chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity
nixfiles/hosts/storage/storage.nix
Chaos ce7165e391
run deadnix on nixfiles
2022-12-04 16:10:00 +00:00

87 lines
2.1 KiB
Nix
Raw Blame History

{
tree,
config,
pkgs,
...
}: let
secrets = config.services.secrets.secrets;
in {
imports = with tree; [
users.root
profiles.base
profiles.sshd
profiles.nix-gc
profiles.nginx
hosts.storage.profiles.wireguard
hosts.storage.profiles.rclone-serve
hosts.storage.profiles.rclone-sync
./hardware.nix
./networking.nix
./secrets.nix
];
systemd.tmpfiles.rules = [
"d /root/.config - root root"
"d /root/.config/rclone - root root"
"L /root/.config/rclone/rclone.conf - - - - ${secrets.rclone_config.path}"
"d /home/storage/.config - storage storage"
"d /home/storage/.config/rclone - storage storage"
"L /home/storage/.config/rclone/rclone.conf - - - - ${secrets.rclone_config.path}"
];
home-manager.users.root = {
imports = with tree; [home.base home.dev.small];
home.stateVersion = "22.05";
};
users.groups.storage = {};
users.users.storage = {
isNormalUser = true;
extraGroups = ["storage"];
};
systemd.services.init-secrets = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
path = with pkgs; [bash vault getent];
script = let
vault_username = "storage";
vault_password_file = "${secrets.vault_password.path}";
in ''
VAULT_ADDR="https://vault.owo.monster" \
vault login -no-print -method=userpass username=${vault_username} password=$(cat ${vault_password_file})
/run/current-system/sw/bin/secrets-init
'';
};
systemd.services.storage-mount = {
wantedBy = ["multi-user.target"];
after = ["network.target" "secrets-init.service"];
partOf = ["secrets-init.service"];
path = with pkgs; [bash rclone mount umount];
script = ''
set -e
umount /storage -fl || true
sleep 2
rclone --config ${secrets.rclone_config.path} mount StorageBox: /storage --allow-non-empty
'';
};
environment.systemPackages = with pkgs; [
rclone
cifs-utils
apacheHttpd
restic
];
networking.hostName = "storage";
time.timeZone = "Europe/London";
system.stateVersion = "22.05";
}
Reference in a new issue View git blame Copy permalink