tadpole: Specify ssh port for gitea

pinwheel: Add git url preference for git.ppp.pm
pinwheel: Add ssh keys for git.ppp.pm
2024-08-31 17:16:38 +02:00 · 2024-08-31 16:34:20 +02:00 · 2024-08-31 16:33:13 +02:00 · 2024-08-31 16:31:46 +02:00 · 2024-08-31 16:21:29 +02:00 · 2024-08-31 16:21:17 +02:00
10 changed files with 128 additions and 3 deletions
--- a/hosts/backwards/modules/default.nix
+++ b/hosts/backwards/modules/default.nix
@@ -13,6 +13,8 @@ in
      ssh.enable = true;
      git.enable = true;
      syncthing.enable = true;
+      restic.enable = true;
+      transmission.enable = true;
    };
  };
 }
--- a/hosts/backwards/modules/restic/default.nix
+++ b/hosts/backwards/modules/restic/default.nix
@@ -0,0 +1,51 @@
+{ lib, config, ... }:
+let
+  enabled = config.mod.restic.enable;
+in
+{
+  options = {
+    mod.restic = {
+      enable = lib.mkEnableOption "Enable restic";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    fileSystems."/home/alex/backup" = {
+      device = "/dev/disk/by-uuid/34601701-65e6-4b2c-ac4d-8bef3dfd743f";
+      fsType = "ext4";
+      options = [ "nofail" ];
+    };
+
+    services = {
+      restic.backups = {
+        "sync-to-external" = {
+          initialize = true;
+
+          user = "alex";
+          passwordFile = config.age.secrets.restic-password.path;
+
+          paths = [ "/home/alex/sync" ];
+          repository = "/home/alex/backup";
+
+          timerConfig = {
+            OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day
+            Persistent = true;
+          };
+
+          pruneOpts = [
+            "--keep-daily 1"
+            "--keep-weekly 7"
+            "--keep-yearly 12"
+          ];
+        };
+      };
+    };
+
+    age = {
+      secrets = {
+        "restic-password".file = ../../../../secrets/backwards/restic-password.age;
+      };
+    };
+  };
+}
+
--- a/hosts/backwards/modules/transmission/default.nix
+++ b/hosts/backwards/modules/transmission/default.nix
@@ -0,0 +1,42 @@
+{ pkgs, lib, config, ... }:
+let
+  enabled = config.mod.transmission.enable;
+in
+{
+  options = {
+    mod.transmission = {
+      enable = lib.mkEnableOption "enable transmission module";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    services = {
+      transmission = {
+        enable = true;
+        package = pkgs.transmission_4;
+
+        openFirewall = true;
+        openRPCPort = true;
+
+        user = "alex";
+        group = "users";
+
+        home = "/home/alex/media/ts-home";
+        downloadDirPermissions = "775";
+
+        settings = {
+          rpc-bind-address = "0.0.0.0";
+          rpc-port = 9191;
+
+          incomplete-dir-enabled = false;
+          download-dir = "/home/alex/media/downloads";
+
+          rpc-authentication-required = true;
+          rpc-whitelist-enabled = false;
+          rpc-username = "transmission";
+          rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
+        };
+      };
+    };
+  };
+}
--- a/hosts/pinwheel/modules/git/gitconfig
+++ b/hosts/pinwheel/modules/git/gitconfig
@@ -11,3 +11,5 @@
 [url "git@codeberg.org:"]
    insteadOf = https://codeberg.org/

+[url "gitea@git.ppp.pm:"]
+    insteadOf = https://git.ppp.pm/
--- a/hosts/pinwheel/modules/ssh/default.nix
+++ b/hosts/pinwheel/modules/ssh/default.nix
@@ -5,8 +5,8 @@
      enable = true;

      matchBlocks = {
-        "backwards.local" = {
-          hostname = "192.168.50.202";
+        "backwards" = {
+          hostname = "backwards";
          user = "alex";
          identityFile = "/home/alex/.ssh/alex.pinwheel-backwards";
          port = 1122;
@@ -48,6 +48,11 @@
          hostname = "codeberg.org";
          identityFile = "/home/alex/.ssh/alex.pinwheel-codeberg.org";
        };
+
+        "git.ppp.pm" = {
+          hostname = "git.ppp.pm";
+          identityFile = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm";
+        };
      };
    };

@@ -106,6 +111,19 @@
      group = "users";
    };

