From 253cdf8ede72d466a296a15924a20079104a8790 Mon Sep 17 00:00:00 2001 From: jasmine Date: Tue, 15 Oct 2024 06:27:48 +0800 Subject: [PATCH 1/2] remove some unused services/refactor --- ...29661998a1ca74449720287a7d-smb-secrets.age | 8 --- ...8bf86376b696948d4139797cfc8ba-microbin.age | Bin 8473 -> 0 bytes nixos/viridian/configuration.nix | 23 +++---- .../containers/jellyseerr/default.nix | 43 -------------- nixos/viridian/containers/mealie/default.nix | 47 --------------- .../viridian/containers/microbin/default.nix | 47 --------------- .../containers/microbin/environment.age | Bin 8571 -> 0 bytes .../viridian/containers/recyclarr/default.nix | 16 ----- .../jellyfin/default.nix | 0 .../lidarr/default.nix | 0 .../prowlarr/default.nix | 0 .../qbittorrent/default.nix | 0 .../radarr/default.nix | 0 .../sonarr/default.nix | 0 nixos/viridian/services/grafana/default.nix | 56 ------------------ nixos/viridian/services/mysql/default.nix | 7 --- .../viridian/services/prometheus/default.nix | 32 ---------- 17 files changed, 8 insertions(+), 271 deletions(-) delete mode 100644 nixos/common/global/secrets/rekeyed/fuchsia/146f3229661998a1ca74449720287a7d-smb-secrets.age delete mode 100644 nixos/common/global/secrets/rekeyed/viridian/4108bf86376b696948d4139797cfc8ba-microbin.age delete mode 100644 nixos/viridian/containers/jellyseerr/default.nix delete mode 100644 nixos/viridian/containers/mealie/default.nix delete mode 100644 nixos/viridian/containers/microbin/default.nix delete mode 100644 nixos/viridian/containers/microbin/environment.age delete mode 100644 nixos/viridian/containers/recyclarr/default.nix rename nixos/viridian/{containers => multimedia}/jellyfin/default.nix (100%) rename nixos/viridian/{containers => multimedia}/lidarr/default.nix (100%) rename nixos/viridian/{containers => multimedia}/prowlarr/default.nix (100%) rename nixos/viridian/{containers => multimedia}/qbittorrent/default.nix (100%) rename nixos/viridian/{containers => multimedia}/radarr/default.nix (100%) rename nixos/viridian/{containers => multimedia}/sonarr/default.nix (100%) delete mode 100644 nixos/viridian/services/grafana/default.nix delete mode 100644 nixos/viridian/services/mysql/default.nix delete mode 100644 nixos/viridian/services/prometheus/default.nix diff --git a/nixos/common/global/secrets/rekeyed/fuchsia/146f3229661998a1ca74449720287a7d-smb-secrets.age b/nixos/common/global/secrets/rekeyed/fuchsia/146f3229661998a1ca74449720287a7d-smb-secrets.age deleted file mode 100644 index 0d75c86..0000000 --- a/nixos/common/global/secrets/rekeyed/fuchsia/146f3229661998a1ca74449720287a7d-smb-secrets.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 jVljVA ILfVChFf5s9U6CODItB/TqS1tUaAEeoLAGiNKPbDclU -MCyVqjOPexZm+is5JWG5zfbS26nJj/Z4mk6SJDufBPM --> RƥՐII9s~a{'<5|o;_*T'|ysvt(X_J.`r`"|*[ \ No newline at end of file diff --git a/nixos/common/global/secrets/rekeyed/viridian/4108bf86376b696948d4139797cfc8ba-microbin.age b/nixos/common/global/secrets/rekeyed/viridian/4108bf86376b696948d4139797cfc8ba-microbin.age deleted file mode 100644 index e9b6d06990f1a1d44c38ce4258a37b20aaaff29a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8473 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUl4#|$nPglsY^fe30 z&@VOi%yLVKN=E~?ZUg%$$X69m=p6zX7U{P*dkYVf|T$bg?rK_u}P?eVC?w?!{;_PhcZkiPml$l)_ zSeE6fZ{lX|>6KAxq3s%!TwGLX5|tFmb#bYUqSXdBDV0Obf-XnNFFJQ+@&21k zOLjcHn)zpO+fSR-P0f$xrruuD#ec16xs>-qk;8hvZU3aMG8Wi3w@WXX$=|P8s$IIJ zV@0!Ej)LTR|HI>X?` z=c}x~sB`%f-)pJ6Z=9Qob_FnM%Kq^;k=)ekv7)JjVP27C)THDCY?1T%nsh{>b!O>X za6kC5MbRU3?t#w}BaL*;0ydYvXYkb(JN5X8S$&jef9jmvrGGZ$+g(YJKjvLt-s^tQ zdiLxMmC6SrToN=6&*$t4+P2OoX0!A1ulcW+-^>cRy5ar1mFfT1ovHRc`0l3TY%GmJm{aKlGzx6Gr`wu_<{LcFR-@{9U-&%b#XKnr}Rm&?~!_IE7%w&lm z?~Bcc4?Jo1cTiQ{@%35twvQ(kOn<}jYwG#rofUGsqZsb8KT_OTH6_tG^~-bC_;~gg zX^-6O+GY2yy*1&J`InXm>q7fl=X-9^X_fnb1t>&(@3Z%RwIX_YX4tXcK8=^(v`#*4 z`*fj<*o2b(BAcgKD6;GbSvPI(a%sn)*Ba9TinlI0drL0um%7v}#mt<`e-{67zc;&g z!Mgr(+5FCrhkVwR?YZc8SXqWO-DK~-zpV9kF7KqLoMHXEXu4_nL5FzZ%vE|uxBt!7 z>q|*pAaZ?