Compare commits
3 commits
843abf17e5
...
c6ebf0e256
Author | SHA1 | Date | |
---|---|---|---|
|
c6ebf0e256 | ||
|
19d07a5e45 | ||
8c02b4a16d |
8 changed files with 83 additions and 42 deletions
|
@ -4,6 +4,7 @@ keys:
|
||||||
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
|
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
|
||||||
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
|
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
|
||||||
- &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
|
- &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
|
||||||
|
- &crime age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/services/dns-knot.yaml
|
- path_regex: secrets/services/dns-knot.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
|
@ -65,3 +66,9 @@ creation_rules:
|
||||||
- *emily
|
- *emily
|
||||||
age:
|
age:
|
||||||
- *florp
|
- *florp
|
||||||
|
- path_regex: secrets/restic/zh3485s2.yaml
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *emily
|
||||||
|
age:
|
||||||
|
- *crime
|
||||||
|
|
|
@ -14,8 +14,15 @@
|
||||||
"2a0f:be01:0:100::b00b:a/128"
|
"2a0f:be01:0:100::b00b:a/128"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
||||||
|
|
||||||
kyouma.nginx.defaultForbidden = "fentanyl.trade";
|
kyouma.nginx.defaultForbidden = "fentanyl.trade";
|
||||||
|
kyouma.restic = {
|
||||||
|
enable = true;
|
||||||
|
remoteUser = "zh3485s2";
|
||||||
|
paths = [
|
||||||
|
"/var/lib/jellyfin"
|
||||||
|
"/var/lib/radarr"
|
||||||
|
"/var/lib/sonarr"
|
||||||
|
"/var/lib/private/prowlarr"
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,8 +11,13 @@
|
||||||
hostName = "florp";
|
hostName = "florp";
|
||||||
domain = lib.mkForce "social";
|
domain = lib.mkForce "social";
|
||||||
};
|
};
|
||||||
kyouma.nginx.defaultForbidden = "florp.social";
|
systemd.network.networks."98-eth-default" = {
|
||||||
|
address = [
|
||||||
|
"2a0f:be01:0:100::171/128"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
kyouma.nginx.defaultForbidden = "florp.social";
|
||||||
kyouma.restic = let
|
kyouma.restic = let
|
||||||
pgBackup = "/var/cache/postgresql.sql";
|
pgBackup = "/var/cache/postgresql.sql";
|
||||||
in {
|
in {
|
||||||
|
@ -39,11 +44,6 @@
|
||||||
rm -f -- ${pgBackup}
|
rm -f -- ${pgBackup}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
systemd.network.networks."98-eth-default" = {
|
|
||||||
address = [
|
|
||||||
"2a0f:be01:0:100::171/128"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.postgresql.settings = {
|
services.postgresql.settings = {
|
||||||
max_connections = 128;
|
max_connections = 128;
|
||||||
|
|
|
@ -1,16 +1,12 @@
|
||||||
{ lib, pkgs, ... }: {
|
{ lib, pkgs, ... }: {
|
||||||
|
|
||||||
users.groups.crime = {};
|
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
prowlarr.enable = true;
|
prowlarr.enable = true;
|
||||||
} // lib.genAttrs [ "sonarr" "radarr" ] (_: {
|
} // lib.genAttrs [ "sonarr" "radarr" ] (_: {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = "crime";
|
|
||||||
});
|
});
|
||||||
systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: {
|
systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: {
|
||||||
wants = [ "rclone-mezzomix.service" ];
|
wants = [ "mnt-mezzomix.mount" ];
|
