asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:5ae8a40f5ceeda65ee761b20ae85e2951ccfe096
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2
..
compare: asmir:4438328d31b5699cfbd1a9219f9ddbbdc91dd4d7
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2

4 Commits
5ae8a40f5c ... 4438328d31

Author SHA1 Message Date
Asmir A
4438328d31
magpie/nfs: add service, open firewall port 2049 2024-04-05 23:03:49 +02:00
Asmir A
522e5d4fa9
magpie/borgbackup: add periodic backup service 2024-04-05 23:03:01 +02:00
Asmir A
7b07ab31e0
magpie/sops/borgbase: add ssh and enc keys 2024-04-05 22:53:33 +02:00
Asmir A
9fd4bb35f2
nixy/nfs: enable rpcbind, add nfs to initrd 2024-04-05 22:52:20 +02:00
4 changed files with 80 additions and 3 deletions
Show Stats Expand all files Collapse all files

38
magpie/configuration.nix
View File

@ -232,6 +232,32 @@
}; };
}; };
services.nfs.server.enable = true;
services.nfs.server.extraNfsdConfig = ''
rdma = true
vers3 = false
vers4.0 = false
vers4.1 = false
'';
services.nfs.server.exports = ''
/export/nixy 10.100.0.1/24(rw,nohide,insecure,no_subtree_check,all_squash,anonuid=1000,anongid=100)
'';
services.borgbackup.jobs."borgbase" = {
paths = [
"/var/lib/gitea"
];
exclude = [];
repo = "ssh://na9fqv67@na9fqv67.repo.borgbase.com/./repo";
encryption = {
mode = "repokey-blake2";
passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}";
};
environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}";
compression = "auto,zstd";
startAt = "daily";
};
/* /*
needed for sendmail mail functionality needed for sendmail mail functionality
*/ */
@ -274,11 +300,19 @@
sopsFile = ./secrets/wg_privkey.yaml; sopsFile = ./secrets/wg_privkey.yaml;
}; };
sops.secrets."borgbase_enc_key" = {
sopsFile = ./secrets/borgbase_enc_key.yaml;
};
sops.secrets."borgbase_ssh_key" = {
sopsFile = ./secrets/borgbase_ssh_key.yaml;
};
networking.hostName = "magpie"; networking.hostName = "magpie";
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [80 443 587]; networking.firewall.allowedTCPPorts = [80 443 587 2049]; # http, mail, mail, nfs
networking.firewall.allowedUDPPorts = [443 51820]; networking.firewall.allowedUDPPorts = [443 51820]; #mail, wireguard
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = lib.mkDefault false; networking.firewall.logRefusedConnections = lib.mkDefault false;

21
magpie/secrets/borgbase_enc_key.yaml Normal file
View File

@ -0,0 +1,21 @@
borgbase_enc_key: ENC[AES256_GCM,data:bnSjKRY6HlmOyhjyuJLH8Xqzzpm7NgZI5g==,iv:RYlg83PqV2DIQHa5FoD6ls/utVjuSwmrv56N6Lrtn8s=,tag:hC6e9d5/EH9V7kG23XblEQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbGhiTHNXczdHZGd6Mjg4
dGtVUmorcHVtaDJQRHRFSlVNZVA2ZUV6NVF3CllsNWRTT2YzS1ZnQ1dJTGRHbjJE
N3l5L00rK2RpT0VWenVVR2Nxald2cGsKLS0tIE9EZ0hXeWM0dEZuYW9lTDc4NS9Q
bFUzRjE3aVNLQ1RaRHk0RStrUkRaMncKxwHapHc7cMA2YB1uZyZ5vPxGwDc9+RBW
xj1FBWUVe0kaLibThqHWH7D9KuBComk/rkBPF3xk4As2M7O/UixTpg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-05T19:01:07Z"
mac: ENC[AES256_GCM,data:Fz1ZwYR7cg+bcgNe/JZ2oEqhYihQWnCoy3J76VIPb089PNCXXp0xJ/eYjOoKlGK42z1wEO8hJ8FoaLvzuqhO0aatKpHDx0bBos8YqZYuGAuW115AdK5m6ecby7yi5lBIBpXOv1sU8uOtdBR32UPFAQ9oQf0KleWju47phF43v9o=,iv:Lbu5eLKfEnrehSY1+r0z75pZnNDNEVSmrEaJRDpDTU4=,tag:TLdtQTNbo0dxlpV9ZPm+uQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