^jKh!X@eBOctlr=AX7S-$L5%Vz(*OK!TV-@5{k!EZkDczbd$$EmK79X# zR=MAP+sT(3tt)mN);7{!>ALRUS^gWxg<`|_m!ENB4L`oQ>)8M8l3v+TzCrq_BAq=t zWv*u>EAM&dAAG|)RV`#!)aUD3-40(ia>%8HJbiIt+ebb56n@hl`}zADq!ygwpZSBm zF#X%zV51cg`xi2^-{Sx9^WSgRA0FY)Lh}#4`FQQDnO#%C7Nc&a{M)l#XK^(*_$|3E zsQB%|7FP}jsb$k9J}wMn|GoS7``5VuTx z4_06Q$bIbQyk;>jJMK=~_Wba{WA<09F82RRn_r_gKiA%2`BO(lzsU?Q^S8ZuG^I=I zcS)!4+)b0RUq$8EOz`A4yQ*yzdU2hd;!>M;J146OEWBWF%;{DAjJX_d{blyGGI#Cy z|Mk4vO}4b_QWr|sDZ1Z@UF0-PeciS!-Dk@pB;W3}xajanR`8W9_u5w3g{kHT_bX=K zlah;l$Ps4AXHdkS!m;0Ly4`+-)o0h6Dm)1a_$sjErDacC$GYH-hn-8@h4cA~j5r=2 z&zbRz`N1j6Fs`tACW#XP!J7`V&U`G#rgxdu->h`I&`o!PI|-~kv+DP5U9_6vqI~jR zk86wiCPp0P>N2Xg5$EON(ll7~>w2N`?T(#YJ9iPc z*_$^E8i%*~p8c_9^^*o+xz5VA!c%@5v>UiR`W5Og-uO;Kt@8ZCUS4=-mh#32-=}{Lvj<(Dyk9c2W+xhNd&wZuC7S>tutjq08+_vVmZ!Y_HI3W3; zUd{)%nWBf)R_2TBIeR((;|)eTOZDg42_hvme|sX{K7X#LVR2^Br&ViuR)s!VDj#}I z*nFeuxjcI{*9W%S9QJ1#8c92u3Rz5iHEXi)uhSAeUSC`@K9yWMHzlU+z#ID~qOSj5 zczMNDpYrbWlGc7wXwWlcJ-|`n3Hhg|h zes$OQ{bBsUry#IUYNC7KkKBsW+iDFr-eQu>iZPkGA;chCJ0|93)7}ejjW*uy6I{#l z)koy{?4*azZ1OzC^|7l0*DLP}ea2z#snuQkQTf&8oy?yTXT`^^O+BGg@j)VdhK(&- zUrF2{`{T!!U;n-Pz}X`YCVUd$;^wrGy{41i>DjPoYv-Y8*~hD7ZD##?@KRrk*`VY? z;Hi}rjCMC7w)xEbc;0=sRm4m`&_kT>dUNuuI3AiKeI2~@jLk060>cclHU8xuBMxJD9Ud8QMc6F z-)>iN@!@cR8$x#?JpS*jO?;wK8?03<9~Ut3z3Rq~U9~MoOM?1M#P*3rdoO6eS~ zkqfSkH=hc~EMR!%{-msK^XzS>H_znQHtmY7-SpFUn7h92wDa&x;1tNe;r;ol7UL9O z5wpg$LuW7hom;J}uB*DPAe32E^oD z&U=hHtG0JOi2bP-6L|ChTgL{@ryQ}`4$TuAF7&=>ZE=~;wB+teydVtiwyBqPO_#%yLM0 znJugk%b%Uh+VVWZ{Z&NAb)Fwbnz^s9y_z?RyYR``YQ^raTKo5MU-97DP_*T({mxYf z-KyGNb1uJ9C!iiS&tD>BBjdZkv+Q?E-tv7hKKoN;=jAis{;a+>{lm1fe-raxA29oq zzd7-V_4XsWOE*X#tUUOkY)hHE#&71Td+T|Y-<#4mM`(SU;fZtCS-Mj9?Ru(w{Hpl3 zNqKwxEv`25U-Z&nbe!Sf*K?L~$GV)JGI99@&Dpr_uS(6T&zHUL?RWjzC~B~EC0q0C zS!>olR}IPgIOkQ?$#A>bW_vC3`tm+y9XOExlxx9;13DM=)=4s|Z?C$bxWl5yGEZ;LIinHqn%O!h_=Su|BI9+r z#ot^S^W%TM=G)St-Mip$Pu8|i2@f0HXP#?sQz~UsdVW>Pp6z?stZS1G-0ZEm!>Q3O zA?I$zbTH%eO9uN3>}+oLmp<3E3~O8PT5bAU@$L8S=I{8h=<|xlih;?;=Fi@6=*j;; zv1h5pUlWTA&hs{0xw81k(WKJl2S3ivIuo3*UPy**?ROFXt0u3_79MGT5tck}=AulC z1sXP?rupg9g>JSt%G!!9J9_F{u)geG=2eF$^<=AYA4{J5X~~Q2ujXV%@>kTQ9XN0J za^r1>J+GJWO>O@tAw1{8)nBfEE>3$jyUE5eS-SgsvFzK!p**P$k94yc*2PsxRE1mo zj7TuBp7&ET z;n6(4y{S=Q4|jep{xDD9Q)^m4m{B7;>bcRp<$F8O2#}Bo-o4%O(Qhn2!yZTni z7wt0K?+fNFzH<1?EaPXdzF%CnVcUEA>-XPJ`y=yUn#l43+se&lu8VzcvR8cxswtM{ z-R;fC{a$>_-=KpssXI7-SKgfRQSD7vgX$B0r8$gtZ(UVv0-iiIt%{z;vT3#VvYm^L zTwJqAI!DaNeBCAnp7w|omnY3vw`&&8@xRt{E+Ex8`o-Mi48K@&PAM>4Pe0(?67Ivb zwWsgW zosV9L+&^}FU|X6bFd?pc{)W9>n@xBwAMqY-R zpLQO)ygbyG>v^r51>^t4r@6aVBzrzhJ-DslmEW?8~@wPdWUPP2`hb)I`3(GOoKG=VoL!S|=za%DY%Z@r7X zE0n*f&d(M&V}8<)zv-A;JjsH>~{+TSRc4^Z-SYGStp%cww zrQq)Ce2{lD~l+@vb~Bt3&bax2VR)8c+WZSd@<9<)4z4dhgvHA zZTC`OnYCB=kE=X8tv>rUQ|S^x&G}PX zt}H6pW%hsC^y1DK-pbbd6A$qok5_BUDsSehR=vMat%s%hUsb^QqZfm^vXY`J_x80J z@*EAh=UbHQ%O?5F>9bPjUjFi&Vn6+AM%HOBO*eGS4(>J8u$ndhpq|j#s8wwj-aNSK z`e2&(*+s9rGRmemPRP@%)nHy-BRtoBs?vV>4zX{wzb?m%>N8re)T*87b=l2jV@0O~ zGvB7Eueq*07k#lYmZ{)YE{l)o)|#_lJ~B_Ri`{4NOnz6! zK7-+KE6*L%<|GHrIJ++=@7*!3@3Oj)wEn_D>)UJ!-tA8`Ghzi}L$5F9Gh4>eo)@{V zW!28@YtH&SuCYy$eJwxHddl|6>L*qtwDK;Nnp=0swde2O#li=gyMI(|`jdRj;r8X& z$K8Jd6W8A8IktID-)@DQ{;5*$r=D-{{_nEL@!rv1m*|_Nfpr(Orv2Og{o7KDEo&T< z-<&vk&ekXkx@t zX)%s1lWu0Nl}~1$yR19M=#!vC_ye)I+y!3GuP&t^f4-<41lR+q2i| z+JigaPQEiYZ4<5)+O+iPNj7aS`@D>=T)%}s^BFZd-Ml5Xa(Z zC+sZTXn&8l+2(Fq8tKDz> zmT)bv)e~E9Sla0)DSJ<>+V}E3)9M{>@7>f~a`XAQcIRyMk2SqDzh=&=kp0r8Zrx|M z@`Cr;F1gyBhgQ64TorxVx!99kL40yd*n`Gv8@hwv#k3n2M}&V3DK82=dsxL~?o$4X z+r&gB1~7P=btYFmcVt+jTRo-j$*#(JIZ4epSEh2OL;uRH*5&=Xy6?8&#kSD*dizDA zPNrRt%?*F~WT6oE%;)#6O!HFaR8wM>xx{tQINrT9VCz#g#`F$J<;tdGFTZ|kR}(*L z)SB-6b+2q_!wqKt_Ra#ky+L!C|I1w`pYOi>-D`n=&kNc8D_(swW#0OAOYw=*mNtnK{Lbub@G#!|;r1e@ zH(f^-T85i1SLYBEEo5yz_s1%cW7EA9f#ge-OSD1~uUDwCos`(5;R!m{+i8}&QbZZ@A8!TUbA^MpYoR%JZj6{dqvJ-r}n~Q&F@2_ZZW4V5!Oga z|Mo3pb0N!>)Ss;>bw|HG@x8n5l(X-zH?w4PgYI6bcx^ECm48vt@?