From 28459e9f5a1a562160fe86137e4a6d9b635514e5 Mon Sep 17 00:00:00 2001 From: Kopatz <7265381+Kropatz@users.noreply.github.com> Date: Wed, 8 Nov 2023 14:48:17 +0100 Subject: [PATCH 1/7] add kavita --- flake.nix | 1 + modules/kavita.nix | 17 +++++++++++++++++ secrets/kavita.age | Bin 0 -> 507 bytes secrets/secrets.nix | 1 + 4 files changed, 19 insertions(+) create mode 100644 modules/kavita.nix create mode 100644 secrets/kavita.age diff --git a/flake.nix b/flake.nix index 005f861..2fec0e2 100644 --- a/flake.nix +++ b/flake.nix @@ -54,6 +54,7 @@ ./modules/wireguard.nix ./modules/cron.nix ./modules/paperless.nix + ./modules/kavita.nix #./modules/dyndns.nix i think ddclient is deprecated #./modules/home-assistant.nix idk dont like this home-manager.nixosModules.home-manager diff --git a/modules/kavita.nix b/modules/kavita.nix new file mode 100644 index 0000000..fa687f2 --- /dev/null +++ b/modules/kavita.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, inputs, ... }: +{ + + networking.firewall.allowedTCPPorts = [ 5000 ]; + age.secrets.kavita = { + file = ../secrets/kavita.age; + owner = "kavita"; + group = "kavita"; + }; + services.kavita = { + enable = true; + user = "kavita"; + port = 5000; + dataDir = "/mnt/250ssd/kavita"; + tokenKeyFile = config.age.secrets.kavita.path; + }; +} diff --git a/secrets/kavita.age b/secrets/kavita.age new file mode 100644 index 0000000000000000000000000000000000000000..dd08100dcd680acbcd647b221e6447cf9f13ef92 GIT binary patch literal 507 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyOmlYjEmz16%qs}+ z%_=JN@bk9FF3>J2){n?bFEDVj3^sHO_9)FO45}>B_jU;lO6JN;iEs`~&qxUi&i0H< z@-{cfOb$qQE6(-|PK$I24l~a;cQ4HH4JwQ%@{QB-`%^S zQajDdDIzB%z%4Dv1%(F}D<=X7Po i*m4Q?-T!;&YI=8KykD-=rvr=B@-11CR4xb2mInY}4Y3sf literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5b356cd..b9e5acb 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,4 +17,5 @@ in "coturn-secret.age".publicKeys = [ nix-test-vm server ]; "matrix-registration.age".publicKeys = [ nix-test-vm server ]; "paperless.age".publicKeys = [ nix-test-vm server ]; + "kavita.age".publicKeys = [ nix-test-vm server ]; } From eb27732122a183dfa13182078fcb00f4dc8d5c44 Mon Sep 17 00:00:00 2001 From: Kopatz <7265381+Kropatz@users.noreply.github.com> Date: Fri, 10 Nov 2023 10:57:03 +0000 Subject: [PATCH 2/7] wsl --- flake.nix | 16 ++++++++++++--- systems/wsl/configuration.nix | 38 +++++++++++++++-------------------- users/anon.nix | 1 + 3 files changed, 30 insertions(+), 25 deletions(-) diff --git a/flake.nix b/flake.nix index 4557b6f..63ef045 100644 --- a/flake.nix +++ b/flake.nix @@ -15,7 +15,14 @@ inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, nixos-hardware, nixos-wsl, nixpkgs-unstable, agenix, home-manager }@inputs: + outputs = { self, + nixpkgs, + nixos-hardware, + nixos-wsl, + nixpkgs-unstable, + agenix, + home-manager + }@inputs: let system = "x86_64-linux"; overlay-unstable = final: prev: { @@ -41,7 +48,7 @@ ./modules/synapse.nix ./modules/nextcloud.nix - #./modules/coturn.nix + #./modules/coturn.nix ./modules/acme.nix ./modules/samba.nix @@ -70,9 +77,12 @@ ]; }; nixosConfigurations."wsl" = nixpkgs.lib.nixosSystem { - inherit system; + inherit system; specialArgs = { inherit inputs; }; modules = [ + #"${nixpkgs}/nixos/modules/profiles/minimal.nix" + ./users/anon.nix + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ./systems/wsl/configuration.nix nixos-wsl.nixosModules.default home-manager.nixosModules.home-manager