ctucx.git: nixfiles

ctucx' nixfiles

commit 3ac17a4b6baa3c5db680c871db233c889da7236d
parent bacb8ae9dbbe298fbae3f1495d0daee7000aa737
Author: Leah (ctucx) <leah@ctu.cx>
Date: Thu, 27 Jan 2022 12:49:51 +0100

machines/desastro: use age-secrets
3 files changed, 7 insertions(+), 34 deletions(-)
diff --git a/machines/desastro/configuration.nix b/machines/desastro/configuration.nix
@@ -4,7 +4,8 @@
   imports = [
     ./hardware-configuration.nix
     ../../configurations/common.nix
-    ./restic-server.nix
+    ../../configurations/services/prometheus-node-exporter.nix
+    ../../configurations/services/restic-server.nix
     ./syncthing.nix
   ];
 

@@ -35,11 +36,11 @@
     };
   };
 
-
+  age.secrets.wireguard-privkey.file = ../../secrets/desastro/wireguard-privkey.age;
 
   networking = {
     hostName                         = "desastro";
-    domain                           = "wolfsburg.petabyte.dev";
+    domain                           = "ctu.cx";
     useDHCP                          = false;
 	resolvconf.useLocalResolver      = lib.mkForce false;
 

@@ -50,7 +51,7 @@
 
       interfaces.wg0 = {
         listenPort             = 51820;
-        privateKeyFile         = "/root/wg0-privkey";
+        privateKeyFile         = config.age.secrets.wireguard-privkey.path;
         generatePrivateKeyFile = true;
         postSetup              = "ip link set dev wg0 mtu 1500";
 

@@ -84,6 +85,6 @@
     };
   };
 
-  system.stateVersion = "20.09"; # Did you read the comment?
+  system.stateVersion = "20.09";
   home-manager.users.leah.home.stateVersion = "20.09";
 }
diff --git a/machines/desastro/restic-server.nix b/machines/desastro/restic-server.nix
@@ -1,28 +0,0 @@
-{config, lib, pkgs, ...}:
-
-{
-  services.restic.server = {
-    enable     = true;
-    appendOnly = true;
-    extraFlags = [ "--no-auth" ];
-    dataDir    = "/var/lib/restic";
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts."restic.desastro.ctu.cx" = {
-      enableACME = true;
-      forceSSL   = true;
-      locations."/" = {
-        proxyPass   = "http://127.0.0.1:8000/";
-        extraConfig = ''
-          client_max_body_size 10G;
-          auth_basic           Auth;
-          auth_basic_user_file /var/src/secrets/restic-auth;
-        '';
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts  = [ 80 443 ];
-}
diff --git a/machines/desastro/syncthing.nix b/machines/desastro/syncthing.nix
@@ -2,7 +2,7 @@
 
 {
   imports = [
-    ../../configurations/programs/syncthing.nix
+    ../../configurations/services/syncthing.nix
   ];
 
   services = {