21
magpie/secrets/borgbase_ssh_key.yaml Normal file
View File

@ -0,0 +1,21 @@
borgbase_ssh_key: ENC[AES256_GCM,data:W/aAQPSaPxGPeY50arJr50OWZjN+RJt9Y4MlpPNtw3KT2y+fUuMpNAjMuGd+3mzA2bs9YpE2WlgJ7KO5XPH7M36tSI+K2pcnjX1NMl8giJ952iCsqW4siij64JguK/gUi3GAe3LXHTjr3VgubSdqVd25k0bys+GiMfsHXXGD6tinKmEheis6XgfcChrvyYgQ4DKPW4HOHC4/V6roXaK+GTe+qY0BdzM27cDHc3a85cuHAAeDnYdNfdRAItI3KmDCx8edeBwt4vonR/v9AaDRH2PjZWq583Rlqoa8TQvQi0+yWf6O6MikHQlP1GoYCe5iI+rOF6KTseDjS2aoLZ+mXNxVmmOVdZrq1vx0UpsbJWRZE+1UluQwdrEm1mLMrI4Z2wFNfzjg9rOiJ36AL1YdcXtI0RHLYp8r92Qt3IFVwcC1NT/AWJkFOGr5z0PX0w+mi4J+f1wDvVguXp2KaguB2XAJbnpgQQ2ZqYv0gTkBLZ/RAOyQgaMaESCfJBWXE3DESMOspj4AYUsjQiaxmF13,iv:ph++5hCX3DzqwCoObz73/Xn0qy/+Za5+DI/EVsc67yY=,tag:0VkALd0j3D6yA7jCE7vogg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5UHRuVS95ZFNTWU5LdS8z
UDVaTjZReWc4T2ZKaTVSdDExY2drSHFIcEM0CnkvZkhkSHVFVG1pVUJvUzRxMWYv
SE1sZEJBazRBcW53bzV4QXFiM0p5ZEkKLS0tIGNhaTB1NFBLd2NjTWs0V1BaVEE2
WDZadWdTMFIwei83clhkNVRLNUhVTk0KiJGENx2jXnStGslESR5aWp/LolbF2f0u
QDbs0yW+I4Tzw6Tg4FMS4rFzlmesFqoj+3JBgegb/dDRhIvuWrwCig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-05T20:03:21Z"
mac: ENC[AES256_GCM,data:YpXUK6UNKpdudVZ+YManWreHufFzw9XbF1cBYutdAaTdqhlzPErpuOmEKLuMA7nr7SQkLK4pu1Eg0P5CA3QXsh0VUHMTiFWxNz7KZeoYAkacK9WzutEldsMG4iVlKmGHhQApSNW4kfPBKs1TgYyZdndBHEdILcoLDxke8kfkoVU=,iv:rpNeNTfXoMpScSfyrY7uK9ZkKasJGVAhgiMoe0XyJFo=,tag:Rl4Ya+iq0BvMSM/J0wySnQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

3
nixy/configuration.nix
View File

@ -55,7 +55,7 @@
memtest86.enable = true; memtest86.enable = true;
}; };
readOnlyNixStore = true; readOnlyNixStore = true;
supportedFilesystems = ["btrfs"]; supportedFilesystems = ["btrfs" "nfs"];
tmp.useTmpfs = true; tmp.useTmpfs = true;
}; };
@ -187,6 +187,7 @@
ntp.enable = true; ntp.enable = true;
openssh.enable = true; openssh.enable = true;
printing.enable = true; printing.enable = true;
rpcbind.enable = true;
pipewire = { pipewire = {
enable = true; enable = true;