diff --git a/systems/wsl/configuration.nix b/systems/wsl/configuration.nix index b3bb892..67fe07f 100644 --- a/systems/wsl/configuration.nix +++ b/systems/wsl/configuration.nix @@ -5,7 +5,7 @@ # NixOS-WSL specific options are documented on the NixOS-WSL repository: # https://github.com/nix-community/NixOS-WSL -{ config, lib, pkgs, ... } : #nixos-wsl, ... }: +{ config, lib, pkgs, inputs, ... } : #nixos-wsl, ... }: { imports = [ @@ -13,38 +13,32 @@ # ]; - wsl.enable = true; - wsl.defaultUser = "nixos"; + wsl = { + enable = true; + startMenuLaunchers = true; + wslConf = { + automount.root = "/mnt"; + interop = { enabled = false; appendWindowsPath = false;}; + }; + }; + nix.optimise.automatic = true; nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; }; nix.settings.trusted-substituters = [ "https://ai.cachix.org" ]; nix.settings.trusted-public-keys = [ "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc=" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + environment.systemPackages = with pkgs; [ - neofetch - openssh + neofetch + openssh ]; - wsl.wslConf = { - interop = { enabled = false; appendWindowsPath = false; }; - }; - networking.hostName = "wsl"; - home-manager.users.nixos = { pkgs, ... }: { - programs.bash.enable = true; - programs.git = { - enable = true; - }; - # The state version is required and should stay at the version you - # originally installed. - home.stateVersion = "23.05"; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave diff --git a/users/anon.nix b/users/anon.nix index b9f27af..ecf5c3e 100644 --- a/users/anon.nix +++ b/users/anon.nix @@ -9,6 +9,7 @@ }; useUserPackages = true; users.anon = { + programs.git.enable = true; programs.zsh = { enable = true; enableCompletion = true; From f1634d595b3877e909996a7bf81b33ea8bd29365 Mon Sep 17 00:00:00 2001 From: Kopatz <7265381+Kropatz@users.noreply.github.com> Date: Fri, 10 Nov 2023 19:06:14 +0100 Subject: [PATCH 3/7] add netdata --- flake.nix | 1 + modules/netdata.nix | 54 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 modules/netdata.nix diff --git a/flake.nix b/flake.nix index f4aeae9..68235f4 100644 --- a/flake.nix +++ b/flake.nix @@ -62,6 +62,7 @@ ./modules/cron.nix ./modules/paperless.nix ./modules/kavita.nix + ./modules/netdata.nix #./modules/dyndns.nix i think ddclient is deprecated #./modules/home-assistant.nix idk dont like this home-manager.nixosModules.home-manager diff --git a/modules/netdata.nix b/modules/netdata.nix new file mode 100644 index 0000000..ae34da7 --- /dev/null +++ b/modules/netdata.nix @@ -0,0 +1,54 @@ +{ + networking.firewall.allowedTCPPorts = [ 19999 ]; + services.netdata = { + enable = true; + configText = '' + [global] + update every = 2 + + [web] + default port = 19999 + bind to = 192.168.0.6 192.168.2.1 + allow connections from = localhost 192.168.0.* 192.168.2.* + + [db] + # number of tiers used (1 to 5, 3 being default) + storage tiers = 3 + + # Tier 0, per second data + dbengine multihost disk space MB = 256 + + # Tier 1, per minute data + dbengine tier 1 multihost disk space MB = 128 + dbengine tier 1 update every iterations = 60 + + # Tier 2, per hour data + dbengine tier 2 multihost disk space MB = 64 + dbengine tier 2 update every iterations = 60 + + [logs] + error = syslog + + [plugins] + timex = no + idlejitter = no + # netdata monitoring = yes + tc = no + # diskspace = yes + # proc = yes + # cgroups = yes + statsd = no + #enable running new plugins = yes + #check