chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity
nixfiles/hosts/storage/storage.nix
Chaos ffd17fe123
beeppppppppp
2022-10-27 20:27:22 +01:00

116 lines
2.9 KiB
Nix
Raw Blame History

{ modulesPath, tree, config, pkgs, lib, ... }:
{
imports = with tree; [
users.root
users.chaos
profiles.base
profiles.tailscale
profiles.sshd
./hardware.nix
./misc.nix
../../extras/laura-ssh-root.nix
];
users.groups.storage = { };
users.users.storage = {
isNormalUser = true;
extraGroups = [ "storage" ];
};
systemd.services.populate-rclone-config = {
wantedBy = [ "multi-user.target" ];
requires = [ "network.target" ];
after = [ "network.target" ];
path = with pkgs; [ bash rclone vault getent jq ];
script = let
vault_username = "storage";
vault_password_file = "/secrets/vault_password";
in ''
mkdir -p /home/storage/.config/rclone
VAULT_ADDR="https://vault.owo.monster" bash ${
./populate-rclone-config.sh
} ${vault_username} ${vault_password_file} ${
./rclone_config.template
} /home/storage/.config/rclone/rclone.conf
chown storage:storage /home/storage/.config/rclone/rclone.conf
chmod 660 /home/storage/.config/rclone/rclone.conf
'';
};
systemd.tmpfiles.rules = [ "d /storage 0755 storage storage -" ];
systemd.services.storage-mount = {
wantedBy = [ "multi-user.target" ];
requires = [
"network.target"
"populate-rclone-config.service"
"systemd-tmpfiles-setup.service"
];
after = [
"network.target"
"populate-rclone-config.service"
"systemd-tmpfiles-setup.service"
];
path = with pkgs; [ bash rclone mount ];
script = ''
set -e
umount /storage || true
rclone --config /home/storage/.config/rclone/rclone.conf mount StorageBox: /storage
'';
};
security.acme = {
defaults = { email = "chaoticryptidz@owo.monster"; };
acceptTerms = true;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = "";
clientMaxBodySize = "512m";
serverNamesHashBucketSize = 1024;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.rclone-serve = {
enable = true;
remotes = [{
user = "storage";
remote = "StorageBox:Chaos-Backups/DNS";
type = "webdav";
after = [ "populate-rclone-config.service" ];
extraArgs = [ "--addr=:4242" ];
}];
};
services.nginx.virtualHosts."storage-web.owo.monster" = {
forceSSL = true;
enableACME = true;
#locations = { "/".proxyPass = "http://localhost:4242"; };
};
environment.systemPackages = with pkgs; [ rclone cifs-utils ];
home-manager.users.root = {
imports = with tree; [ home.base home.dev.small ];
home.stateVersion = "22.05";
};
home-manager.users.chaos = {
imports = with tree; [ home.base home.dev.small ];
home.stateVersion = "22.05";
};
networking.hostName = "storage";
time.timeZone = "Europe/London";
system.stateVersion = "21.11";
}
Reference in a new issue View git blame Copy permalink