$%+;$F|_o|Dl1 z?MBey9)-}5uJXdST(eB~FaN&(-1_#Tnw6GMW_C%g{Kd5^M1JX~{FnPmx3XJG_6L8+ z=50TIeP`Oz+ZP=qpHEDgDtXmt*W1V^U1tuzO67ZJ%)3tCnIS1D;r=(*)@2SajwvSw zddqsQnU$6{aZ8Y1d+MZ_$ysM7K7D5^cKc96idDmtLynC(^2kLsOv>C=7r(SQP-0zOYA*lzz`rspt}&Xi>2yjhs=eR-)m3TFyp~_7 ztDHKF-Z@skE4pzxbZUZYoza#(>skDies}-UIhbj(!%0{vrjB*N>06${ufD6icz0x$ zlab4piS9{P>)xo#{hXwoqSbOWbyAOALVh$$j#AhOMY+F)Y154VY2M}#ZO}jasKo4H z;)@kuI%f$ls&>E8R~RWC&a#Hb^z_Ze3mA`YGXz@lsV%_{@%5CgLRj2Zg=}o=C zFu@?>SC83W(;ebZly3XSmaacj(W}aOf94*IefKgr?nLdCSzWba%T9qf`Pv-I#c6kJ z6gt$6!b|@id${`Br`ffJ9Ade*GSk=1`@}9Wg)2{6|I!+}ZziXf`u*a}WYzTT(C>L` zeZ?^FpaADo&9#kpk6z2HySd2F?p*3lz6*hI(VFzc2``>ZS@D07 znbCng`(=0AZ_j)!fA|R_TePe5;q#8HpAUI1am#zUJnhx26}*qz(i}{(tpDh@XvU~rVSC{bQu$zS$%N4E3i z+JwlP8JWkL8`GWa?tS<#sW4U6OKIMp@29iwJ~`qmb)fkxlkW5EgC`k$=SjA;Y}wcJ zA+hL<_g%KX4YU6Ldq2r*mqFH~tY3lRT5C(SgThytzx{V!f!DON(*Bvl6oYGL?-ZxZ z>MFi^d#zz(>z1wWdcQr-QW2UEnVA~1diBFIr}>l*&OWm(f zOIgxmg4ML6i%R7s@0ABjToTjShCVd@IKF_i7VQfk@8w zkM;k1mn>p1Ecth;vhuusK}yo!y+v-*O0@IKAI82(n%i}`I_PZpJC|E~S1vgvuU}Zd z+ia`s_1r|&43=KU)N9{wKDjFX_1N~h&GO5mKQ9+obH0_hRN-$+%v>v%?G}-YQrbm& zl}_&h`o6`@DLj#A!4&^?&c!}uccqW<$}gl|Kb4O9l%0E9=CIE#CNJNe^^?WLZj{b{ zp8m3SXa%T0?8Wzacms=kkI9Zis=%!rz%(8#KbNz%@mY=??c1h&)$P+$&_sVa9EB3SM zA{4}n`=a)=etNIrm3Y=Ge$P1(lhZmp&$@%WO`4^;E&V>2NhsFj6~r-Jixe}DU@iRB zGwr#%;Lja*rOwAxnt5ORt*kI%X@Y=Q%d=a?mnS-^>%RUQx=*q1xRhP+eT}9Tg9MkZ zgK;|4cSbKcDU|L~y)qf~FY*MFU&J?A!kU3G`ImRyYftB+?=Ght z`^VnNTyc$i2}}Je8$~zAt-&db%jY)S%ivg-<@_p?dG55&GMhpq93}lObeep#s zueBZe{Uq|Ors-nQFk^?F*ZM5NcX$;--Hu(zy?*-7k59qRZm|C-V>{*EtaQNM@!-2D zpHHXO>O7er>MnC}PP+8jlb4@*taa}{$53FlebM=n#=Ak;M?c)ST==}Me?#J5Pp7B1 z#fo3&#TT*JMB9T#LeDrP( z`{K{sXJ+kIcxp7qSWZ*hZAr_*II%L<_rH(+I-f8pv}gOBE7QEAUH2)s7n}0U3YyJ1 zX{p=7m3Pmo?<`mz@}&ElRrwF*KhwS3!?(QNXe?P8n0i*^bk!*%Es?x@@oBtM`$Npc zWqfsdXYRPpH(63-!ddZ5_v*vp&p%!AEvVlgowIx6A&Weg%f{xbO8rkSeAMW0Sutfr z;_s_`4~pm6%UAiX(O)CIwt7>~j<5i=8Iz5l7v6HJVLgy>I!j;pVe)3lB_V&$sZ4v# zR&`O*+1OowAB*9;y2Q@%=4O*L^DUPy z`>n2DP#rI5s=Z2h?>WZue-TSlJ!?`wRG(rnn7Pn3Tj=inLiH-sS^ETRD;wrMc$K@3 zbKTc}QMNxj6`ltj4wzVUr&BPka7NLodDoMsYFTKm@n06DIwK~1?zRa5=jJ}RSeZKi z2AiFU z>x63kUR3^doEFTqp~1sR*?7YTS!1`THyt_2lOM{Zlq;;;y5LuxlE6Z)i&}+m>h^p%Ktq&t>%PP&Hsb94=A~97yGWXg}3vL1f!yY>bkD}z0c>nUVrXA&!JbCS6?^n z^QDK=KLqw>TbACe_|fv-&N*iO>O~7K=!N?KQJa3j>(=piX)3-(LEclU3GCYlWFbdZHBs+G#2cC()0dS+28NSE^)O^jOW$6{cFn=pZ12S zJEojEV_1JQ=c~kpk0mBNS6?@{GCn>Ua_E6kiN;E+6#nzQ{u8cNafVqxOzutUn%2>o iK5fmDzh3{&=Tw}Yw{8g&|NomIVQ%5Lase diff --git a/nixos/viridian/configuration.nix b/nixos/viridian/configuration.nix index 44a9a41..bb3286c 100644 --- a/nixos/viridian/configuration.nix +++ b/nixos/viridian/configuration.nix @@ -6,32 +6,25 @@ # Our user configuration and optional user units ../common/users/sajenim - # Containers - ./containers/jellyfin - ./containers/jellyseerr - ./containers/lidarr - ./containers/mealie - ./containers/microbin - ./containers/prowlarr - ./containers/qbittorrent - ./containers/radarr - ./containers/recyclarr - ./containers/sonarr - # Services ./services/borgbackup ./services/crowdsec ./services/forgejo - ./services/grafana ./services/immich ./services/lighttpd ./services/minecraft ./services/mpd - ./services/mysql ./services/paperless-ngx - ./services/prometheus ./services/traefik + # Multimedia + ./multimedia/jellyfin + ./multimedia/lidarr + ./multimedia/prowlarr + ./multimedia/qbittorrent + ./multimedia/radarr + ./multimedia/sonarr + # Setup our hardware ./hardware-configuration.nix ]; diff --git a/nixos/viridian/containers/jellyseerr/default.nix b/nixos/viridian/containers/jellyseerr/default.nix deleted file mode 100644 index 47bb4c5..0000000 --- a/nixos/viridian/containers/jellyseerr/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{...