for new plugins every = 60 + slabinfo = no + nfacct = no + charts.d = no + python.d = no + go.d = no + ioping = no + perf = no + freeipmi = no + apps = yes + ''; + }; +} From 719b48e8a5fc2812c0e58252a65a72768f0c50cb Mon Sep 17 00:00:00 2001 From: Kopatz <7265381+Kropatz@users.noreply.github.com> Date: Tue, 14 Nov 2023 14:19:29 +0100 Subject: [PATCH 4/7] extract some varaibles --- flake.nix | 18 ++++----- modules/adguard.nix | 36 +++++++++-------- modules/netdata.nix | 7 +++- modules/nextcloud.nix | 38 +++++++++--------- modules/paperless.nix | 8 +++- modules/wireguard.nix | 39 ++++++++++--------- systems/server/configuration.nix | 1 + .../server/static-ip.nix | 11 ++++-- systems/server/userdata.nix | 5 +++ 9 files changed, 96 insertions(+), 67 deletions(-) rename modules/static-ip-server.nix => systems/server/static-ip.nix (68%) create mode 100644 systems/server/userdata.nix diff --git a/flake.nix b/flake.nix index 68235f4..c9eb097 100644 --- a/flake.nix +++ b/flake.nix @@ -31,11 +31,13 @@ in { nixosConfigurations.server = nixpkgs.lib.nixosSystem { inherit system; - modules = [ + modules = [ + ### User specific ### ./users/anon.nix - ./modules/static-ip-server.nix + ### System sepecific ### ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ./systems/server/configuration.nix + ### Modules ### ./modules/hdd-spindown.nix ./modules/minecraft-server.nix ./modules/motd.nix @@ -44,13 +46,9 @@ ./modules/nix-settings.nix ./modules/adguard.nix ./modules/git.nix - #./modules/vmware-guest.nix ./modules/github-runner.nix ./modules/synapse.nix - ./modules/nextcloud.nix - #./modules/coturn.nix - ./modules/acme.nix ./modules/samba.nix ./modules/backup.nix @@ -63,12 +61,14 @@ ./modules/paperless.nix ./modules/kavita.nix ./modules/netdata.nix - #./modules/dyndns.nix i think ddclient is deprecated - #./modules/home-assistant.nix idk dont like this home-manager.nixosModules.home-manager agenix.nixosModules.default ]; - specialArgs = { inherit inputs; }; + specialArgs = { + ## Custom variables (e.g. ip, interface, etc) + vars = (import ./systems/server/userdata.nix); + inherit inputs ; + }; }; nixosConfigurations."nix-laptop" = nixpkgs.lib.nixosSystem { inherit system; diff --git a/modules/adguard.nix b/modules/adguard.nix index 77c79af..f5853d4 100644 --- a/modules/adguard.nix +++ b/modules/adguard.nix @@ -1,4 +1,8 @@ - { +{ config, pkgs, inputs, vars, ... }: +let + ip = vars.ipv4; +in +{ networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ]; @@ -12,7 +16,7 @@ } ]; dns = { - bind_hosts = [ "127.0.0.1" "192.168.0.6" ]; # "192.168.2.1" ]; + bind_hosts = [ "127.0.0.1" "${ip}" ]; # "192.168.2.1" ]; port = 53; protection_enabled = true; filtering_enabled = true; @@ -26,33 +30,33 @@ rewrites = [ { "domain" = "kopatz.ddns.net"; - "answer" = "192.168.0.6"; + "answer" = ip; } { "domain" = "server.home"; - "answer" = "192.168.0.6"; + "answer" = ip; } { "domain" = "server.local"; - "answer" = "192.168.0.6"; + "answer" = ip; } - { + { "domain" = "adguard.local"; - "answer" = "192.168.0.6"; + "answer" = ip; + } + { + "domain" = "nextcloud.local"; + "answer" = ip; + } + { + "domain" = "turnserver.local"; + "answer" = "192.168.2.1"; } - { - "domain" = "nextcloud.local"; - "answer" = "192.168.0.6"; - } - { - "domain" = "turnserver.local"; - "answer" = "192.168.2.1"; - } { "domain" = "inverter.local"; "answer" = "192.168.0.9"; } - ]; + ]; }; querylog = { enabled = false; diff --git a/modules/netdata.nix b/modules/netdata.nix index ae34da7..eb363d5 100644 --- a/modules/netdata.nix +++ b/modules/netdata.nix @@ -1,3 +1,8 @@ +{ vars, ... }: +let + ip = vars.ipv4; + wireguardIp = vars.wireguardIp; +in { networking.firewall.allowedTCPPorts = [ 19999 ]; services.netdata = { @@ -8,7 +13,7 @@ [web] default port = 19999 - bind to = 192.168.0.6 192.168.2.1 + bind to = ${ip} ${wireguardIp} allow connections from = localhost 192.168.0.