crime: add backup

This commit is contained in:
emily 2024-11-13 16:03:28 +01:00
parent 73f1a6c65a
commit 0add98b54c
Signed by: emily
GPG key ID: F6F4C66207FCF995
7 changed files with 67 additions and 26 deletions

View file

@ -4,6 +4,7 @@ keys:
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn - &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf - &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
- &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t - &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
- &crime age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
creation_rules: creation_rules:
- path_regex: secrets/services/dns-knot.yaml - path_regex: secrets/services/dns-knot.yaml
key_groups: key_groups:
@ -65,3 +66,9 @@ creation_rules:
- *emily - *emily
age: age:
- *florp - *florp
- path_regex: secrets/restic/zh3485s2.yaml
key_groups:
- pgp:
- *emily
age:
- *crime

View file

@ -14,8 +14,15 @@
"2a0f:be01:0:100::b00b:a/128" "2a0f:be01:0:100::b00b:a/128"
]; ];
}; };
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
kyouma.nginx.defaultForbidden = "fentanyl.trade"; kyouma.nginx.defaultForbidden = "fentanyl.trade";
kyouma.restic = {
enable = true;
remoteUser = "zh3485s2";
paths = [
"/var/lib/jellyfin"
"/var/lib/radarr"
"/var/lib/sonarr"
"/var/lib/private/prowlarr"
];
};
} }

View file

@ -11,8 +11,13 @@
hostName = "florp"; hostName = "florp";
domain = lib.mkForce "social"; domain = lib.mkForce "social";
}; };
kyouma.nginx.defaultForbidden = "florp.social"; systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::171/128"
];
};
kyouma.nginx.defaultForbidden = "florp.social";
kyouma.restic = let kyouma.restic = let
pgBackup = "/var/cache/postgresql.sql"; pgBackup = "/var/cache/postgresql.sql";
in { in {
@ -39,11 +44,6 @@
rm -f -- ${pgBackup} rm -f -- ${pgBackup}
''; '';
}; };
systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::171/128"
];
};
services.postgresql.settings = { services.postgresql.settings = {
max_connections = 128; max_connections = 128;

View file

@ -1,16 +1,12 @@
{ lib, pkgs, ... }: { { lib, pkgs, ... }: {
users.groups.crime = {};
services = { services = {
prowlarr.enable = true; prowlarr.enable = true;
} // lib.genAttrs [ "sonarr" "radarr" ] (_: { } // lib.genAttrs [ "sonarr" "radarr" ] (_: {
enable = true; enable = true;
group = "crime";
}); });
systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: { systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: {
wants = [ "rclone-mezzomix.service" ]; wants = [ "mnt-mezzomix.mount" ];
serviceConfig.UMask = "0002";
}); });
systemd.mounts = lib.singleton { systemd.mounts = lib.singleton {
@ -37,9 +33,10 @@
kyouma.nginx.virtualHosts = { kyouma.nginx.virtualHosts = {
"crime.kyouma.net" = { "crime.kyouma.net" = {
verifyClientCert = true; verifyClientCert = true;
disableHttp3 = true;
locations = { locations = {
"/".root = ./landingPage.html; # "/".root = pkgs.writeTextDir "index.html" (builtins.readFile ./landingPage.html);
"/sonarr/" = { "/" = {
proxyPass = "http://127.0.0.1:8989"; proxyPass = "http://127.0.0.1:8989";
recommendedProxySettings = true; recommendedProxySettings = true;
}; };

View file

@ -1,13 +1,6 @@
{ lib, ... }: { { lib, ... }: {
users.groups.crime = {}; services.jellyfin.enable = true;
services.jellyfin = {
enable = true;
group = "crime";
};
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0002";
kyouma.nginx.virtualHosts = { kyouma.nginx.virtualHosts = {
"watch.kyouma.net".redirectTo = "fentanyl.trade"; "watch.kyouma.net".redirectTo = "fentanyl.trade";

View file

@ -22,8 +22,6 @@
ssl_verify_depth 1; ssl_verify_depth 1;
''; '';
forceSSL = true; forceSSL = true;
http3 = true;
quic = true;
} // } //
lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) { lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) {
enableACME = true; enableACME = true;
@ -33,6 +31,10 @@
useACMEHost = vhostCfg.redirectTo; useACMEHost = vhostCfg.redirectTo;
globalRedirect = vhostCfg.redirectTo; globalRedirect = vhostCfg.redirectTo;
} // } //
lib.optionalAttrs (!vhostCfg ? "disableHttp3") {
http3 = true;
quic = true;
} //
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" ]); (builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" ]);
in { in {

