Gabe/nix-config
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity

lots of stuff:

Browse source 
Moved syncthing to system service
Restic actually works now
removed some old system configs.
formatting.
This commit is contained in:
Gabe Venberg 2024-09-30 16:06:17 +02:00
parent c42e33770e
commit f9632c8fc3
18 changed files with 99 additions and 291 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/cirrostratus/default.nix
View file

@ -14,11 +14,13 @@ inputs.nixpkgs.lib.nixosSystem {
./disk-config.nix
./hardware-configuration.nix
./nginx.nix
./restic.nix
../../configs/nixos/common.nix
../../configs/nixos/tailscale.nix
../../configs/nixos/sshd.nix
../../configs/nixos/secrets.nix
../../configs/nixos/jellyfin.nix
../../configs/nixos/syncthing.nix
({
config,
pkgs,
@ -60,10 +62,6 @@ inputs.nixpkgs.lib.nixosSystem {
format = "binary";
owner = config.services.nginx.user;
};
restic-server-credentials = {
sopsFile = "${inputs.nix-secrets}/restic-server";
format = "binary";
};
};
};

9
hosts/cirrostratus/disk-config.nix
View file

@ -70,11 +70,10 @@
};
datasets = {
backup = {
type="zfs_fs";
options={
mountpoint="/backup";
compression="zstd";
quota="6T";
type = "zfs_fs";
options = {
mountpoint = "/backup";
quota = "6T";
};
};
};

19
hosts/cirrostratus/restic.nix
View file

@ -7,21 +7,28 @@
}: let
port = "8090";
in {
services.restic.server = {
services.restic.server = lib.mkIf (inputs ? nix-secrets) {
enable = true;
appendOnly = true;
dataDir = "/backup/restic";
extraFlags = [
"--htpasswd-file ${config.sops.secrets.gabevenberg-draft-credentials.path}"
"--private-repos"
];
listenAddress = "127.0.0.1:${port}";
};
services.nginx.virtualHosts."restic.gabevenberg.com" = {
services.nginx.virtualHosts."restic.venberg.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${port}";
};
};
sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-server-credentials = {
sopsFile = "${inputs.nix-secrets}/restic-server";
format = "binary";
path = "/backup/restic/.htpasswd";
owner="restic";
};
};
environment.systemPackages = with pkgs; [
restic
];
}