}: let - port = "5055"; -in { - virtualisation.oci-containers.containers = { - # Request management - jellyseerr = { - autoStart = true; - image = "ghcr.io/hotio/jellyseerr:release-1.9.2"; - ports = [ - "${port}:5055/tcp" # WebUI - ]; - volumes = [ - "/srv/containers/jellyseerr:/config" - ]; - environment = { - PUID = "1000"; - PGID = "100"; - }; - extraOptions = [ - "--network=media-stack" - ]; - }; - }; - - services.traefik.dynamicConfigOptions.http.routers = { - jellyseerr = { - rule = "Host(`jellyseerr.kanto.dev`)"; - entryPoints = [ - "websecure" - ]; - middlewares = [ - "internal" - ]; - service = "jellyseerr"; - }; - }; - - services.traefik.dynamicConfigOptions.http.services = { - jellyseerr.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} - ]; - }; -} diff --git a/nixos/viridian/containers/mealie/default.nix b/nixos/viridian/containers/mealie/default.nix deleted file mode 100644 index 42a6f7c..0000000 --- a/nixos/viridian/containers/mealie/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{...}: let - port = "9925"; -in { - virtualisation.oci-containers.containers = { - mealie = { - autoStart = true; - image = "ghcr.io/mealie-recipes/mealie:v1.11.0"; - ports = [ - "${port}:9000" - ]; - volumes = [ - "/srv/containers/mealie:/app/data/" - ]; - environment = { - ALLOW_SIGNUP = "false"; - PUID = "1000"; - PGID = "100"; - TZ = "Australia/Perth"; - MAX_WORKERS = "1"; - WEB_CONCURRENCY = "1"; - BASE_URL = "https://mealie.kanto.dev"; - SECURITY_MAX_LOGIN_ATTEMPTS = "3"; - SECRURITY_USER_LOCKOUT_TIME = "72"; - }; - }; - }; - - services.traefik.dynamicConfigOptions.http.routers = { - mealie = { - rule = "Host(`mealie.kanto.dev`)"; - entryPoints = [ - "websecure" - ]; - middlewares = [ - "crowdsec" - "geoblock" - ]; - service = "mealie"; - }; - }; - - services.traefik.dynamicConfigOptions.http.services = { - mealie.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} - ]; - }; -} diff --git a/nixos/viridian/containers/microbin/default.nix b/nixos/viridian/containers/microbin/default.nix deleted file mode 100644 index 248a623..0000000 --- a/nixos/viridian/containers/microbin/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{config, ...}: let - port = "8181"; -in { - age.secrets.microbin = { - # Environment variables for microbin - rekeyFile = ./environment.age; - owner = "sajenim"; - group = "users"; - }; - - virtualisation.oci-containers.containers = { - # Self-hosted, open-source pastbin - microbin = { - autoStart = true; - image = "danielszabo99/microbin:2.0.4"; - ports = [ - "${port}:8080/tcp" # WebUI - ]; - volumes = [ - # Container data - "/srv/containers/microbin:/app/microbin_data:rw" - ]; - environmentFiles = [ - config.age.secrets.microbin.path - ]; - }; - }; - - services.traefik.dynamicConfigOptions.http.routers = { - microbin = { - rule = "Host(`bin.kanto.dev`)"; - entryPoints = [ - "websecure" - ]; - middlewares = [ - "internal" - ]; - service = "microbin"; - }; - }; - - services.traefik.dynamicConfigOptions.http.services = { - microbin.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} - ]; - }; -} diff --git a/nixos/viridian/containers/microbin/environment.age b/nixos/viridian/containers/microbin/environment.age deleted file mode 100644 index 160a5cda76cf8081b6072be12218cd4f0c128341..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8571 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14$Sl(>Ffuh$$Vds!b1zqLEJ{iW%=dE- zN-Gb{ao5iZ%Zf_0G$?a&3$~2#cBv@vj?6dH_sj7~(>5&U@^ke_bFK>VNX^N}%=9e^ z$Sl`))OSix3HQq^H!%-%i%K$1FEc3)E6X$h*_9cqSX7r~rkh@rnpm8wP*+)=VXha= zZ&4IdVBuomR%Dn|l9iI@UE-CV>{aDjlva`I z=9KGYUYKNT;OLrV$>m<28B`SM<5KLJT3%Y7You-LlN^wiRA^#Qm9Cvq8EhKlVP2e+ z9#&XhU{UCrT$Jx)8RAszm|2k?62+yftE*5LYFy^;nD6A}=TTIW7-f-B;8GM=5a=El zQQ+d2?wFTcY3>p1VdiP#kvG|d1nQWfW`&Fx3 zUb-3-#NJWm_Pupoqx;X1sIM7w&c1oEz3$DwYZ{i3mOdSGk0)lxUvzr(QovICcvQRo zq=o>e_uI0p#Ja5CtLsa zK3Kk)V_oUD4xOxEo%9Wx)~%GQNIJPCTJgmXE%kEUjen$guQn~(`S}gY@AoXfF3TG@ z)XWeQQFhz9ZQbNmc`k2S3-!#Ro%YW^_C$2vF3Y0X%A2MtKi9k<82zVfx#I52^SMK^ z-Pe6MlCbCK)T#Frjh%Mb7UVC%^CCV7Eb_Gcu_4UgfmJji#G_d?;4-j}MWI z4H5UxZ98D`XU3}U_CHqU{M;zc`X|`Prr@$rvz_v>d?|xHiW6GiNmX+2?0(hosQAEE zFN<}Lu01?E`BZnD_W~h~A7)RNC}d_Y+A+^VU~RkK{uQ4j%~l<4*nMc_f!s3Hp4!!