chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

add restic backups and change domains for deploy

Browse source
This commit is contained in:
ChaotiCryptidz 2021-12-29 12:26:15 +00:00
parent b67848affc
commit d857958abc
4 changed files with 44 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
home/base/ssh.nix Normal file
View file

@ -0,0 +1,13 @@
{...}: {
programs.ssh.enable = true;
programs.ssh.matchBlocks = {
"lappy" = {
user = "lappy.tailscale-internal.owo.monster";
hostname = "100.115.10.34";
};
"hetzner-vm" = {
user = "root";
hostname = "hetzner-vm.tailscale-internal.owo.monster";
};
};
}

17
hosts/hetzner-vm/hetzner-vm.nix
View file

@ -8,6 +8,7 @@
profiles.tailscale profiles.tailscale
profiles.sshd profiles.sshd
hosts.hetzner-vm.services.restic
hosts.hetzner-vm.services.nginx hosts.hetzner-vm.services.nginx
hosts.hetzner-vm.services.invidious hosts.hetzner-vm.services.invidious
hosts.hetzner-vm.services.vault hosts.hetzner-vm.services.vault
@ -33,12 +34,20 @@
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowPing = false; networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
users.users.root.openssh.authorizedKeys.keys = [ networking.enableIPv6 = true;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4L1eBZzYXZNGBucTn/eOFp48el9JPiYt9iXQDpBSg/ chaoticryptidz@owo.monster" networking.usePredictableInterfaceNames = false;
]; networking.dhcpcd.enable = true;
systemd.network = {
enable = true;
networks.eth0 = {
name = "eth0";
address = ["2a01:4f9:c010:8beb::/64"];
gateway = [ "fe80::1" ];
};
};
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";

16
hosts/hetzner-vm/services/restic.nix Normal file
View file

@ -0,0 +1,16 @@
{...}: {
services.restic.backups.hetzner-vm = {
user = "root";
paths = [
"/var/lib/postgresql"
"/var/lib/vault"
];
timerConfig = {
OnBootSec = "1m";
OnCalendar = "daily";
};
repository = "/root/backup";
passwordFile = "/secrets/restic-password";
environmentFile = "/secrets/restic-env";
};
}

4
outputs.nix
View file

@ -30,7 +30,7 @@ in {
nixosConfigurations = import ./hosts ({ inherit tree; } // inputs); nixosConfigurations = import ./hosts ({ inherit tree; } // inputs);
deploy.nodes.lappy = { deploy.nodes.lappy = {
hostname = "100.115.10.34"; hostname = "lappy.tailscale-internal.owo.monster";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos path = deploy-rs.lib.x86_64-linux.activate.nixos
@ -38,7 +38,7 @@ in {
}; };
}; };
deploy.nodes.hetzner-vm = { deploy.nodes.hetzner-vm = {
hostname = "100.116.159.25"; hostname = "hetzner-vm.tailscale-internal.owo.monster";
username = "root"; username = "root";
profiles.system = { profiles.system = {
user = "root"; user = "root";