commit 882874336bb8c8402bc0f7e72ab39583a71ee7de
parent ed9534a4a78d8c7901205c4a8fe5b950cc07ec05
Author: Leah (ctucx) <git@ctu.cx>
Date: Tue, 19 Dec 2023 16:42:36 +0100
parent ed9534a4a78d8c7901205c4a8fe5b950cc07ec05
Author: Leah (ctucx) <git@ctu.cx>
Date: Tue, 19 Dec 2023 16:42:36 +0100
configurations/linux/services: refator with the goal of modularity :3
11 files changed, 292 insertions(+), 226 deletions(-)
M
|
227
+++++++++++++++++++++++++++++++++++++++++--------------------------------------
M
|
85
+++++++++++++++++++++++++++++++++++++++++++++----------------------------------
M
|
66
+++++++++++++++++++++++++++++++++++++++---------------------------
diff --git a/configurations/linux/default.nix b/configurations/linux/default.nix @@ -2,6 +2,10 @@ { + imports = [ + ./services + ]; + deployment = { buildOnTarget = lib.mkDefault false; targetUser = lib.mkDefault "root";
diff --git a/configurations/linux/services/default.nix b/configurations/linux/services/default.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: + +{ + + imports = [ + ./prometheus-exporters.nix + ./restic-server.nix + ./dns.nix + ./syncthing.nix + ./syncthing-nginx.nix + ]; + + ctucxConfig.monitoring.exporters.enable = (lib.mkDefault (if (config.networking.primaryIP != "") || (config.networing.primaryIP4 != "") then true else false)); + ctucxConfig.dnsServer.enable = (lib.mkDefault (builtins.elem "dnsServer" config.deployment.tags)); + ctucxConfig.resticServer.enable = (lib.mkDefault (builtins.elem "resticServer" config.deployment.tags)); + +}+ \ No newline at end of file
diff --git a/configurations/linux/services/dns.nix b/configurations/linux/services/dns.nix @@ -1,131 +1,140 @@ { nodes, config, lib, pkgs, ...}: -{ - - deployment.tags = [ "dns" ]; - - dns = { - enable = true; - allZones = with pkgs.dns.lib.combinators; let - CAA = [ { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; } ]; - NS = [ "ns1.ctu.cx." "ns2.ctu.cx." ]; - SOA = { - nameServer = "ns1.ctu.cx."; - adminEmail = "dns@ctu.cx"; # Email address with a real `@`! - serial = lib.toInt ("2023" + "03" + "04" + "1"); - }; +let + cfg = config.ctucxConfig.dnsServer; + +in { + + options = { + ctucxConfig.dnsServer = { + enable = lib.mkEnableOption "dns"; + }; + }; - MXApple = with mx; [ - (mx 10 "mx01.mail.icloud.com.") - (mx 10 "mx02.mail.icloud.com.") - ]; - - SPFApple = [ - "v=spf1 include:icloud.com ~all" - ]; - - in { - - "ctu.cx" = { - inherit SOA NS CAA; - -# MX = MXApple; -# TXT = SPFApple ++ [ "apple-domain=8Z4zfabXhvO0cjZi" ]; - - subdomains = { - ns1 = (host nodes.trabbi.config.networking.primaryIP4 nodes.trabbi.config.networking.primaryIP); - ns2 = (host nodes.wanderduene.config.networking.primaryIP4 nodes.wanderduene.config.networking.primaryIP); - - - _atproto.TXT = [ "did=did:plc:zaeuok3fmh2pcp4cjiicku4i" ]; - - blechkasten.CNAME = [ "blechkasten.home" ]; - "internet-of-plants".AAAA = [ "2a0f:4ac0:acab::103" ]; - - "gateway.home" = (host "195.39.246.41" "2a0f:4ac0:acab::1"); - "stasicontainer.home" = (host "195.39.246.35" "2a0f:4ac0:acab::35"); - "blechkasten.home" = (host "195.39.246.43" "2a0f:4ac0:acab::43"); - "desktop.home" = (host "195.39.246.44" "2a0f:4ac0:acab::44"); - - # "sig1._domainkey".CNAME = [ "sig1.dkim.ctu.cx.at.icloudmailadmin.com." ]; - - "48-247-39-195.wireguard".A = [ (a "195.39.247.48") ]; - "49-247-39-195.wireguard".A = [ (a "195.39.247.49") ]; - "50-247-39-195.wireguard".A = [ (a "195.39.247.50") ]; - "51-247-39-195.wireguard".A = [ (a "195.39.247.51") ]; - "52-247-39-195.wireguard".A = [ (a "195.39.247.52") ]; - "53-247-39-195.wireguard".A = [ (a "195.39.247.53") ]; - "54-247-39-195.wireguard".A = [ (a "195.39.247.54") ]; - "55-247-39-195.wireguard".A = [ (a "195.39.247.55") ]; - - "32-246-39-195.dynamic".A = [ (a "195.39.246.32") ]; - "33-246-39-195.dynamic".A = [ (a "195.39.246.33") ]; - "34-246-39-195.dynamic".A = [ (a "195.39.246.34") ]; - "35-246-39-195.dynamic".A = [ (a "195.39.246.35") ]; - "36-246-39-195.dynamic".A = [ (a "195.39.246.36") ]; - "37-246-39-195.dynamic".A = [ (a "195.39.246.37") ]; - "38-246-39-195.dynamic".A = [ (a "195.39.246.38") ]; - "39-246-39-195.dynamic".A = [ (a "195.39.246.39") ]; - "40-246-39-195.dynamic".A = [ (a "195.39.246.40") ]; - "41-246-39-195.dynamic".A = [ (a "195.39.246.41") ]; - "42-246-39-195.dynamic".A = [ (a "195.39.246.42") ]; - "43-246-39-195.dynamic".A = [ (a "195.39.246.43") ]; - "44-246-39-195.dynamic".A = [ (a "195.39.246.44") ]; - "45-246-39-195.dynamic".A = [ (a "195.39.246.45") ]; - "46-246-39-195.dynamic".A = [ (a "195.39.246.46") ]; - "47-246-39-195.dynamic".A = [ (a "195.39.246.47") ]; + config = lib.mkIf cfg.enable { + dns = { + enable = true; + allZones = with pkgs.dns.lib.combinators; let + CAA = [ { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; } ]; + NS = [ "ns1.ctu.cx." "ns2.ctu.cx." ]; + SOA = { + nameServer = "ns1.ctu.cx."; + adminEmail = "dns@ctu.cx"; # Email address with a real `@`! + serial = lib.toInt ("2023" + "03" + "04" + "1"); }; - }; - "oeffisear.ch" = { - inherit SOA NS CAA; - }; + MXApple = with mx; [ + (mx 10 "mx01.mail.icloud.com.") + (mx 10 "mx02.mail.icloud.com.") + ]; + + SPFApple = [ + "v=spf1 include:icloud.com ~all" + ]; + + in { + + "ctu.cx" = { + inherit SOA NS CAA; + + # MX = MXApple; + # TXT = SPFApple ++ [ "apple-domain=8Z4zfabXhvO0cjZi" ]; + + subdomains = { + ns1 = (host nodes.trabbi.config.networking.primaryIP4 nodes.trabbi.config.networking.primaryIP); + ns2 = (host nodes.wanderduene.config.networking.primaryIP4 nodes.wanderduene.config.networking.primaryIP); + + + _atproto.TXT = [ "did=did:plc:zaeuok3fmh2pcp4cjiicku4i" ]; + + blechkasten.CNAME = [ "blechkasten.home" ]; + "internet-of-plants".AAAA = [ "2a0f:4ac0:acab::103" ]; + + "gateway.home" = (host "195.39.246.41" "2a0f:4ac0:acab::1"); + "stasicontainer.home" = (host "195.39.246.35" "2a0f:4ac0:acab::35"); + "blechkasten.home" = (host "195.39.246.43" "2a0f:4ac0:acab::43"); + "desktop.home" = (host "195.39.246.44" "2a0f:4ac0:acab::44"); + + # "sig1._domainkey".CNAME = [ "sig1.dkim.ctu.cx.at.icloudmailadmin.com." ]; + + "48-247-39-195.wireguard".A = [ (a "195.39.247.48") ]; + "49-247-39-195.wireguard".A = [ (a "195.39.247.49") ]; + "50-247-39-195.wireguard".A = [ (a "195.39.247.50") ]; + "51-247-39-195.wireguard".A = [ (a "195.39.247.51") ]; + "52-247-39-195.wireguard".A = [ (a "195.39.247.52") ]; + "53-247-39-195.wireguard".A = [ (a "195.39.247.53") ]; + "54-247-39-195.wireguard".A = [ (a "195.39.247.54") ]; + "55-247-39-195.wireguard".A = [ (a "195.39.247.55") ]; + + "32-246-39-195.dynamic".A = [ (a "195.39.246.32") ]; + "33-246-39-195.dynamic".A = [ (a "195.39.246.33") ]; + "34-246-39-195.dynamic".A = [ (a "195.39.246.34") ]; + "35-246-39-195.dynamic".A = [ (a "195.39.246.35") ]; + "36-246-39-195.dynamic".A = [ (a "195.39.246.36") ]; + "37-246-39-195.dynamic".A = [ (a "195.39.246.37") ]; + "38-246-39-195.dynamic".A = [ (a "195.39.246.38") ]; + "39-246-39-195.dynamic".A = [ (a "195.39.246.39") ]; + "40-246-39-195.dynamic".A = [ (a "195.39.246.40") ]; + "41-246-39-195.dynamic".A = [ (a "195.39.246.41") ]; + "42-246-39-195.dynamic".A = [ (a "195.39.246.42") ]; + "43-246-39-195.dynamic".A = [ (a "195.39.246.43") ]; + "44-246-39-195.dynamic".A = [ (a "195.39.246.44") ]; + "45-246-39-195.dynamic".A = [ (a "195.39.246.45") ]; + "46-246-39-195.dynamic".A = [ (a "195.39.246.46") ]; + "47-246-39-195.dynamic".A = [ (a "195.39.246.47") ]; + }; + }; - "wifionic.de" = { - inherit SOA NS CAA; - }; + "oeffisear.ch" = { + inherit SOA NS CAA; + }; - "trans-agenda.de" = { - inherit SOA NS CAA; - }; + "wifionic.de" = { + inherit SOA NS CAA; + }; - "ctucx.de" = { - inherit SOA NS CAA; + "trans-agenda.de" = { + inherit SOA NS CAA; + }; -# MX = MXApple; -# TXT = SPFApple ++ [ "apple-domain=dAXXtfWkKtR1aNoT" ]; -# subdomains."sig1._domainkey".CNAME = [ "sig1.dkim.ctucx.de.at.icloudmailadmin.com." ]; - }; + "ctucx.de" = { + inherit SOA NS CAA; + + # MX = MXApple; + # TXT = SPFApple ++ [ "apple-domain=dAXXtfWkKtR1aNoT" ]; + # subdomains."sig1._domainkey".CNAME = [ "sig1.dkim.ctucx.de.at.icloudmailadmin.com." ]; + }; - "thein.ovh" = { - inherit SOA NS CAA; + "thein.ovh" = { + inherit SOA NS CAA; -# MX = MXApple; -# TXT = SPFApple ++ [ "apple-domain=gUI16uTaoWHz1n0P" ]; -# subdomains."sig1._domainkey".CNAME = [ "sig1.dkim.thein.ovh.at.icloudmailadmin.com." ]; - }; + # MX = MXApple; + # TXT = SPFApple ++ [ "apple-domain=gUI16uTaoWHz1n0P" ]; + # subdomains."sig1._domainkey".CNAME = [ "sig1.dkim.thein.ovh.at.icloudmailadmin.com." ]; + }; - "flauschehorn.sexy" = { - inherit SOA NS CAA; + "flauschehorn.sexy" = { + inherit SOA NS CAA; - MX = with mx; [ (mx 10 "rx300.kunbox.net.") ]; - TXT = [ "v=spf1 mx ~all" ]; + MX = with mx; [ (mx 10 "rx300.kunbox.net.") ]; + TXT = [ "v=spf1 mx ~all" ]; - subdomains = { - _dmarc.TXT = [ "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" ]; - "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" ]; + subdomains = { + _dmarc.TXT = [ "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" ]; + "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" ]; + }; }; - }; - "c3kuscheldistanz.de" = { - inherit SOA NS CAA; - }; + "c3kuscheldistanz.de" = { + inherit SOA NS CAA; + }; - "c3flauschdistanz.de" = { - inherit SOA NS CAA; - }; + "c3flauschdistanz.de" = { + inherit SOA NS CAA; + }; + }; }; };
