Compare commits
4 commits
main
...
#76-Nuked-
Author | SHA1 | Date | |
---|---|---|---|
b77f846a33 | |||
097fa21af8 | |||
3e10c14a4b | |||
223fcb4202 |
5 changed files with 136 additions and 0 deletions
|
@ -83,6 +83,9 @@ with lib; let
|
||||||
));
|
));
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
|
./dns.nix
|
||||||
|
./nginx.nix
|
||||||
|
./acme.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base
|
# using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base
|
||||||
|
@ -142,6 +145,20 @@ in {
|
||||||
default = false;
|
default = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nuked = {
|
||||||
|
enable = mkEnableOption "Nuked Backup server";
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = 8765;
|
||||||
|
};
|
||||||
|
|
||||||
|
appendOnly = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
|
@ -195,5 +212,58 @@ in {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
})
|
})
|
||||||
|
|
||||||
|
# restic -r rest:https://skynet:testing@nuked.skynet.ie/ init
|
||||||
|
(mkIf cfg.nuked.enable {
|
||||||
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = !cfg.server.enable;
|
||||||
|
message = "Our backup and Nuked backup cannot co-exist";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
services.skynet.acme.domains = [
|
||||||
|
"nuked.skynet.ie"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.skynet.dns.records = [
|
||||||
|
{
|
||||||
|
record = "nuked";
|
||||||
|
r_type = "CNAME";
|
||||||
|
value = config.services.skynet.host.name;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"nuked.skynet.ie" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "skynet";
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${config.services.restic.server.listenAddress}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
cfg.nuked.port
|
||||||
|
];
|
||||||
|
|
||||||
|
age.secrets.restic_pw = {
|
||||||
|
file = ../secrets/backup/nuked.age;
|
||||||
|
path = "${config.services.restic.server.dataDir}/.htpasswd";
|
||||||
|
symlink = false;
|
||||||
|
mode = "770";
|
||||||
|
owner = "restic";
|
||||||
|
group = "restic";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.restic.server = {
|
||||||
|
enable = true;
|
||||||
|
listenAddress = "${config.services.skynet.host.ip}:${toString cfg.server.port}";
|
||||||
|
appendOnly = cfg.nuked.appendOnly;
|
||||||
|
privateRepos = true;
|
||||||
|
};
|
||||||
|
})
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -164,6 +164,8 @@
|
||||||
|
|
||||||
# Public Services
|
# Public Services
|
||||||
calculon = import ./machines/calculon.nix;
|
calculon = import ./machines/calculon.nix;
|
||||||
|
|
||||||
|
deepthought = import ./machines/deepthought.nix;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
42
machines/deepthought.nix
Normal file
42
machines/deepthought.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
/*
|
||||||
|
|
||||||
|
Name: https://hitchhikers.fandom.com/wiki/Deep_Thought
|
||||||
|
Why: Our home(page)
|
||||||
|
Type: VM
|
||||||
|
Hardware: -
|
||||||
|
