add restic backups and change domains for deploy

2021-12-29 12:26:15 +00:00 · 2021-12-29 12:26:15 +00:00 · d857958abc
parent b67848affc
commit d857958abc
4 changed files with 44 additions and 6 deletions
--- a/home/base/ssh.nix
+++ b/home/base/ssh.nix
@ -0,0 +1,13 @@
+{...}: {
+  programs.ssh.enable = true;
+  programs.ssh.matchBlocks = {
+      "lappy" = {
+          user = "lappy.tailscale-internal.owo.monster";
+          hostname = "100.115.10.34";
+      };
+      "hetzner-vm" = {
+          user = "root";
+          hostname = "hetzner-vm.tailscale-internal.owo.monster";
+      };
+  };
+}
--- a/hosts/hetzner-vm/hetzner-vm.nix
+++ b/hosts/hetzner-vm/hetzner-vm.nix
@ -8,6 +8,7 @@
    profiles.tailscale
    profiles.sshd

+    hosts.hetzner-vm.services.restic
    hosts.hetzner-vm.services.nginx
    hosts.hetzner-vm.services.invidious
    hosts.hetzner-vm.services.vault
@ -33,12 +34,20 @@
  time.timeZone = "Europe/London";

  networking.firewall.enable = true;
-  networking.firewall.allowPing = false;
+  networking.firewall.allowPing = true;
  networking.firewall.allowedTCPPorts = [ 22 ];

-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4L1eBZzYXZNGBucTn/eOFp48el9JPiYt9iXQDpBSg/ chaoticryptidz@owo.monster"
-  ];
+  networking.enableIPv6 = true;
+  networking.usePredictableInterfaceNames = false;
+  networking.dhcpcd.enable = true;
+  systemd.network = {
+    enable = true;
+    networks.eth0 = {
+      name = "eth0";
+      address = ["2a01:4f9:c010:8beb::/64"];
+      gateway = [ "fe80::1" ];
+    };
+  };

  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
--- a/hosts/hetzner-vm/services/restic.nix
+++ b/hosts/hetzner-vm/services/restic.nix
@ -0,0 +1,16 @@
+{...}: {
+    services.restic.backups.hetzner-vm = {
+        user = "root";
+        paths = [
+            "/var/lib/postgresql"
+            "/var/lib/vault"
+        ];
+        timerConfig = {
+            OnBootSec = "1m";
+            OnCalendar = "daily";
+        };
+        repository = "/root/backup";
+        passwordFile = "/secrets/restic-password";
+        environmentFile = "/secrets/restic-env";
+    };
+}
--- a/outputs.nix
+++ b/outputs.nix
@ -30,7 +30,7 @@ in {
  nixosConfigurations = import ./hosts ({ inherit tree; } // inputs);

  deploy.nodes.lappy = {
-    hostname = "100.115.10.34";
+    hostname = "lappy.tailscale-internal.owo.monster";
    profiles.system = {
      user = "root";
      path = deploy-rs.lib.x86_64-linux.activate.nixos
@ -38,7 +38,7 @@ in {
    };
  };
  deploy.nodes.hetzner-vm = {
-    hostname = "100.116.159.25";
+    hostname = "hetzner-vm.tailscale-internal.owo.monster";
    username = "root";
    profiles.system = {
      user = "root";