diff --git a/configurations/linux/services/prometheus-exporters.nix b/configurations/linux/services/prometheus-exporters.nix @@ -1,47 +1,58 @@ { config, lib, pkgs, ...}: -{ +let + cfg = config.ctucxConfig.monitoring; - services = { - prometheus.exporters = { - node = { - enable = true; - listenAddress = "[::1]"; - port = 9100; - enabledCollectors = [ - "systemd" "processes" - ]; - }; +in { - systemd = { - enable = true; - listenAddress = "[::1]"; - port = 9558; - }; + options = { + ctucxConfig.monitoring = { + exporters.enable = lib.mkEnableOption "prometheus exporters"; + }; + }; - scaphandre = { - enable = (if (builtins.elem "intel_rapl_common" config.boot.kernelModules) then true else false); - user = "root"; - group = "root"; - listenAddress = "::1"; - port = 9080; - telemetryPath = "scaphandre-exporter"; - }; - }; - - nginx = { - enable = true; - virtualHosts."${config.networking.fqdn}" = { - enableACME = lib.mkDefault true; - forceSSL = lib.mkDefault true; - kTLS = lib.mkDefault true; - locations."/node-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}/metrics"; - locations."/systemd-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.systemd.listenAddress}:${toString config.services.prometheus.exporters.systemd.port}/metrics"; - locations."/scaphandre-exporter".proxyPass = lib.mkIf config.services.prometheus.exporters.scaphandre.enable "http://[::1]:${toString config.services.prometheus.exporters.scaphandre.port}/scaphandre-exporter"; + config = lib.mkIf cfg.exporters.enable { + services = { + prometheus.exporters = { + node = { + enable = true; + listenAddress = "[::1]"; + port = 9100; + enabledCollectors = [ + "systemd" "processes" + ]; + }; + + systemd = { + enable = true; + listenAddress = "[::1]"; + port = 9558; + }; + + scaphandre = { + enable = (if (builtins.elem "intel_rapl_common" config.boot.kernelModules) then true else false); + user = "root"; + group = "root"; + listenAddress = "::1"; + port = 9080; + telemetryPath = "scaphandre-exporter"; + }; + }; + + nginx = { + enable = true; + virtualHosts."${config.networking.fqdn}" = { + enableACME = lib.mkDefault true; + forceSSL = lib.mkDefault true; + kTLS = lib.mkDefault true; + locations."/node-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}/metrics"; + locations."/systemd-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.systemd.listenAddress}:${toString config.services.prometheus.exporters.systemd.port}/metrics"; + locations."/scaphandre-exporter".proxyPass = lib.mkIf config.services.prometheus.exporters.scaphandre.enable "http://[::1]:${toString config.services.prometheus.exporters.scaphandre.port}/scaphandre-exporter"; + }; }; }; - }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; }
diff --git a/configurations/linux/services/restic-server.nix b/configurations/linux/services/restic-server.nix @@ -1,38 +1,50 @@ { config, lib, pkgs, ...}: -{ +let + cfg = config.ctucxConfig.resticServer; - age.secrets.restic-server-htpasswd = { - file = ./. + "/../../../secrets/${config.networking.hostName}/restic-server-htpasswd.age"; - owner = "nginx"; - }; +in { - dns.zones."ctu.cx".subdomains."restic.${config.networking.hostName}".CNAME = [ "${config.networking.hostName}.ctu.cx." ]; + options = { + ctucxConfig.resticServer = { + enable = lib.mkEnableOption "restic server"; + }; + }; - systemd.services.restic-rest-server.onFailure = [ "email-notify@%i.service" ]; + config = lib.mkIf cfg.enable { - services = { - restic.server = { - enable = true; - listenAddress = "[::1]:8000"; - appendOnly = true; - extraFlags = [ "--no-auth" ]; - dataDir = "/var/lib/restic"; + age.secrets.restic-server-htpasswd = { + file = ./. + "/../../../secrets/${config.networking.hostName}/restic-server-htpasswd.age"; + owner = "nginx"; }; - nginx = { - enable = true; - virtualHosts."restic.