOS_PERSONAL_KEY -hard_delete = true - -[B2-Chaos-Public] -type = b2 -account = B2_CHAOS_PUBLIC_ACCOUNT -key = B2_CHAOS_PUBLIC_KEY -hard_delete = true - -[B2-Chaos-Notes] -type = b2 -account = B2_CHAOS_NOTES_ACCOUNT -key = B2_CHAOS_NOTES_KEY -hard_delete = true - -[B2-Chaos-Media] -type = b2 -account = B2_CHAOS_MEDIA_ACCOUNT -key = B2_CHAOS_MEDIA_KEY -hard_delete = true - -[B2-Chaos-Uploads] -type = b2 -account = B2_CHAOS_UPLOADS_ACCOUNT -key = B2_CHAOS_UPLOADS_KEY -hard_delete = true - -[B2-Phoenix-Cryptidz-Storage] -type = b2 -account = B2_PHOENIX_CRYPTIDZ_STORAGE_ACCOUNT -key = B2_PHOENIX_CRYPTIDZ_STORAGE_KEY -hard_delete = true - -[Media-Crypt] -type = crypt -remote = B2-Chaos-Media:Chaos-Media -password = STORAGE_MEDIA_CRYPT_PASSWORD -password2 = STORAGE_MEDIA_CRYPT_SALT - -[Media] -type = chunker -remote = Media-Crypt: -chunk_size = 256Mi - [Notes] type = crypt -remote = B2-Chaos-Notes:Chaos-Notes +remote = B2:Chaos-Notes password = STORAGE_NOTES_CRYPT_PASSWORD password2 = STORAGE_NOTES_CRYPT_SALT \ No newline at end of file diff --git a/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix b/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix index b199141..ed29661 100644 --- a/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix +++ b/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix @@ -15,18 +15,18 @@ in { user = "storage"; } // remote) [ - { - id = "main"; - remote = "Storage:"; - type = "webdav"; - extraArgs = [ - "--addr=0.0.0.0:${toString ports.webdav_main}" - "--htpasswd=${secrets.webdav_main_htpasswd.path}" - "--baseurl=/Main/" - "--cache-dir=/caches/main_webdav_serve" - "--vfs-cache-mode=full" - ]; - } + #{ + # id = "main"; + # remote = "Storage:"; + # type = "webdav"; + # extraArgs = [ + # "--addr=0.0.0.0:${toString ports.webdav_main}" + # "--htpasswd=${secrets.webdav_main_htpasswd.path}" + # "--baseurl=/Main/" + # "--cache-dir=/caches/main_webdav_serve" + # "--vfs-cache-mode=full" + # ]; + #} { id = "music-ro"; remote = "Storage:Music"; diff --git a/hosts/hetzner-arm/containers/storage/profiles/rcloneSync.nix b/hosts/hetzner-arm/containers/storage/profiles/rcloneSync.nix deleted file mode 100644 index 2a66088..0000000 --- a/hosts/hetzner-arm/containers/storage/profiles/rcloneSync.nix +++ /dev/null @@ -1,53 +0,0 @@ -{self, ...}: let - backupSchedules = import "${self}/data/backupSchedules.nix"; -in { - services.rclone-sync = { - enable = true; - user = "storage"; - syncJobs = map (syncJob: - syncJob - // { - timerConfig = backupSchedules.remoteBackups; - extraArgs = [ - "--fast-list" - "--check-first" - "--delete-before" - "--b2-upload-concurrency=4" - "--transfers=4" - "--bwlimit 80M" - ]; - }) [ - # Pheonix System's B2 - { - source = "Storage:Backups"; - dest = "B2-Phoenix-Cryptidz-Storage:Phoenix-Cryptidz-Storage/Backups"; - id = "phoenix_b2_backups"; - } - { - source = "Storage:Photos"; - dest = "B2-Phoenix-Cryptidz-Storage:Phoenix-Cryptidz-Storage/Photos"; - id = "phoenix_b2_photos"; - } - { - source = "Storage:Music"; - dest = "B2-Phoenix-Cryptidz-Storage:Phoenix-Cryptidz-Storage/Music"; - id = "phoenix_b2_music"; - } - { - source = "Storage:Personal"; - dest = "B2-Phoenix-Cryptidz-Storage:Phoenix-Cryptidz-Storage/Personal"; - id = "phoenix_b2_personal"; - } - { - source = "Storage:Public"; - dest = "B2-Phoenix-Cryptidz-Storage:Phoenix-Cryptidz-Storage/Public"; - id = "phoenix_b2_public"; - } - { - source = "B2-Chaos-Notes:Chaos-Notes"; - dest = "B2-Phoenix-Cryptidz-Storage:Phoenix-Cryptidz-Storage/Notes"; - id = "phoenix_b2_notes"; - } - ]; - }; -} diff --git a/hosts/hetzner-arm/containers/storage/secrets.nix b/hosts/hetzner-arm/containers/storage/secrets.nix index b937a21..8718559 100644 --- a/hosts/hetzner-arm/containers/storage/secrets.nix +++ b/hosts/hetzner-arm/containers/storage/secrets.nix @@ -8,22 +8,13 @@ }; requiredVaultPaths = [ - "api-keys/data/backblaze/Chaos-Backups" - "api-keys/data/backblaze/Chaos-Photos" - "api-keys/data/backblaze/Chaos-Music" - "api-keys/data/backblaze/Chaos-Personal" - "api-keys/data/backblaze/Chaos-Public" - "api-keys/data/backblaze/Chaos-Media" - "api-keys/data/backblaze/Chaos-Notes" - "api-keys/data/backblaze/Chaos-Uploads" - "api-keys/data/backblaze/Phoenix-Cryptidz-Storage" + "api-keys/data/backblaze/Backblaze" - "api-keys/data/storage/webdav/Main" + #"api-keys/data/storage/webdav/Main" "api-keys/data/storage/webdav/Public" "api-keys/data/storage/webdav/Uploads" "api-keys/data/storage/webdav/Notes" - "private-public-keys/data/rclone/Chaos-Media-Crypt" "private-public-keys/data/rclone/Chaos-Notes-Crypt" ]; @@ -113,17 +104,8 @@ fetchScript = '' cp ${./data/rclone_config.template} "$secretFile" - simple_get_replace_b2 "/api-keys/backblaze/Chaos-Media" "B2_CHAOS_MEDIA" "$secretFile" - simple_get_replace_b2 "/api-keys/backblaze/Chaos-Backups" "B2_CHAOS_BACKUPS" "$secretFile" - simple_get_replace_b2 "/api-keys/backblaze/Chaos-Photos" "B2_CHAOS_PHOTOS" "$secretFile" - simple_get_replace_b2 "/api-keys/backblaze/Chaos-Music" "B2_CHAOS_MUSIC" "$secretFile" - simple_get_replace_b2 "/api-keys/backblaze/Chaos-Personal" "B2_CHAOS_PERSONAL" "$secretFile" - simple_get_replace_b2 "/api-keys/backblaze/Chaos-Public" "B2_CHAOS_PUBLIC" "$secretFile" - simple_get_replace_b2 "/api-keys/backblaze/Chaos-Notes" "B2_CHAOS_NOTES" "$secretFile" - simple_get_replace_b2 "/api-keys/backblaze/Chaos-Uploads" "B2_CHAOS_UPLOADS" "$secretFile" - simple_get_replace_b2 "/api-keys/backblaze/Phoenix-Cryptidz-Storage" "B2_PHOENIX_CRYPTIDZ_STORAGE" "$secretFile" + simple_get_replace_b2 "/api-keys/backblaze/Backblaze" "B2" "$secretFile" - simple_get_replace_crypt "/private-public-keys/rclone/Chaos-Media-Crypt" "STORAGE_MEDIA_CRYPT" "$secretFile" simple_get_replace_crypt "/private-public-keys/rclone/Chaos-Notes-Crypt" "STORAGE_NOTES_CRYPT" "$secretFile" ''; }; diff --git a/hosts/hetzner-arm/containers/storage/storage.nix b/hosts/hetzner-arm/containers/storage/storage.nix index c56de37..8a6bd4e 100644 --- a/hosts/hetzner-arm/containers/storage/storage.nix +++ b/hosts/hetzner-arm/containers/storage/storage.nix @@ -58,7 +58,6 @@ in { (with hosts.hetzner-arm.containers.storage.profiles; [ rcloneConfigs rcloneServe - rcloneSync users ]) diff --git a/hosts/hetzner-arm/secrets.nix b/hosts/hetzner-arm/secrets.nix index 3070c59..bba1129 100644 --- a/hosts/hetzner-arm/secrets.nix +++ b/hosts/hetzner-arm/secrets.nix @@ -15,7 +15,7 @@ "private-public-keys/data/ssh/root@hetzner-arm" "private-public-keys/data/ssh/root@hetzner-arm-decrypt" - "api-keys/data/backblaze/Chaos-Backups" + "api-keys/data/backblaze/Backblaze" "private-public-keys/data/restic/Social" "api-keys/data/chaos_mail/gotosocial" @@ -68,8 +68,8 @@ restic_backups_env = { fetchScript = '' cat << EOF > "$secretFile" - AWS_ACCESS_KEY_ID=$(simple_get "/api-keys/backblaze/Chaos-Backups" .keyID) - AWS_SECRET_ACCESS_KEY=$(simple_get "/api-keys/backblaze/Chaos-Backups" .applicationKey) + AWS_ACCESS_KEY_ID=$(simple_get "/api-keys/backblaze/Backblaze" .keyID) + AWS_SECRET_ACCESS_KEY=$(simple_get "/api-keys/backblaze/Backblaze" .applicationKey) EOF ''; }; diff --git a/hosts/nixos.nix b/hosts/nixos.nix index 6d6fb6e..0a2b9f1 100644 --- a/hosts/nixos.nix +++ b/hosts/nixos.nix @@ -30,7 +30,6 @@ inputs.vaultui.nixosModules.default tree.modules.nixos.rcloneServe - tree.modules.nixos.rcloneSync tree.modules.nixos.secrets tree.modules.nixos.encryptedDrive ]; diff --git a/modules/nixos/rcloneSync.nix b/modules/nixos/rcloneSync.nix deleted file mode 100644 index a3d95b0..0000000 --- a/modules/nixos/rcloneSync.nix +++ /dev/null @@ -1,129 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit (lib.modules) mkIf mkMerge; - inherit (lib.options) mkOption; - inherit (lib.strings) concatStringsSep; - inherit (lib) types; - inherit (builtins) listToAttrs; - - cfg = config.services.rclone-sync; - - daemonService = syncConfig: { - serviceConfig = mkMerge [ - { - Type = "oneshot"; - - User = - if cfg.user != null - then "${cfg.user}" - else "root"; - - ExecStart = "${pkgs.rclone}/bin/rclone sync ${syncConfig.source} ${syncConfig.dest} ${concatStringsSep " " syncConfig.extraArgs} -P"; - } - (mkIf syncConfig.autoRestart { - TimeoutSec = 60; - Restart = "on-failure"; - }) - - syncConfig.serviceConfig - ]; - }; -in { - options = { - services.rclone-sync = { - enable = mkOption { - type = types.bool; - default = false; - }; - - user = mkOption { - type = types.str; - default = null; - }; - - syncJobs = mkOption { - type = types.listOf (types.submodule { - options = { - source = mkOption {type = types.str;}; - dest = mkOption {type = types.str;}; - id = mkOption {type = types.str;}; - - extraArgs = mkOption { - type = types.listOf types.str; - default = []; - }; - - autoRestart = mkOption { - type = types.bool; - default = true; - }; - - timerConfig = mkOption { - type = types.attrs; - default = { - OnStartupSec = "1m"; - OnUnitActiveSec = "2h"; - }; - }; - serviceConfig = mkOption { - type = types.attrs; - default = {}; - }; - }; - }); - default = []; - }; - }; - }; - - config = mkMerge [ - (mkIf (cfg.enable && cfg.syncJobs != []) { - environment.systemPackages = - [ - (pkgs.writeShellScriptBin "rclone-sync-stop-all" (concatStringsSep "\n" (map ( - job: '' - systemctl stop rclone-sync-${job.id}.service - '' - ) - cfg.syncJobs))) - (pkgs.writeShellScriptBin "rclone-sync-all" (concatStringsSep "\n" (map ( - job: '' - ${pkgs.rclone}/bin/rclone sync ${job.source} ${job.dest} ${concatStringsSep " " job.extraArgs} -P $@ - '' - ) - cfg.syncJobs))) - ] - ++ ( - map ( - job: - pkgs.writeShellScriptBin "rclone-manual-sync-${job.id}" '' - exec ${pkgs.rclone}/bin/rclone sync ${job.source} ${job.dest} ${concatStringsSep " " job.extraArgs} -P $@ - '' - ) - cfg.syncJobs - ); - - systemd.services = listToAttrs (map (job: { - name = "rclone-sync-${job.id}"; - value = daemonService job; - }) - cfg.syncJobs); - - systemd.timers = listToAttrs (map (job: let - name = "rclone-sync-${job.id}"; - in { - inherit name; - value = { - wantedBy = ["timers.target"]; - partOf = ["${name}.service"]; - inherit (job) timerConfig; - }; - }) - cfg.syncJobs); - }) - ]; -} diff --git a/presets/nixos/containerBase.nix b/presets/nixos/containerBase.nix index 30aaa53..635494a 100644 --- a/presets/nixos/containerBase.nix +++ b/presets/nixos/containerBase.nix @@ -11,7 +11,6 @@ presets.home-manager.by-user.root.minimalServer modules.nixos.rcloneServe - modules.nixos.rcloneSync modules.nixos.secrets ]) ++ [