Skynet/nixos
7
1
Fork 0
Code Issues 45 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat: Gonna use the space left behind Optimus to test this out

Browse source 
Relates to #76
This commit is contained in:
silver 2024-06-06 23:33:54 +01:00
parent e94683c3d5
commit 223fcb4202
Signed by: silver
GPG key ID: 54E2C71918E93B74
5 changed files with 119 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

70
applications/restic.nix
View file

@ -83,6 +83,9 @@ with lib; let
));
in {
imports = [
./dns.nix
./nginx.nix
./acme.nix
];
# using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base
@ -142,6 +145,20 @@ in {
default = false;
};
};
nuked = {
enable = mkEnableOption "Nuked Backup server";
port = mkOption {
type = types.port;
default = 8765;
};
appendOnly = mkOption {
type = types.bool;
default = false;
};
};
};
config = mkMerge [
@ -195,5 +212,58 @@ in {
}
];
})
# restic -r rest:https://skynet:testing@nuked.skynet.ie/ init
(mkIf cfg.nuked.enable {
assertions = [
{
assertion = !cfg.server.enable;
message = "Our backup and Nuked backup cannot co-exist";
}
];
services.skynet.acme.domains = [
"nuked.skynet.ie"
];
services.skynet.dns.records = [
{
record = "nuked";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx.virtualHosts = {
"nuked.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://${config.services.restic.server.listenAddress}";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [
cfg.nuked.port
];
age.secrets.restic_pw = {
file = ../secrets/backup/nuked.age;
path = "${config.services.restic.server.dataDir}/.htpasswd";
symlink = false;
mode = "770";
owner = "restic";
group = "restic";
};
services.restic.server = {
enable = true;
listenAddress = "${config.services.skynet.host.ip}:${toString cfg.server.port}";
appendOnly = cfg.nuked.appendOnly;
privateRepos = true;
};
})
];
}