` z&T=mLJR@!Clx@|OTMgc3eiHt;`NOLG4M$Qmc-v%db)481tB~8iKS8;4>D}hE&}j^; zdM`{TzHp5C&b?CPs!ss3>r9!DO;bEa3YDYcZ-88-Oy;jYrC-n3D(4s{@uD`d4Pg(o;O5Jh|ze(|z|N3$4S9p~( zXQJJUpdEqR-RdLu8Sk`fa^m4l`6KjIzjo$lb%s~}-Y>B26@8p>q_*o%;L(m-NxX6K z^3sKtEQQYh!sn~Xyjah^@$|bbMR(pMOuuQH_55TqR_^fnb+(rw+3x1{ zMH=s{JlcONG%{sMW?GG*VuN0lRa<%uCV=|0JvovJG zUPP!Km6+VA*IZ+HwX5IKV)@FX!+Y~W)dCNHxO42y-}V5D2DjSI-5sYM@0ynR$^Y`s zke+~&Y03_HYxrMpspp?^ecP0Um$zzq8hBkgS9QJU{E9fkn*ExGFX@>dJ<8Q*G3ldH zkNf*~*PfqK>Ro!IJiTx|$Fro*ErrwabAP@IV5)E16xZ+j@8|J!`LzGBdv=7GA31K+ zoE@`2p5;l@$$aqzua10>*(_0N6tw3@lD5EMNjSYpEh}Oc!y8)yqjm$ z#W$aAF;jnF;FE2!@#Vd#y=x+b>Q=bl`Tv&Xx?;z!--|N$t0|q`mBf2s>P4+beJdXB zY&^8aZ@NT5%$u6T?pSUR;%^BDNfm1qj~GC^M6I-5AG;4`0#*J_vEKZ^H;@|PBeYCznyum)~V(C zg4xnGq6>aIO`BQVeWorbe(rAT*9|S~%TBF6pWLI{5*!|v%>PKeaK*Y6`g@wY4Cm~N z2{5nFTPx|L#k40seR1_|r}&REBF+eEr@txV(D4?2ZFxG>Q=LQd_~YN(Gcx~3eyv}q zaX{tg!mwrsaHgRq>pzdRzG& zpHbKRR-0db9u?0ww|!MfkMHXHa&wFLva{CT_>QUOUZ{>Tu)X_B*Dt+huF-Rwms(R!z~mwfO_{Oevwu0`F$N;O_Wwuf$4|XL-&4 zo#iiVmq&i?{q!*+bo;HP?=9+Q*)3XquC2q%xh%TRZ5Mk*_|v$@n-tx4Z8%xIXnUFM zBBgZBdTqaz5_29iUA$;%zW98?${Syo-w~YO#D0=hAvk->X*YrG$I>TTFV#%kjk@_A53QPKST=Jo-G#;g3V(uV-B=9oEWB3lcX@QDR?G zc_919rSEq6O)|~P50o8zIkoZqBts#wX>#S}jBA+l&OG?7z2L~-n`;tZ|Gm8OO4xE0 zhUUfz){)(@o;Rodm>%{?<=sxj8Aq2NPgk)n+{u_#>Rs{q>%%XL3T8Gs7tGJNcz%hr z)zUvM4{Q0>Pc>sXUN*N_Pj-^x)@wn{cjvsnp6k1c?a0+HI#XBMzdBZUxjsnzrgPhh zT~^n)n~SQ?Pw{9nF^>5tH+j*Q?gK@=+^;{c`KiT_^o+4hVCHSP-@Zqv^mFRb@|?F z9;f^Ot$Sy#tevXb?z*YTE$!gWEo-hD-&CpmTeRBCHu~j*J7?Z<=f~w zDOSX@qExr_73=AWJ-R*4mx{N1Td;V7jl8;D?!-`G=940F%fAcQ$P3u5uf4M^Vf*EZ zB}xYKdv~keljb?rI_3Sf&1P?M&)O}^Ypwcpj<3IX^Ou2^;*N&X zR##T~OZ#R1;?_-Th}Hh9wck_a+=MxMgCE$7AJ8qFt0)!nRIAlx?T_LQCsq_5so&Ja zaywtM<_DutM3{K?n~QV#S|@M!YhGa6r?24mJg=|fw;_M?rZ)H3PR9QNTaL1nXDJob z$t=GZw%=$|{Ix|*sXr(0pP2F1_E=5&e1$*k%o0rcNt!=JXYFpj_xH)Ao5@*9q4K-R zgB@GG9kS>%R94)@!+kVd*U;v)#A}B*sT95Wk63O@P5Is-enqGvVDc2z=ia|IguUVo zICW>~&pPu9Mgmv8?(KNT&iy{g_ETp`u&B@}#`zYG3hS1ED3PSf=teEfCOta2ui7T`dsdD8y;n#z@i z4PTfiPFaxRuW9;vX8Cc0FHN(SY+evBXX!dQ>j_%=*H-u+yd%XDkl}yvT}k>ru|K|i z^7kxN!(aNm&9LL``!S)w^Ww6L*3RjEX-(OrHCdtieHpxfe?zg+!^gE*~9lqTxIv*vzuXf&oV~MV}g$@|@ z&xyVNe{J^s$A=`kqaV&_i8yriXzds2jD=^jM4T_&lG^%2zCQeHU8sfnj_k$0MW&S| zLCuo-rkowc3Bs}3c7_7FT(5dFHTq1?*H2Iii+sK0-v1`Y8T%)OGZ_&jPFKss-(BVyWJo={Z?hl8KH4knduGqg*`Oy-? zu*|mslX@OD?rL|~Y{1i7U9-@gVYcb#;=_)=yq+&geJXrQ&1jX|?sF{X zaC*b_6=`kChbB)7e6{Y<0~^;%;?E!G9bCUOYR|?_%h&wP_u^RLVzz8o ziS(|Xf40+|nt4Lk`zcDq-8HmJ`WEdGSo-cvj!e4n>`>u&t-JkSdcuNUrCH2;)b#J8 zowtx<^NFHq9$sIHO;K@ur{}HE{Db)^{>9&(?4%`CB0<2*z?{sN0%GC&@aB3_+w{RgKN{O%Z#7r ztem4bxkoILxqkNdd3Hs2?2OdcA53HU)YbdzF83et=v5hq*Q<&0vh9_=_w}*yqt0)y z{vIF; zh$&ie3_qEFtCnnJa#^ml^1M*V>=UmJR&Kq$ zNjI-kLUf8%{)>#8Ul!h0sawdu!ui(OAN$@j99rNcv%2il)jXTk^=dqe&MQ1TH0OQR z>Zu9WjH-7nY*IV8$)Voz+9rlOyKQEcE`K~-E8~WvFZ1fJt6pW-7fevy6q~v3@8)`k z2OhU#YV1DGT3#U6{eeMAwE9Zy?RCN(c9#ABeO66xX<8AN<9Tlr=b_!P%75pVv&?*- z-Sf4!o54c6?bDIxQWvj_xm(yr2L)CCNfvedp3(eWSI0HE_|&oY{0_V`ovjiYb{zNl zeBv&9$IE*SY-@hC>VLo5RIpjo#e4M>=}CLP#tN0!JUGd{cIm^if1W#B?3Ckj5Zo79Y)pns!RPR#Qlscc<(qZeUYYMj^@*QW)C+le|!GY&iL2d zeovj}Zl5k5dr0%g%!k=w9SP^&=qwAZtqFL#{j}r9_;WKQ7FK=q@LZy-fA!2>lW$pn z6Z(z69=D9SDjm11;_1{PrT&8ak}0JLYd&8poy))Zec{?)-K`f3JzNqxSJ(aWJ*?N- zyjs?HsrN4dKan7@FPlwf2=dz8QQ$AR_DJ$4XKt^L@S)&U0)l&-Ew%`G$cD-8?rd52{eb%8`9lMBipHlQ*de1F-&@??#$4g1&>e6c`X0KcH zfIq9x?wskDTRS(ruei1Ueu#eaBc|NFH(LKmD)+3bIi9lT!;%2Se!2Z`xpsFpUYvLB zqn*3gjyns_?3oj^a&k%U&!~#s2jySieep9VR=G%`tmo_cD`CrarhnP^QYJ^Y`J1eu z!it#6DXkZ^UEbAP(0i<^9DO(Dt9EvpLa~+e)*;BLA!Wi_O{AFwi+>NsQERU7RL$J+PwK9f zaXU|o>91#34!tn{ne{p6i2fNHqYt(RSohc`e&<^M(C`$4{>$T6U1#b=2mZ`H`ao7Y z;;e_$qmC1I7N7O=k2r0ZZ0+&o^CR`&lJ4@B`LFw~N7S5+?2FmNes*Sh4A0L4@}K@+ zV0tuZ<^)5NOZAn-&hbVQ1fL7Ei2VAoeXstaGj(g&#eF8-5<68leYLZ4%HQp=5iMQI z^|+pD%{p7Ya!-52FR@R72Rv4+mb_J4xo>i)LePb&Y9a?3y3Ul`(ZBA0=RkRuX#R5_ zuLWPT^otfM^yfMM%ec4s-F4ruL0i83WvF@{b!bUe=-p+N2QLW5EZjajVdk`d51*a8 z({gF$**c%|`we)kmRicUZFqX_Qj%|ULWTU!ITuuK^&NUs_M&8dyvo}2pSME=?bk|9 zdwYV}(ca1F^5oU0cVAH#`KN4NGErpNjn9p5JcKu0J$57X@sXm*O7E_FKkshlJ3D(u zLe`D=&t5V9P6eB{Zd%e1pz)e>*XtW^_jo8(GM#8l?m5Njw`G#?