* 192.168.2.* [db] diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 12c9b98..39b963f 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -1,4 +1,7 @@ -{ config, pkgs, lib, inputs, ... }: +{ config, pkgs, lib, inputs, vars, ... }: +let + wireguardIp = vars.wireguardIp; +in { age.secrets.nextcloud-cert = { file = ../secrets/nextcloud-cert.age; @@ -26,15 +29,15 @@ # Setup Nextcloud virtual host to listen on ports virtualHosts = { "nextcloud.local" = { - serverAliases = [ "192.168.2.1" ]; + serverAliases = [ wireguardIp ]; ## Force HTTP redirect to HTTPS forceSSL = true; - locations."~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[s]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)".extraConfig = '' - client_max_body_size 5G; - ''; - #sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - sslCertificate = config.age.secrets.nextcloud-cert.path; - sslCertificateKey = config.age.secrets.nextcloud-key.path; + locations."~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[s]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)".extraConfig = '' + client_max_body_size 5G; + ''; + #sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + sslCertificate = config.age.secrets.nextcloud-cert.path; + sslCertificateKey = config.age.secrets.nextcloud-key.path; ## LetsEncrypt #enableACME = true; }; @@ -49,26 +52,25 @@ services.nextcloud = { enable = true; package = pkgs.nextcloud27; - https = true; + https = true; hostName = "nextcloud.local"; config.adminpassFile = config.age.secrets.nextcloud-admin.path; - config.dbtype = "pgsql"; - database.createLocally = true; - config.extraTrustedDomains = [ "192.168.2.1" ]; + config.dbtype = "pgsql"; + database.createLocally = true; + config.extraTrustedDomains = [ wireguardIp ]; home = "/mnt/250ssd/nextcloud"; - extraApps = with config.services.nextcloud.package.packages.apps; { - inherit keeweb onlyoffice calendar mail; + inherit keeweb onlyoffice calendar mail; spreed = pkgs.fetchNextcloudApp rec { url = "https://github.com/nextcloud-releases/spreed/releases/download/v17.1.1/spreed-v17.1.1.tar.gz"; sha256 = "sha256-LaUG0maatc2YtWQjff7J54vadQ2RE4X6FcW8vFefBh8="; }; }; - phpOptions = { - upload_max_filesize = "5G"; - post_max_size = "5G"; - }; + phpOptions = { + upload_max_filesize = "5G"; + post_max_size = "5G"; + }; extraAppsEnable = true; extraOptions.enabledPreviewProviders = [ "OC\\Preview\\BMP" diff --git a/modules/paperless.nix b/modules/paperless.nix index a8f7fdd..3e60830 100644 --- a/modules/paperless.nix +++ b/modules/paperless.nix @@ -1,4 +1,8 @@ -{ config, pkgs, lib, inputs, ... }: +{ config, pkgs, lib, inputs, vars, ... }: +let + ip = vars.ipv4; + wireguardIp = vars.wireguardIp; +in { networking.firewall.allowedTCPPorts = [ 28981 ]; age.secrets.paperless = { @@ -10,7 +14,7 @@ enable = true; port = 28981; passwordFile = config.age.secrets.paperless.path; - address = "192.168.2.1"; + address = wireguardIp; mediaDir = "/mnt/250ssd/paperless"; }; } diff --git a/modules/wireguard.nix b/modules/wireguard.nix index f616fd5..855525f 