tadpole: Specify ssh port for gitea

hosts/backwards/modules/default.nix

@@ -13,6 +13,8 @@ in
       ssh.enable = true;
       git.enable = true;
       syncthing.enable = true;
+      restic.enable = true;
+      transmission.enable = true;
     };
   };
 }

hosts/backwards/modules/restic/default.nix

@@ -0,0 +1,51 @@
+{ lib, config, ... }:
+let
+  enabled = config.mod.restic.enable;
+in
+{
+  options = {
+    mod.restic = {
+      enable = lib.mkEnableOption "Enable restic";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    fileSystems."/home/alex/backup" = {
+      device = "/dev/disk/by-uuid/34601701-65e6-4b2c-ac4d-8bef3dfd743f";
+      fsType = "ext4";
+      options = [ "nofail" ];
+    };
+
+    services = {
+      restic.backups = {
+        "sync-to-external" = {
+          initialize = true;
+
+          user = "alex";
+          passwordFile = config.age.secrets.restic-password.path;
+
+          paths = [ "/home/alex/sync" ];
+          repository = "/home/alex/backup";
+
+          timerConfig = {
+            OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day
+            Persistent = true;
+          };
+
+          pruneOpts = [
+            "--keep-daily 1"
+            "--keep-weekly 7"
+            "--keep-yearly 12"
+          ];
+        };
+      };
+    };
+
+    age = {
+      secrets = {
+        "restic-password".file = ../../../../secrets/backwards/restic-password.age;
+      };
+    };
+  };
+}
+

hosts/backwards/modules/transmission/default.nix

@@ -0,0 +1,42 @@
+{ pkgs, lib, config, ... }:
+let
+  enabled = config.mod.transmission.enable;
+in
+{
+  options = {
+    mod.transmission = {
+      enable = lib.mkEnableOption "enable transmission module";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    services = {
+      transmission = {
+        enable = true;
+        package = pkgs.transmission_4;
+
+        openFirewall = true;
+        openRPCPort = true;
+
+        user = "alex";
+        group = "users";
+
+        home = "/home/alex/media/ts-home";
+        downloadDirPermissions = "775";
+
+        settings = {
+          rpc-bind-address = "0.0.0.0";
+          rpc-port = 9191;
+
+          incomplete-dir-enabled = false;
+          download-dir = "/home/alex/media/downloads";
+
+          rpc-authentication-required = true;
+          rpc-whitelist-enabled = false;
+          rpc-username = "transmission";
+          rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
+        };
+      };
+    };
+  };
+}

hosts/pinwheel/modules/git/gitconfig

@@ -11,3 +11,5 @@
 [url "git@codeberg.org:"]
     insteadOf = https://codeberg.org/
 
+[url "gitea@git.ppp.pm:"]
+    insteadOf = https://git.ppp.pm/

hosts/pinwheel/modules/ssh/default.nix

@@ -5,8 +5,8 @@
       enable = true;
 
       matchBlocks = {
-        "backwards.local" = {
+        "backwards" = {
-          hostname = "192.168.50.202";
+          hostname = "backwards";
           user = "alex";
           identityFile = "/home/alex/.ssh/alex.pinwheel-backwards";
           port = 1122;
@@ -48,6 +48,11 @@
           hostname = "codeberg.org";
           identityFile = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
         };
+
+        "git.ppp.pm" = {
+          hostname = "git.ppp.pm";
+          identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
+        };
       };
     };
 
@@ -106,6 +111,19 @@
       group = "users";
     };
 
+    "alex.pinwheel-git.ppp.pm" = {
+      file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age;
+      path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm.org";
+      owner = "alex";
+      group = "users";
+    };
+    "alex.pinwheel-git.ppp.pm.pub" = {
+      file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.pub.age;
+      path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm.pub";
+      owner = "alex";
+      group = "users";
+    };
+
     "alex.pinwheel-andromeda" = {
       file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.age;
       path = "/home/alex/.ssh/alex.pinwheel-andromeda";

hosts/tadpole/modules/gitea/default.nix

@@ -64,7 +64,7 @@ in
           DOMAIN = gitDomain;
           ROOT_URL = "https://${gitDomain}";
 
-          SSH_PORT = 1122; # See `ssh` module
+          SSH_PORT = 1122; # see `ssh` module
         };
 
         database = {

secrets/backwards/restic-password.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 Pu0HWg qnig6bOOnHbsTQ7AJfS0l6TUT7gPM3VreutamO5NfCs
+ZBX0HcsOKq2QrGRCJygwol/T2NWyvxGbqYpb5mfl5FQ
+-> ssh-ed25519 +oNaHQ SgIEVphkOUqNzvPkoAQDS6wvDiHvcSNCLj46Qf1Lqyo
+HisQ0xxj1Qz79rmFdt0jda8D4hDWE+/d6zuA17fLsgk
+--- UabMTXlGzIEj1guev4NyFyoXvP41i7oN1TMDKo517zs
+}<7D>p<EFBFBD>)<29>⿫<EFBFBD><E2BFAB><EFBFBD>B<EFBFBD><42><EFBFBD><EFBFBD><EFBFBD>T<1D>x<>r0<72><30>7#<23>y<EFBFBD>2Ԥ<32><D4A4>;Z.&<26>]!<21><>e(<28><>qvPQ돠?Y<>y<EFBFBD>$?<3F><>X<EFBFBD>2<EFBFBD><32>݀-&<26>A

secrets/secrets.nix

@@ -22,6 +22,8 @@ in {
   "pinwheel/alex.pinwheel-andromeda.pub.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-codeberg.org.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-codeberg.org.pub.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/alex.pinwheel-git.ppp.pm.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/alex.pinwheel-git.ppp.pm.pub.age".publicKeys = [ pinwheel alex ];
 
   "pinwheel/work-gitconfig.age".publicKeys = [ pinwheel alex ];
   "pinwheel/work-github-token.age".publicKeys = [ pinwheel alex ];
@@ -33,6 +35,7 @@ in {
   "backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];
   "backwards/syncthing-cert.age".publicKeys = [ backwards alex ];
   "backwards/syncthing-key.age".publicKeys = [ backwards alex ];
+  "backwards/restic-password.age".publicKeys = [ backwards alex ];
   "backwards/alex.backwards-codeberg.org.age".publicKeys = [ backwards alex ];
   "backwards/alex.backwards-codeberg.org.pub.age".publicKeys = [ backwards alex ];
   "backwards/wpa_supplicant.conf.age".publicKeys = [ backwards alex ];