View file

@ -0,0 +1,35 @@
restic:
zh3485s2:
password: ENC[AES256_GCM,data:GAesjt8CMFKuZk30vJTS7kH0cSg/p6NQCOU9udcVbVCurnUdqjKqZp97KnCcmA/A,iv:bf7trphHgzFzI3Pza8dDOgmKcHsBURsXEHtw0KpGQ7s=,tag:zE1WXaptcqBQMqgk+6SRqQ==,type:str]
id_ed25519: ENC[AES256_GCM,data:hRViIdnq9VNjjqD/X6tERHsCAuxF723bh+oES/Va5KVBJdsEK2LYXWxRQV6/dpYGnmSBNJ2q4eJS0iz2kjfNUTXg1DQZ0uuxSDbhOcKQ+ksE99VrU3Go7196gXQ+rsCuRht6vzgGzIoTcMVDlA+lvJ2EAB0o7EhK4qcKI0pRHziy4/i0JgLJKc2Xw7WwAZajyUToRrroi+oh3LRJiN0+L3B13RWNBDMxfVgSH5KERhPjU40VteKNyXg9YnZxiqRMTmDmpAu/fogXwIDgnfRuWBoDgPsHeSWVN/0IpfEegoXnmdYUGk9vKQmXNJ5z7vj6oIaz8Zuk9PfPaKZHrsUGkPZqBJydvfcUpH74+sn3idDJdQ92mYIn6rorabt6QtN9bbtULmtOU/R7wvZkRSn3SmvR6uo/xShs1pkwGa1oidn8atfoMMYnR973wvuGlDZwFGy0ZJD+Mc108U7o0U153/MervsxxZ3eIpzgmRol+TjoSJINQoPNPHsj6nx65MNfJd+AFw35h5jKUag4xKaPXS5ew/wDCqZ1PFYG,iv:P8VtAFoL0CcO7m7S60JardB95MUWYiABDOUZhLhXEzo=,tag:fLniekA0lMx6wW3u4NZPKQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUnFUQlhzYTdyblNOWUt3
V0daclVOZ0hlSmlJTHlKRDd5eThVSzVOVWh3CkpiaGNJd0hCMlk3MVdsdnY0TVJM
MEtKUXFnSlAwQ0kzd1M0eVA1WG1Bb2sKLS0tIFAvVklzZldkOFpCNHV4YnQ2SDA3
OW5TcVlqV0p4RThBRGlyaHkreEFMY28KPdgR9WCByJaLZcNophcfW7+7NU9MuI3E
bfWEFgqZLTdAg8y7s/M6ZAyjciflclxVnY8mTIhnERD+ZHHi++z1XA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-13T12:51:05Z"
mac: ENC[AES256_GCM,data:t/gg9SqDfrU+eKU9yw2R7ahLQY6pTgsRVFNk7K+zxTBiqUG2Rx0wm0bclkrkSKeHAVSJkc8OOWJvvRCMxaE980mknPM6721xNDV90Pt0ZsJvFXdOYKIaPQHC29klJKO60lsMsuup3BiF94O8+wIavLvYuc3jKFcaA4b9xAPRveM=,iv:TJhR1NzPVYIysghFAbjWB5lBpMhhkvwJdszkWGSLDPI=,tag:TCnewzN2qwFyG4Xio2JatQ==,type:str]
pgp:
- created_at: "2024-11-13T12:49:09Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdArN4L/MZSZoKwk/RKgA56OQMyt7IhW15qa7+Utie4/TQw
0xKauGLJEMp7cnpmEvpBW8sy3hZRj1K4vLv2NKHzoXBuWGBer1Hf+CDZJ71ta6J9
0l4B9f4L9AIRHO3ncb4IPyVprr+sFyhVJJAI7bo9mbFUqH0yfM5EmFiXWg5d9zO6
NfXbbfpW4ISEXFa//SuVl3h/HHxwDd83qA13OnhrlCjjwPfdA32kKM3CS/81JHNd
=4L7O
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.9.1