+    "alex.pinwheel-git.ppp.pm" = {
+      file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.age;
+      path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm.org";
+      owner = "alex";
+      group = "users";
+    };
+    "alex.pinwheel-git.ppp.pm.pub" = {
+      file = ../../../../secrets/pinwheel/alex.pinwheel-git.ppp.pm.pub.age;
+      path = "/home/alex/.ssh/alex.pinwheel-git.ppp.pm.pub";
+      owner = "alex";
+      group = "users";
+    };
+
    "alex.pinwheel-andromeda" = {
      file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.age;
      path = "/home/alex/.ssh/alex.pinwheel-andromeda";
--- a/hosts/tadpole/modules/gitea/default.nix
+++ b/hosts/tadpole/modules/gitea/default.nix
@@ -64,7 +64,7 @@ in
          DOMAIN = gitDomain;
          ROOT_URL = "https://${gitDomain}";

-          SSH_PORT = 1122; # See `ssh` module
+          SSH_PORT = 1122; # see `ssh` module
        };

        database = {
--- a/secrets/backwards/restic-password.age
+++ b/secrets/backwards/restic-password.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 Pu0HWg qnig6bOOnHbsTQ7AJfS0l6TUT7gPM3VreutamO5NfCs
+ZBX0HcsOKq2QrGRCJygwol/T2NWyvxGbqYpb5mfl5FQ
+-> ssh-ed25519 +oNaHQ SgIEVphkOUqNzvPkoAQDS6wvDiHvcSNCLj46Qf1Lqyo
+HisQ0xxj1Qz79rmFdt0jda8D4hDWE+/d6zuA17fLsgk
+--- UabMTXlGzIEj1guev4NyFyoXvP41i7oN1TMDKo517zs
+}<7D>p<EFBFBD>)<29>⿫<EFBFBD><E2BFAB><EFBFBD>B<EFBFBD><42><EFBFBD><EFBFBD><EFBFBD>T<1D>x<>r0<72><30>7#<23>y<EFBFBD>2Ԥ<32><D4A4>;Z.&<26>]!<21><>e(<28><>qvPQ돠?Y<>y<EFBFBD>$?<3F><>X<EFBFBD>2<EFBFBD><32>݀-&<26>A
--- a/secrets/pinwheel/alex.pinwheel-git.ppp.pm.age
+++ b/secrets/pinwheel/alex.pinwheel-git.ppp.pm.age
--- a/secrets/pinwheel/alex.pinwheel-git.ppp.pm.pub.age
+++ b/secrets/pinwheel/alex.pinwheel-git.ppp.pm.pub.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,6 +22,8 @@ in {
  "pinwheel/alex.pinwheel-andromeda.pub.age".publicKeys = [ pinwheel alex ];
  "pinwheel/alex.pinwheel-codeberg.org.age".publicKeys = [ pinwheel alex ];
  "pinwheel/alex.pinwheel-codeberg.org.pub.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/alex.pinwheel-git.ppp.pm.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/alex.pinwheel-git.ppp.pm.pub.age".publicKeys = [ pinwheel alex ];

  "pinwheel/work-gitconfig.age".publicKeys = [ pinwheel alex ];
  "pinwheel/work-github-token.age".publicKeys = [ pinwheel alex ];
@@ -33,6 +35,7 @@ in {
  "backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];
  "backwards/syncthing-cert.age".publicKeys = [ backwards alex ];
  "backwards/syncthing-key.age".publicKeys = [ backwards alex ];
+  "backwards/restic-password.age".publicKeys = [ backwards alex ];
  "backwards/alex.backwards-codeberg.org.age".publicKeys = [ backwards alex ];
  "backwards/alex.backwards-codeberg.org.pub.age".publicKeys = [ backwards alex ];
  "backwards/wpa_supplicant.conf.age".publicKeys = [ backwards alex ];
Author	SHA1	Message	Date
Alexander Heldt	32acd3a55c	tadpole: Specify `ssh` port for `gitea`	2024-08-31 17:16:38 +02:00
Alexander Heldt	10b8f99193	pinwheel: Add `git` url preference for `git.ppp.pm`	2024-08-31 16:34:20 +02:00
Alexander Heldt	25043c3856	pinwheel: Add `ssh` keys for `git.ppp.pm`	2024-08-31 16:33:13 +02:00
Alexander Heldt	3180842d6a	pinwheel: Add secrets for `git.ppp.pm`	2024-08-31 16:31:46 +02:00
Alexander Heldt	4ef27e43d7	pinwheel: Use `tailscale` DNS for `ssh` to `backwards`	2024-08-31 16:21:29 +02:00
Alexander Heldt	27e1f8306a	tadpole: Use standard SSH port for `gitea`	2024-08-31 16:21:17 +02:00
Alexander Heldt	e5c0fe3ff9	backwards: Add `transmission` module	2024-08-31 15:49:56 +02:00
Alexander Heldt	d15e13c81d	backwards: Backup `sync` to external drive with `restic`	2024-08-31 15:49:56 +02:00
Alexander Heldt	6478356950	backwards: Add secret for `restic`	2024-08-31 15:44:50 +02:00