+?H19(B0WD8ScNo zpitLSwlUBxp5<#c!z_7|3953uHzK)%bHZ(Qv#3};a(*r$Rb=nw`*J~-rtzds+i2;jEOW)+r^nJ73v_ zmdSpZw@E&48eBr?x;!-_v%3ZItyaa?SBu_=7@<+6qkWe+a?UES2B`Tj@O z_n)iSoK{AI2y{QWe*>fw;UU*WoY}5kw68M>zHa`X$QJ3}_uKDkoloG!WxIGTUTOaE!R=9@?}GC)F8unh)y|V& zRTyb<_v818|Er>pU!S|UL`bLcdU~Ks3BzK8S4uC|n6<^f5MA4%+p$Pxr|_FcT(iHN zowkLi>s|T&9f>g?_C4RLrqudCC}6SkN_mk@7fuEH7#SRJjD8t*?cuv+h0aZ^A3|fI zl6%s5?^_Q~GyU;4x*8=QZ4_(IxRMX62senkr_B-X#&lVZF7 zcKPGnrziU)ga2{8eEUjxx{YpjQ;5ec-5o*ha?#m;jbwqe-8kg;*aVY4|Y%UKTvt(-Oc z`h(O>PbNv`y{$aoyo!I8|3}$aOS$QMsgq}-O;_ z@*lY4ZvQqY`)&H2eUA@RNZ%Fnzp|Cx>Nit&z|j};j89CIPUYKpuiS#s;m9tHj=r}q z&n&IIb9&^P)9+DO@PT~W>b^7eAW+NFoM4XVvK?QWgPYfyUk!i#0ZzWMQKm)RLHl{Zqqzx2E@Z_-JFSIqnu_r6?y za^apuj?wS!4=h-7{=-hqjzU)z^M{iAPUm^d-M!}RS2=Md&K=%XVvn!R6g3YDnzX31 zIA<2$by*Y3-TGO-2^Zx+uET+zJSFy-ini`jR5QvJKHK7RSk zV&C}_)vO`6=Nc8Akh#a)Xz%{r|1pD?j869Sb8B*#JYox2&o?aDbLD?h%G^A*3eOil z*Ax?`nnbb6vAw%FmG#?w9*vd%yFW}n<)rvw^Av;YucoqjS>-Rjb}XxYa`4s%foINa zu%2`B`<$}^>rUA{@K`%f;?0!w-yarQZYD?g#f2n>b@#goPBt;{!QDt=#H&m%cc@_{Y(Nws5<+r#4(# zf3mmkS@ZUr{5sjT-KNvVLo)z`4{K(m-yRY+}e?`QQ5sVrsMUpV)LemF*C1P-hMapRfg4F2BV9@yH2?@9#G6obKPUnu%|TYM8w91 zP50~d=F6V3*&v-&woO}4cIC+~hWR`F{=Jzn^?b1>U&x6rE-TXntt4r`w0NsyS+&R1 z*S)mLJowZ3-kmI-`3c4wTPk>ruOGRcCQ-yB{>X}NiD2a2guEjgOQO9@<9xqfw4E*8 zoOPje@eQ|Y4VE4APBm{dP>DaZ>3+On)k&6JIyOzYxtR-&wF&pyII9`mpWeEvaY>K3 z+=1PP${SS8bJ%lJkH?EYKKDe%Y^!>9@}X|~Rkp{yWRuxzGtTV$&amf=*D8%8=?iZ# zCd)D&;;yd$*&XbzHu04^pEKjyO@A&`?%8JEdpH8=Vg=m$0ko2BAJv1`@_3h0!zcK$8(%Y1BdZj1l#(z)OYU@Zf>~`hTyjGgF zVfAgcZ~y1i@pk0uq&@yI+h56wZBoYz{q_~_Zfq2mS@(|ZP1J;WrR>*~1z5dX&dlcA zeRVaj5$EPD7By=Rm%G|%Is;|Eu@kmyY_^@q-Rg%|JMcAObvL@BOc2$HGaQ+`|gd~Yg+GI(FmCAx?!bLNc8bv zi{DL+$hSV2==hc0s=sB0!)d3!iAEjf%H_GC1q&vvHCg`A;Gs%)O2w_%!_qnV;i}K0 z67IV*?>6O|dPUVQC-t_?;*Rgt$&y+QGiUwI4A{lOxwbX3I_2#KTgKbV8FQwdIQjXi z(dz{j5BG%cmgeYO75D0_Q~7OYCwciB`x>us``Lc!^idFh)>dnIDq=-@-P;BhpQ=gg z-W_$mpORnYE;#kqS@yK7%EdcXJ>@QS1_?#lEcPb}2a zYw?r%ez6`)o(lEJtvn+Um3yqbZua`X|B)}x+4C$5>bn;a z(YlM}0|!^h;kOQQtIla;J+9hS+;n>SeRq$!A-}#qt`nG4wywXzKf&#qW56ssjur)0 z59ddr>d%i}Jh83cnOw+zwPfX*D&9vdDXuS%&bjThw`lrYrV}&cMBJ7dB=D?X_)m5|$J|rN zCS3~oE9a{#$2MiL^+t9bxgnLC)$41Y^80 zI={?zYS^oeW=24cFYa!L)DA zIE&;S(dVbF?(;fMlNuh6+W>(H#$N9AGdW&70pSJW*2L5H-$vvCT2u*(Xf9~q^rujj8 z_pRZ&>#~V!#&v_v+k9FY)ix73lCCjy{6BjyeCm@_t4RUYKX>^jeAxU>&-?f~*=66p zwx{uIyjh-O=f(FrCg6aI$J{rryC2-P3Gh2(=D%*&GR`vlq6xQxm-lQmk5PE=Pwd%- zW9haT_cja9-1uVEXF-=3!{BAr|5w}h?<};R>QLIWDLbb)yC>^;wX9K5;PhK(>#7!8 z_$a+zY{_IIe?j=fjFp;f79XCM99UQO{C%2ySTGoH>o?rNv@_g!+f|}^~?>Z%irdc11V0c^jS!~JY zWj~op<{ejhzFA{SM%C2`s}3Bhxfw9YW}W%;43*{ERdeM}+?mGv@uuFhJwF3a&SReZ iM)9<4@b>B5)`hki8~asWoLct5yL8!!WXG<$872S@9iRXJ diff --git a/nixos/viridian/containers/recyclarr/default.nix b/nixos/viridian/containers/recyclarr/default.nix deleted file mode 100644 index cd7aa60..0000000 --- a/nixos/viridian/containers/recyclarr/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{...}: { - virtualisation.oci-containers.containers = { - # Automatically synchronize recommended settings from the TRaSH guides to your Sonarr/Radarr instances - recyclarr = { - autoStart = true; - image = "ghcr.io/recyclarr/recyclarr:6.0.2"; - volumes = [ - "/srv/containers/recyclarr:/config" - ]; - extraOptions = [ - "--network=media-stack" - ]; - user = "1000:100"; - }; - }; -} diff --git a/nixos/viridian/containers/jellyfin/default.nix b/nixos/viridian/multimedia/jellyfin/default.nix similarity index 100% rename from nixos/viridian/containers/jellyfin/default.nix rename to nixos/viridian/multimedia/jellyfin/default.nix diff --git a/nixos/viridian/containers/lidarr/default.nix b/nixos/viridian/multimedia/lidarr/default.nix similarity index 100% rename from nixos/viridian/containers/lidarr/default.nix rename to nixos/viridian/multimedia/lidarr/default.nix diff --git a/nixos/viridian/containers/prowlarr/default.nix