From: 2023
|
||||||
|
Role: Public Backup
|
||||||
|
Notes:
|
||||||
|
*/
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
nodes,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
name = "deepthought";
|
||||||
|
ip_pub = "193.1.99.112";
|
||||||
|
hostname = "${name}.skynet.ie";
|
||||||
|
host = {
|
||||||
|
ip = ip_pub;
|
||||||
|
name = name;
|
||||||
|
hostname = hostname;
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
];
|
||||||
|
|
||||||
|
deployment = {
|
||||||
|
targetHost = ip_pub;
|
||||||
|
targetPort = 22;
|
||||||
|
targetUser = null;
|
||||||
|
|
||||||
|
tags = ["active-core"];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.skynet = {
|
||||||
|
host = host;
|
||||||
|
backup.nuked.enable = true;
|
||||||
|
};
|
||||||
|
}
|
17
secrets/backup/nuked.age
Normal file
17
secrets/backup/nuked.age
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 V1pwNA dgJJTGIzBXLeK17bfgeYeXXN5YrByBOTbhyIkx+Z2TI
|
||||||
|
zgujS6RYpXEzbUYZc1DRz0RlWAGurFNzAJnE4j4zhjY
|
||||||
|
-> ssh-ed25519 4PzZog U7EUVcL+2Acv3mBpz88t2ZwVJm4YyNlwXzXpSkZfjk8
|
||||||
|
LKQqiFcJ3pIWJG5DSbBbcEzg0dIPFOfiwcKCuR2zfhA
|
||||||
|
-> ssh-ed25519 5Nd93w Rsjby+9wJr4PnaixDgUk32319SnfJCxgnC8fQ9Gc0yM
|
||||||
|
7jmxPtgrIZ9ZF5c04bMzgYBLLPoqKFfwmU/qG6hF+9s
|
||||||
|
-> ssh-ed25519 q8eJgg p5+dL0VBijPOTihOZuDQdE/yLQA+BHlEVSq12gRaizw
|
||||||
|
MzQcGLTaUhgarzvJ7h/XfHIyPUb+i6YkbgkbvhOONEo
|
||||||
|
-> ssh-ed25519 KVr8rw W9+d0ot3036q0YPNYaY1MS/4EiTU0MnLmq56dvUamE0
|
||||||
|
wuIORoGvEG8lqrirf07ycIHawiw/DsjvTUwZrIEjSjk
|
||||||
|
-> ssh-ed25519 fia1eQ c5cadKGZlONyUKivzegA+swGqgpb8oLDe5bk7Sb8XBI
|
||||||
|
NNrb+ezMjYuKkaDUGumflNYrKPzxnPULoMslxH5/bFI
|
||||||
|
-> ssh-ed25519 DVzSig 6uvtkJC55iEwnCPZGAqMrLzW+IuHX9YDhtCX3eHtxkA
|
||||||
|
JNmstGPHqh2if+C4j1S19v2bCpbib+Wthp/OCusCSc8
|
||||||
|
--- teGaaxnvHxEkKCtyNsBV/yhl3Ohn9BD3nfjl6jq3OcM
|
||||||
|
³Êb_Â^ìòõŠ<C3B5>aX¹&6LFÀo8˘¯œC.ƒ ~ÿˆŽœž—k3âÃî;¯1Ž²”Iôd*
ÚûV®Ïƒj¦áÖùñÅí?D©´Õd%buš^Øa"Q2„<m<>oãm©œc6Ò¹‚5!…HÂé8Žj9Ä <C384>1º»þ‘àT›@½Îoíâ‹vÂœ¦ß<>&E„áÅË(èˆH©n®}³ÞQÉhe5JãfàåÓ\.,~X<isÅpŽpÆkøb ‘ÿp8aÒfÞ†½0ˆ*‘n¦›»0ù;Øy:hl
|
|
@ -113,6 +113,10 @@ let
|
||||||
bitwarden = [
|
bitwarden = [
|
||||||
kitt
|
kitt
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nuked = [
|
||||||
|
optimus
|
||||||
|
];
|
||||||
in {
|
in {
|
||||||
# nix run github:ryantm/agenix -- -e secret1.age
|
# nix run github:ryantm/agenix -- -e secret1.age
|
||||||
|
|
||||||
|
@ -140,6 +144,7 @@ in {
|
||||||
# everyone has access to this
|
# everyone has access to this
|
||||||
"backup/restic.age".publicKeys = users ++ systems;
|
"backup/restic.age".publicKeys = users ++ systems;
|
||||||
"backup/restic_pw.age".publicKeys = users ++ restic;
|
"backup/restic_pw.age".publicKeys = users ++ restic;
|
||||||
|
"backup/nuked.age".publicKeys = users ++ nuked;
|
||||||
|
|
||||||
# discord bot and discord
|
# discord bot and discord
|
||||||
"discord/ldap.age".publicKeys = users ++ ldap ++ discord;
|
"discord/ldap.age".publicKeys = users ++ ldap ++ discord;
|
||||||
|
|
Loading…
Reference in a new issue