||||||
serviceConfig.UMask = "0002";
|
|
||||||
});
|
});
|
||||||
|
|
||||||
systemd.mounts = lib.singleton {
|
systemd.mounts = lib.singleton {
|
||||||
|
@ -37,9 +33,10 @@
|
||||||
kyouma.nginx.virtualHosts = {
|
kyouma.nginx.virtualHosts = {
|
||||||
"crime.kyouma.net" = {
|
"crime.kyouma.net" = {
|
||||||
verifyClientCert = true;
|
verifyClientCert = true;
|
||||||
|
disableHttp3 = true;
|
||||||
locations = {
|
locations = {
|
||||||
"/".root = ./landingPage.html;
|
# "/".root = pkgs.writeTextDir "index.html" (builtins.readFile ./landingPage.html);
|
||||||
"/sonarr/" = {
|
"/" = {
|
||||||
proxyPass = "http://127.0.0.1:8989";
|
proxyPass = "http://127.0.0.1:8989";
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,13 +1,6 @@
|
||||||
{ lib, ... }: {
|
{ lib, ... }: {
|
||||||
|
|
||||||
users.groups.crime = {};
|
services.jellyfin.enable = true;
|
||||||
|
|
||||||
services.jellyfin = {
|
|
||||||
enable = true;
|
|
||||||
group = "crime";
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0002";
|
|
||||||
|
|
||||||
kyouma.nginx.virtualHosts = {
|
kyouma.nginx.virtualHosts = {
|
||||||
"watch.kyouma.net".redirectTo = "fentanyl.trade";
|
"watch.kyouma.net".redirectTo = "fentanyl.trade";
|
||||||
|
|
30
flake.lock
30
flake.lock
|
@ -156,11 +156,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731274291,
|
"lastModified": 1731549112,
|
||||||
"narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=",
|
"narHash": "sha256-c9I3i1CwZ10SoM5npQQVnfwgvB86jAS3lT4ZqkRoSOI=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc",
|
"rev": "5fd852c4155a689098095406500d0ae3d04654a8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -345,11 +345,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726560853,
|
"lastModified": 1731533236,
|
||||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -562,11 +562,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731235328,
|
"lastModified": 1731535640,
|
||||||
"narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=",
|
"narHash": "sha256-2EckCJn4wxran/TsRiCOFcmVpep2m9EBKl99NBh2GnM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "60bb110917844d354f3c18e05450606a435d2d10",
|
"rev": "35b055009afd0107b69c286fca34d2ad98940d57",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -977,11 +977,11 @@
|
||||||
"treefmt-nix": "treefmt-nix_2"
|
"treefmt-nix": "treefmt-nix_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731452383,
|
"lastModified": 1731527733,
|
||||||
"narHash": "sha256-Qht3yghgs5rVaYwGtv3i77b8ILlZPPQEZoi6pU8T1TE=",
|
"narHash": "sha256-12OpSgbLDiKmxvBXwVracIfGI9FpjFyHpa1r0Ho+NFA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "7dc65b2d9873b6bbb6ef90234b3db6546e4ed9af",
|
"rev": "f11a877bcc1d66cc8bd7990c704f91c1e99c7d08",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1093,11 +1093,11 @@
|
||||||
"tinted-tmux": "tinted-tmux"
|
"tinted-tmux": "tinted-tmux"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731090365,
|
"lastModified": 1731537763,
|
||||||
"narHash": "sha256-ti3gXhgVpIUL/7w6zDJuH+hOnyTZqxrIX/yYqALmiEI=",
|
"narHash": "sha256-dOjxeHAXbQ4KRe5j9uClFp8SyYY2r62bbsdraETtO84=",
|
||||||
"owner": "danth",
|
"owner": "danth",
|
||||||
"repo": "stylix",
|
"repo": "stylix",
|
||||||
