chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity
nixfiles/hosts/storage/storage.nix
Chaos e359ba8711
beep
2022-10-28 13:56:51 +01:00

171 lines
4.2 KiB
Nix
Raw Blame History

{ modulesPath, tree, config, pkgs, lib, ... }:
{
imports = with tree; [
users.root
users.chaos
profiles.base
profiles.tailscale
profiles.sshd
./hardware.nix
./misc.nix
../../extras/laura-ssh-root.nix
];
users.groups.storage = { };
users.users.storage = {
isNormalUser = true;
extraGroups = [ "storage" ];
};
systemd.services.populate-rclone-config = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = with pkgs; [ bash rclone vault getent jq ];
script = let
vault_username = "storage";
vault_password_file = "/secrets/vault_password";
in ''
mkdir -p /home/storage/.config/rclone
VAULT_ADDR="https://vault.owo.monster" bash ${
./populate-rclone-config.sh
} ${vault_username} ${vault_password_file} ${
./rclone_config.template
} /home/storage/.config/rclone/rclone.conf
chown storage:storage /home/storage/.config/rclone/rclone.conf
chmod 660 /home/storage/.config/rclone/rclone.conf
'';
};
systemd.services.storage-mount = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
wants = [ "populate-rclone-config.service" ];
path = with pkgs; [ bash rclone mount umount ];
script = ''
set -e
umount /storage -fl || true
sleep 2
rclone --config /home/storage/.config/rclone/rclone.conf mount StorageBox: /storage --allow-non-empty
'';
};
security.acme = {
defaults = { email = "chaoticryptidz@owo.monster"; };
acceptTerms = true;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = "";
clientMaxBodySize = "512m";
serverNamesHashBucketSize = 1024;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.rclone-serve = {
enable = true;
remotes = [
{
user = "storage";
remote = "StorageBox:";
type = "webdav";
wants = [ "populate-rclone-config.service" ];
extraArgs = [ "--addr=:4242" "--htpasswd=/secrets/webdav_htpasswd" ];
}
{
user = "storage";
remote = "StorageBox:Chaos-Backups/HetznerVM";
type = "restic";
wants = [ "populate-rclone-config.service" ];
extraArgs = [
"--addr=:4243"
"--htpasswd=/secrets/restic_hetznervm_htpasswd"
"--baseurl=/HetznerVM/"
];
}
{
user = "storage";
remote = "StorageBox:Chaos-Backups/Music";
type = "restic";
wants = [ "populate-rclone-config.service" ];
extraArgs = [
"--addr=:4244"
"--htpasswd=/secrets/restic_music_htpasswd"
"--baseurl=/Music/"
];
}
];
};
services.nginx.virtualHosts."storage-webdav.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = { "/".proxyPass = "http://localhost:4242"; };
};
services.nginx.virtualHosts."storage-restic.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/HetznerVM/".proxyPass = "http://localhost:4243";
"/Music/".proxyPass = "http://localhost:4244";
};
};
services.rclone-sync = {
enable = true;
user = "storage";
sync_jobs = [
{
source = "StorageBox:Chaos-Backups";
dest = "B2-Chaos-Backups:";
wants = [ "populate-rclone-config.service" ];
timerConfig = {
OnStartupSec = "60";
OnCalendar = "4h";
};
}
{
source = "StorageBox:Chaos-Photos";
dest = "B2-Chaos-Photos:";
wants = [ "populate-rclone-config.service" ];
timerConfig = {
OnStartupSec = "60";
OnCalendar = "4h";
};
}
];
};
environment.systemPackages = with pkgs; [
rclone
cifs-utils
apacheHttpd
restic
];
home-manager.users.root = {
imports = with tree; [ home.base home.dev.small ];
home.stateVersion = "22.05";
};
home-manager.users.chaos = {
imports = with tree; [ home.base home.dev.small ];
home.stateVersion = "22.05";
};
networking.hostName = "storage";
time.timeZone = "Europe/London";
system.stateVersion = "21.11";
}
Reference in a new issue View git blame Copy permalink