${config.networking.hostName}.ctu.cx" = { - enableACME = lib.mkDefault true; - forceSSL = lib.mkDefault true; - kTLS = lib.mkDefault true; - locations."/" = { - proxyPass = "http://${toString config.services.restic.server.listenAddress}/"; - extraConfig = '' - client_max_body_size 10G; - auth_basic Auth; - auth_basic_user_file ${config.age.secrets.restic-server-htpasswd.path}; - ''; + dns.zones."ctu.cx".subdomains."restic.${config.networking.hostName}".CNAME = [ "${config.networking.hostName}.ctu.cx." ]; + + systemd.services.restic-rest-server.onFailure = [ "email-notify@%i.service" ]; + + services = { + restic.server = { + enable = true; + listenAddress = "[::1]:8000"; + appendOnly = true; + extraFlags = [ "--no-auth" ]; + dataDir = "/var/lib/restic"; + }; + + nginx = { + enable = true; + virtualHosts."restic.${config.networking.hostName}.ctu.cx" = { + enableACME = lib.mkDefault true; + forceSSL = lib.mkDefault true; + kTLS = lib.mkDefault true; + locations."/" = { + proxyPass = "http://${toString config.services.restic.server.listenAddress}/"; + extraConfig = '' + client_max_body_size 10G; + auth_basic Auth; + auth_basic_user_file ${config.age.secrets.restic-server-htpasswd.path}; + ''; + }; }; }; };
diff --git a/configurations/linux/services/syncthing-nginx.nix b/configurations/linux/services/syncthing-nginx.nix @@ -1,28 +1,36 @@ { config, lib, pkgs, ... }: -{ +let + cfg = config.ctucxConfig.syncthingWithNginx; - imports = [ - ./syncthing.nix - ]; +in { + options = { + ctucxConfig.syncthingWithNginx = { + enable = lib.mkEnableOption "syncthing with nginx reverse-proxy"; + }; + }; - dns.zones."ctu.cx".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ]; + config = lib.mkIf cfg.enable { + ctucxConfig.syncthing.enable = true; - systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ]; + dns.zones."ctu.cx".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ]; - services = { - syncthing = { - guiAddress = "[::1]:8384"; - settings.gui.insecureSkipHostcheck = true; - }; + systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ]; + + services = { + syncthing = { + guiAddress = "[::1]:8384"; + settings.gui.insecureSkipHostcheck = true; + }; - nginx = { - enable = true; - virtualHosts."syncthing.${config.networking.hostName}.ctu.cx" = { - enableACME = true; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://${toString config.services.syncthing.guiAddress}"; + nginx = { + enable = true; + virtualHosts."syncthing.${config.networking.hostName}.ctu.cx" = { + enableACME = true; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://${toString config.services.syncthing.guiAddress}"; + }; }; }; };
diff --git a/configurations/linux/services/syncthing.nix b/configurations/linux/services/syncthing.nix @@ -1,38 +1,46 @@ { inputs, config, pkgs, lib, ... }: let + cfg = config.ctucxConfig.syncthing; syncthingConfig = import ../../common/syncthing-config.nix { inherit inputs pkgs config lib; }; in { - - age.secrets = { - syncthing-key = { - file = ../../../secrets + "/${config.networking.hostName}/syncthing/key.age"; - owner = "leah"; - }; - syncthing-cert = { - file = ../../../secrets + "/${config.networking.hostName}/syncthing/cert.age"; - owner = "leah"; + options = { + ctucxConfig.syncthing = { + enable = lib.mkEnableOption "syncthing"; }; }; - systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ]; + config = lib.mkIf cfg.enable { + age.secrets = { + syncthing-key = { + file = ../../../secrets + "/${config.networking.hostName}/syncthing/key.age"; + owner = "leah"; + }; + syncthing-cert = { + file = ../../../secrets + "/${config.networking.hostName}/syncthing/cert.age"; + owner = "leah"; + }; + }; - services.syncthing = { - enable = true; - openDefaultPorts = true; + systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ]; - user = "leah"; - group = "users"; + services.syncthing = { + enable = true; + openDefaultPorts = true; - key = lib.mkDefault config.age.secrets.syncthing-key.path; - cert = lib.mkDefault config.age.secrets.syncthing-cert.path; + user = "leah"; + group = "users"; - dataDir = lib.mkDefault "/home/leah"; - configDir = lib.mkDefault "/home/leah/.config/syncthing"; + key = lib.mkDefault config.age.secrets.syncthing-key.path; + cert = lib.mkDefault config.age.secrets.syncthing-cert.path; - settings.devices = syncthingConfig.devices; - settings.folders = syncthingConfig.folders; + dataDir = lib.mkDefault "/home/leah"; + configDir = lib.mkDefault "/home/leah/.config/syncthing"; + + settings.devices = syncthingConfig.devices; + settings.folders = syncthingConfig.folders; + }; }; }
diff --git a/machines/briefkasten/configuration.nix b/machines/briefkasten/configuration.nix @@ -4,13 +4,13 @@ deployment.targetHost = config.networking.secondaryIP4; + #this enables the following services: restic-server + deployment.tags = [ "resticServer" ]; + imports = [ ./hardware-configuration.nix ./impermanence.nix - ../../configurations/linux/services/prometheus-exporters.nix - ../../configurations/linux/services/restic-server.nix - # syncthing (and it's backup) ./syncthing.nix
diff --git a/machines/briefkasten/syncthing.nix b/machines/briefkasten/syncthing.nix @@ -17,9 +17,7 @@ let in { - imports = [ - ../../configurations/linux/services/syncthing-nginx.nix - ]; + ctucxConfig.syncthing.enable = true; age.secrets = lib.mapAttrs' ( name: path: lib.nameValuePair "restic-syncthing-${name}" {
diff --git a/machines/trabbi/configuration.nix b/machines/trabbi/configuration.nix @@ -2,12 +2,12 @@ { + #this enables the following services: dns + deployment.tags = [ "dnsServer" ]; + imports = [ ./hardware-configuration.nix - # dns server - ../../configurations/linux/services/dns.nix - # git server (gitolite+stagit) ./git.nix @@ -15,7 +15,6 @@ ./radicale.nix # monitoring - ../../configurations/linux/services/prometheus-exporters.nix ./prometheus.nix ./grafana
diff --git a/machines/wanderduene/configuration.nix b/machines/wanderduene/configuration.nix @@ -4,18 +4,17 @@ deployment.buildOnTarget = false; + #this enables the following services: dns + deployment.tags = [ "dnsServer" ]; + documentation.nixos.enable = false; imports = [ ./hardware-configuration.nix - ../../configurations/linux/services/prometheus-exporters.nix - ../../configurations/linux/services/dns.nix - ./rclone-restic-server.nix ./3proxy.nix -# ./reverse-proxy-stasicontainer.nix ./websites ] ++ (if nodes.briefkasten.config.networking.usePBBUplink != true then [