"rev": "6863412636c8f2cb3b7360f747fbd020fbfddf68",
|
"rev": "be94701ce7b746cb020e667f71492e398ed470f4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -22,8 +22,6 @@
|
||||||
ssl_verify_depth 1;
|
ssl_verify_depth 1;
|
||||||
'';
|
'';
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
http3 = true;
|
|
||||||
quic = true;
|
|
||||||
} //
|
} //
|
||||||
lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) {
|
lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
@ -33,7 +31,11 @@
|
||||||
useACMEHost = vhostCfg.redirectTo;
|
useACMEHost = vhostCfg.redirectTo;
|
||||||
globalRedirect = vhostCfg.redirectTo;
|
globalRedirect = vhostCfg.redirectTo;
|
||||||
} //
|
} //
|
||||||
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" ]);
|
lib.optionalAttrs (!vhostCfg ? "disableHttp3") {
|
||||||
|
http3 = true;
|
||||||
|
quic = true;
|
||||||
|
} //
|
||||||
|
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" "disableHttp3" ]);
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
|
|
35
secrets/restic/zh3485s2.yaml
Normal file
35
secrets/restic/zh3485s2.yaml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
restic:
|
||||||
|
zh3485s2:
|
||||||
|
password: ENC[AES256_GCM,data:GAesjt8CMFKuZk30vJTS7kH0cSg/p6NQCOU9udcVbVCurnUdqjKqZp97KnCcmA/A,iv:bf7trphHgzFzI3Pza8dDOgmKcHsBURsXEHtw0KpGQ7s=,tag:zE1WXaptcqBQMqgk+6SRqQ==,type:str]
|
||||||
|
id_ed25519: ENC[AES256_GCM,data:hRViIdnq9VNjjqD/X6tERHsCAuxF723bh+oES/Va5KVBJdsEK2LYXWxRQV6/dpYGnmSBNJ2q4eJS0iz2kjfNUTXg1DQZ0uuxSDbhOcKQ+ksE99VrU3Go7196gXQ+rsCuRht6vzgGzIoTcMVDlA+lvJ2EAB0o7EhK4qcKI0pRHziy4/i0JgLJKc2Xw7WwAZajyUToRrroi+oh3LRJiN0+L3B13RWNBDMxfVgSH5KERhPjU40VteKNyXg9YnZxiqRMTmDmpAu/fogXwIDgnfRuWBoDgPsHeSWVN/0IpfEegoXnmdYUGk9vKQmXNJ5z7vj6oIaz8Zuk9PfPaKZHrsUGkPZqBJydvfcUpH74+sn3idDJdQ92mYIn6rorabt6QtN9bbtULmtOU/R7wvZkRSn3SmvR6uo/xShs1pkwGa1oidn8atfoMMYnR973wvuGlDZwFGy0ZJD+Mc108U7o0U153/MervsxxZ3eIpzgmRol+TjoSJINQoPNPHsj6nx65MNfJd+AFw35h5jKUag4xKaPXS5ew/wDCqZ1PFYG,iv:P8VtAFoL0CcO7m7S60JardB95MUWYiABDOUZhLhXEzo=,tag:fLniekA0lMx6wW3u4NZPKQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUnFUQlhzYTdyblNOWUt3
|
||||||
|
V0daclVOZ0hlSmlJTHlKRDd5eThVSzVOVWh3CkpiaGNJd0hCMlk3MVdsdnY0TVJM
|
||||||
|
MEtKUXFnSlAwQ0kzd1M0eVA1WG1Bb2sKLS0tIFAvVklzZldkOFpCNHV4YnQ2SDA3
|
||||||
|
OW5TcVlqV0p4RThBRGlyaHkreEFMY28KPdgR9WCByJaLZcNophcfW7+7NU9MuI3E
|
||||||
|
bfWEFgqZLTdAg8y7s/M6ZAyjciflclxVnY8mTIhnERD+ZHHi++z1XA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-11-13T12:51:05Z"
|
||||||
|
mac: ENC[AES256_GCM,data:t/gg9SqDfrU+eKU9yw2R7ahLQY6pTgsRVFNk7K+zxTBiqUG2Rx0wm0bclkrkSKeHAVSJkc8OOWJvvRCMxaE980mknPM6721xNDV90Pt0ZsJvFXdOYKIaPQHC29klJKO60lsMsuup3BiF94O8+wIavLvYuc3jKFcaA4b9xAPRveM=,iv:TJhR1NzPVYIysghFAbjWB5lBpMhhkvwJdszkWGSLDPI=,tag:TCnewzN2qwFyG4Xio2JatQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-11-13T12:49:09Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4D1GtNSlou/HkSAQdArN4L/MZSZoKwk/RKgA56OQMyt7IhW15qa7+Utie4/TQw
|
||||||
|
0xKauGLJEMp7cnpmEvpBW8sy3hZRj1K4vLv2NKHzoXBuWGBer1Hf+CDZJ71ta6J9
|
||||||
|
0l4B9f4L9AIRHO3ncb4IPyVprr+sFyhVJJAI7bo9mbFUqH0yfM5EmFiXWg5d9zO6
|
||||||
|
NfXbbfpW4ISEXFa//SuVl3h/HHxwDd83qA13OnhrlCjjwPfdA32kKM3CS/81JHNd
|
||||||
|
=4L7O
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.1
|
Loading…
Reference in a new issue