b/nixos/viridian/multimedia/prowlarr/default.nix similarity index 100% rename from nixos/viridian/containers/prowlarr/default.nix rename to nixos/viridian/multimedia/prowlarr/default.nix diff --git a/nixos/viridian/containers/qbittorrent/default.nix b/nixos/viridian/multimedia/qbittorrent/default.nix similarity index 100% rename from nixos/viridian/containers/qbittorrent/default.nix rename to nixos/viridian/multimedia/qbittorrent/default.nix diff --git a/nixos/viridian/containers/radarr/default.nix b/nixos/viridian/multimedia/radarr/default.nix similarity index 100% rename from nixos/viridian/containers/radarr/default.nix rename to nixos/viridian/multimedia/radarr/default.nix diff --git a/nixos/viridian/containers/sonarr/default.nix b/nixos/viridian/multimedia/sonarr/default.nix similarity index 100% rename from nixos/viridian/containers/sonarr/default.nix rename to nixos/viridian/multimedia/sonarr/default.nix diff --git a/nixos/viridian/services/grafana/default.nix b/nixos/viridian/services/grafana/default.nix deleted file mode 100644 index e457450..0000000 --- a/nixos/viridian/services/grafana/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{config, ...}: { - # Setup grafana our grafana instance. - services.grafana = { - enable = true; - dataDir = "/srv/services/grafana"; - settings = { - server = { - http_addr = "127.0.0.1"; - http_port = 3400; - domain = "kanto.dev"; - root_url = "https://kanto.dev/grafana/"; - serve_from_sub_path = true; - }; - database = { - type = "mysql"; - name = "grafana"; - user = "grafana"; - host = "/var/run/mysqld/mysqld.sock"; - }; - }; - }; - - # Setup our database for grafana. - services.mysql = { - ensureUsers = [ - { - name = "grafana"; - ensurePermissions = { - "grafana.*" = "ALL PRIVILEGES"; - }; - } - ]; - ensureDatabases = ["grafana"]; - }; - - # Setup our traefik router. - services.traefik.dynamicConfigOptions.http.routers = { - grafana = { - rule = "Host(`kanto.dev`)"; - entryPoints = [ - "websecure" - ]; - middlewares = [ - "internal" - ]; - service = "grafana"; - }; - }; - - # Setup our traefik service. - services.traefik.dynamicConfigOptions.http.services = { - grafana.loadBalancer.servers = [ - {url = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";} - ]; - }; -} diff --git a/nixos/viridian/services/mysql/default.nix b/nixos/viridian/services/mysql/default.nix deleted file mode 100644 index 3ca4267..0000000 --- a/nixos/viridian/services/mysql/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{pkgs, ...}: { - services.mysql = { - enable = true; - package = pkgs.mariadb; - dataDir = "/srv/services/mysql"; - }; -} diff --git a/nixos/viridian/services/prometheus/default.nix b/nixos/viridian/services/prometheus/default.nix deleted file mode 100644 index 38a67aa..0000000 --- a/nixos/viridian/services/prometheus/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{config, ...}: { - services.prometheus = { - enable = true; - port = 9001; # Port to listen on. - - # Valid in all configuration contexts, defaults for other configuration sections. - globalConfig = { - scrape_interval = "15s"; - }; - - # Collect specific metrics, format them, and expose them through HTTP endpoints for prometheus to scrape. - exporters = { - node = { - enable = true; - enabledCollectors = ["systemd" "processes"]; - port = 9100; - }; - }; - - # Specify a set of targets and parameters describing how to scrape them. - scrapeConfigs = [ - { - job_name = "node"; - static_configs = [ - { - targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"]; - } - ]; - } - ]; - }; -} From 2e7fefa7b9de8c98e31b7168a517d47d13ebd814 Mon Sep 17 00:00:00 2001 From: jasmine Date: Tue, 15 Oct 2024 06:46:10 +0800 Subject: [PATCH 2/2] migrate backups to borgbase --- ...5ad1a114007e5c55aa2871fe105-borgbackup.age | 8 +++ nixos/viridian/hardware-configuration.nix | 10 +--- .../viridian/services/borgbackup/default.nix | 56 +++++++++--------- .../services/borgbackup/passphrase.age | Bin 0 -> 366 bytes 4 files changed, 37 insertions(+), 37 deletions(-) create mode 100644 nixos/common/global/secrets/rekeyed/viridian/baf095ad1a114007e5c55aa2871fe105-borgbackup.age create mode 100644 nixos/viridian/services/borgbackup/passphrase.age diff --git a/nixos/common/global/secrets/rekeyed/viridian/baf095ad1a114007e5c55aa2871fe105-borgbackup.age b/nixos/common/global/secrets/rekeyed/viridian/baf095ad1a114007e5c55aa2871fe105-borgbackup.age new file mode 100644 index 0000000..96cec22 --- /dev/null +++ b/nixos/common/global/secrets/rekeyed/viridian/baf095ad1a114007e5c55aa2871fe105-borgbackup.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 KTkZog 5sg/hpf/62ScHhTff9oK26rKUHOOIOkaEvz6azRbIFs +8YDQXQULAwfzazasdUqr+DhBMm0p4957vywLCmbsPOQ +-> ^)fem:-grease ,C tq3PQ#" +Dp5AeElkIQ9RTy0qPV91kur2jWvk2uJTgSRqk1gwoM8vUJM/BbpdqsimUCI0PFxG +Dd507GmCEWDrmovhpAIBS1lAqlY +--- +Xft4rCt53z0qwZsydGBaUanbAxv06yRHgJeDw6yUAI +$KǂK@j]lfNV* jmCm"ށDnTwܟ[ \ No newline at end of file diff --git a/nixos/viridian/hardware-configuration.nix b/nixos/viridian/hardware-configuration.nix index 8f59566..e30e398 100644 --- a/nixos/viridian/hardware-configuration.nix +++ b/nixos/viridian/hardware-configuration.nix @@ -3,9 +3,7 @@ lib, pkgs, ... -}: let - hostname = config.networking.hostName; -in { +}: { imports = [ # Our ephemeral system. Wipe root on reboot. ../common/optional/ephemeral-btrfs.nix @@ -71,12 +69,6 @@ in { options = ["subvol=services" "compress=zstd"]; }; - fileSystems."/srv/backup" = { - device = "/dev/disk/by-label/data"; - fsType = "btrfs"; - options = ["subvol=backup" "compress=zstd"]; - }; - fileSystems."/srv/shares" = { device = "/dev/disk/by-label/data"; fsType = "btrfs"; diff --git a/nixos/viridian/services/borgbackup/default.nix b/nixos/viridian/services/borgbackup/default.nix index d2a226f..142feae 100644 --- a/nixos/viridian/services/borgbackup/default.nix +++ b/nixos/viridian/services/borgbackup/default.nix @@ -1,33 +1,33 @@ -{...}: { - services.borgbackup.jobs = { - containers = { - paths = [ - "/srv/containers" - ]; - encryption.mode = "none"; - repo = "/srv/backup/containers"; - compression = "auto,zstd"; - startAt = "daily"; - }; +{config, ...}: { + age.secrets.borgbackup = { + rekeyFile = ./passphrase.age; + }; - services = { - paths = [ - "/srv/services" - ]; - encryption.mode = "none"; - repo = "/srv/backup/services"; - compression = "auto,zstd"; - startAt = "daily"; - }; + services.borgbackup.jobs."borgbase" = { + paths = [ + # Shares + "/srv/shares/sajenim" + # Services + "/srv/services/forgejo" + "/srv/services/immich" + "/srv/services/minecraft" + "/srv/services/paperless-ngx" + # Containers + "/srv/containers/jellyfin" + "/srv/containers/lidarr" + "/srv/containers/prowlarr" + "/srv/containers/qbittorrent" + "/srv/containers/radarr" + "/srv/containers/sonarr" + ]; - shares = { - paths = [ - "/srv/shares" - ]; - encryption.mode = "none"; - repo = "/srv/backup/shares"; - compression = "auto,zstd"; - startAt = "daily"; + repo = "o93k24r6@o93k24r6.repo.borgbase.com:repo"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.age.secrets.traefik.path}"; }; + environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key"; + compression = "auto,lzma"; + startAt = "daily"; }; } diff --git a/nixos/viridian/services/borgbackup/passphrase.age b/nixos/viridian/services/borgbackup/passphrase.age new file mode 100644 index 0000000000000000000000000000000000000000..91f3acb2ea1d168fe37c8abc955bdc4d3dc51fc0 GIT binary patch literal 366 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14$Sl(>Ffuh$$Vds!b1zqL%!%;P&T&jJ zGV}LIbv6pb_z6bDe!Xy*`?}VqhaY_r>>h`l$uza%9W927Ve#! zWRjC^5@zICl~b5+5a#EXXyE4^5?W}OnHO1R!KJIKtKeN==4F`}T50H#8D?tWkrtSk z7M4?`on)Em=%lS}uI=Gvny+1ATMn*; z=N?_ENxJaz!>xZG=PX(^SLL3%{IsdXwOk@!J}vubDB&yexwdmsl{kA%^VSDh&)Ckn Oyx}j~`})>9>AL{U7K-8k literal 0 HcmV?d00001