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -1,4 +1,7 @@ -{ config, pkgs, lib, inputs, ... }: +{ config, pkgs, lib, inputs, vars, ... }: +let + wireguardIp = vars.wireguardIp; +in { age.secrets.wireguard-private = { @@ -15,70 +18,70 @@ autostart = true; listenPort = 51820; address = [ - "192.168.2.1/24" + "${wireguardIp}/24" ]; peers = [ { allowedIPs = [ "192.168.2.2/32" ]; - persistentKeepalive = 25; + persistentKeepalive = 25; publicKey = "dUBPIEnAiHIZCMjqV0ya8qotN3UnMhlEVyGNQcR3gVI="; } { allowedIPs = [ "192.168.2.3/32" ]; - persistentKeepalive = 25; + persistentKeepalive = 25; publicKey = "Eg5ZS3zN05mJ/gct6wJlwVAHTlXpkhxFfUd7yscANV0="; } - { + { allowedIPs = [ "192.168.2.4/32" ]; - persistentKeepalive = 25; + persistentKeepalive = 25; publicKey = "8Eigfs+k2k2WPaMn+SqDmlSHdMv+I+xcBr/2qhtpGzI="; } - { + { allowedIPs = [ "192.168.2.20/32" ]; - persistentKeepalive = 25; + persistentKeepalive = 25; publicKey = "25u1RSfjsx3wb1DMeTm0pvUfUkG7zTjGaN+m0w6ZjCw="; } - { + { allowedIPs = [ "192.168.2.21/32" ]; - persistentKeepalive = 25; + persistentKeepalive = 25; publicKey = "S+8F+yxSQvjjoU44LRYqRv1YulqmOKumUtYo/YIh7X8="; } - { + { allowedIPs = [ "192.168.2.22/32" ]; - persistentKeepalive = 25; + persistentKeepalive = 25; publicKey = "/dIW7K49vB9HOghFeXvcY7wu2utQltuv6RfgCbxZwlk="; } - { + { allowedIPs = [ "192.168.2.23/32" ]; - persistentKeepalive = 25; + persistentKeepalive = 25; publicKey = "89rjQXNcyCRUCihqfqcOnctWmhiNR8snpRFF6dyHAmk="; } - { + { allowedIPs = [ "192.168.2.24/32" ]; - persistentKeepalive = 25; + persistentKeepalive = 25; publicKey = "adaWtboVz3UhpNBKFirs7slbU2+Y3GaV5yS2EoafwVU="; } - { + { allowedIPs = [ "192.168.2.5/32" ]; - persistentKeepalive = 25; + persistentKeepalive = 25; publicKey = "g5uTlA1IciXgtSbECjhVis0dajRAc53Oa7Hz6dUI+0Q="; } ]; diff --git a/systems/server/configuration.nix b/systems/server/configuration.nix index 613bb82..b892755 100644 --- a/systems/server/configuration.nix +++ b/systems/server/configuration.nix @@ -12,6 +12,7 @@ in{ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./static-ip.nix ]; # Bootloader. diff --git a/modules/static-ip-server.nix b/systems/server/static-ip.nix similarity index 68% rename from modules/static-ip-server.nix rename to systems/server/static-ip.nix index d9813fa..328f3c8 100644 --- a/modules/static-ip-server.nix +++ b/systems/server/static-ip.nix @@ -1,3 +1,8 @@ +{ config, vars, ...}: +let + ip = vars.ipv4; + interface = vars.interface; +in { networking = { defaultGateway = "192.168.0.1"; @@ -11,10 +16,10 @@ "1.1.1.1" ]; interfaces = { - "enp0s31f6" = { + ${interface} = { name = "eth0"; - ipv4.addresses = [{ - address = "192.168.0.6"; + ipv4.addresses = [{ + address = ip; prefixLength = 24; }]; }; diff --git a/systems/server/userdata.nix b/systems/server/userdata.nix new file mode 100644 index 0000000..4d87e6f --- /dev/null +++ b/systems/server/userdata.nix @@ -0,0 +1,5 @@ +{ + interface = "enp0s31f6"; + ipv4 = "192.168.0.6"; + wireguardIp = "192.168.2.1"; +} From 210d57e8daa089c249ee1eff31b460bdfef4e3ec Mon Sep 17 00:00:00 2001 From: Kopatz <7265381+Kropatz@users.noreply.github.com> Date: Tue, 14 Nov 2023 16:26:24 +0100 Subject: [PATCH 5/7] try to proxy kavita and fail --- modules/kavita.nix | 14 ++++++++++++++ modules/nginx.nix | 3 +++ 2 files changed, 17 insertions(+) diff --git a/modules/kavita.nix b/modules/kavita.nix index fa687f2..7448e33 100644 --- a/modules/kavita.nix +++ b/modules/kavita.nix @@ -14,4 +14,18 @@ dataDir = "/mnt/250ssd/kavita"; tokenKeyFile = config.age.secrets.kavita.path; }; + #todo: base url needs new kavita version + systemd.services.kavita = { + preStart = '' + umask u=rwx,g=rx,o= + cat > "/mnt/250ssd/kavita/config/appsettings.json" < Date: Tue, 14 Nov 2023 17:44:08 +0100 Subject: [PATCH 6/7] add kavita to localbackup --- modules/backup.nix | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/modules/backup.nix b/modules/backup.nix index 5f73471..e378717 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -27,6 +27,7 @@ "/mnt/250ssd/matrix-synapse/media_store/" "/mnt/250ssd/nextcloud" "/mnt/250ssd/paperless" + "/mnt/250ssd/kavita" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 10" "--keep-monthly 12" "--keep-yearly 75" ]; repository = "/mnt/2tb/restic"; @@ -36,12 +37,13 @@ passwordFile = config.age.secrets.restic-pw.path; paths = [ "/home" - "/var/backup/postgresql" - "/mnt/250ssd/matrix-synapse/media_store/" - "/mnt/250ssd/nextcloud" - "/mnt/250ssd/paperless" + "/var/backup/postgresql" + "/mnt/250ssd/matrix-synapse/media_store/" + "/mnt/250ssd/nextcloud" + "/mnt/250ssd/paperless" + "/mnt/250ssd/kavita" ]; - exclude = [ + exclude = [ "/home/**/Cache" "/home/**/.cache" "/home/**/__pycache__" @@ -60,12 +62,12 @@ passwordFile = config.age.secrets.restic-pw.path; paths = [ "/home" - "/var/backup/postgresql" - "/mnt/250ssd/matrix-synapse/media_store/" - "/mnt/250ssd/nextcloud" - "/mnt/250ssd/paperless" + "/var/backup/postgresql" + "/mnt/250ssd/matrix-synapse/media_store/" + "/mnt/250ssd/nextcloud" + "/mnt/250ssd/paperless" ]; - exclude = [ + exclude = [ "/home/**/Cache" "/home/**/.cache" "/home/**/__pycache__" @@ -81,7 +83,7 @@ }; }; remotebackup = { - exclude = [ + exclude = [ "/home/**/Cache" "/home/**/.cache" "/home/**/__pycache__" @@ -90,17 +92,17 @@ ]; initialize = true; passwordFile = config.age.secrets.restic-pw.path; - environmentFile = config.age.secrets.restic-s3.path; + environmentFile = config.age.secrets.restic-s3.path; paths = [ "/home" ]; pruneOpts = [ "--keep-daily 5" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; timerConfig = { - OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 00:00:00"; - Persistent = true; - }; + OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 00:00:00"; + Persistent = true; + }; repository = "s3:s3.us-west-002.backblazeb2.com/kop-bucket"; - }; + }; }; }; } From 743ed91af936fd74eb2ca2147ca82cf08e026a43 Mon Sep 17 00:00:00 2001 From: Kopatz <7265381+Kropatz@users.noreply.github.com> Date: Tue, 14 Nov 2023 23:36:48 +0100 Subject: [PATCH 7/7] add mangal and filips wireguard --- modules/wireguard.nix | 7 +++++++ systems/server/configuration.nix | 1 + 2 files changed, 8 insertions(+) diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 855525f..365cf33 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -84,6 +84,13 @@ in persistentKeepalive = 25; publicKey = "g5uTlA1IciXgtSbECjhVis0dajRAc53Oa7Hz6dUI+0Q="; } + { + allowedIPs = [ + "192.168.2.6/32" + ]; + persistentKeepalive = 25; + publicKey = "5ClF2HcqndpXS7nVgDn2unWFUYcKo5fbudV6xX2OIVE="; + } ]; privateKeyFile = config.age.secrets.wireguard-private.path; }; diff --git a/systems/server/configuration.nix b/systems/server/configuration.nix index b892755..523f86c 100644 --- a/systems/server/configuration.nix +++ b/systems/server/configuration.nix @@ -97,6 +97,7 @@ in{ wireguard-tools openssl unstable.e2fsprogs + mangal # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # wget ];