2021-11-26 00:14:44 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
{
|
|
|
|
|
imports = [
|
|
|
|
|
../environment.nix
|
|
|
|
|
../hardware/hetzner-dedicated-storage1.nix
|
|
|
|
|
../modules/openssh.nix
|
2021-11-29 02:04:29 +01:00
|
|
|
../modules/mailserver.nix
|
2021-12-07 00:44:36 +01:00
|
|
|
../modules/nginx.nix
|
2021-12-07 01:55:01 +01:00
|
|
|
../modules/jellyfin.nix
|
2021-12-08 01:03:24 +01:00
|
|
|
../modules/stb.nix
|
2021-12-09 09:28:28 +01:00
|
|
|
../modules/monero.nix
|
2021-12-10 03:02:34 +01:00
|
|
|
../modules/torrents.nix
|
2021-12-27 04:03:07 +01:00
|
|
|
../modules/custom-backup-job.nix
|
2021-12-27 05:28:51 +01:00
|
|
|
../modules/custom-monit.nix
|
2021-12-27 17:17:02 +01:00
|
|
|
../modules/jitsi.nix
|
2021-11-26 00:14:44 +01:00
|
|
|
];
|
2021-12-07 01:55:01 +01:00
|
|
|
|
2021-12-27 04:03:07 +01:00
|
|
|
sops.secrets = {
|
|
|
|
|
borgSshKey = {
|
|
|
|
|
owner = config.services.borgbackup.jobs.data.user;
|
|
|
|
|
key = "borg/client_keys/storage1/private";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2021-12-09 09:28:28 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 18080 ];
|
2021-12-10 03:02:34 +01:00
|
|
|
|
|
|
|
|
networking.nat.enable = true;
|
|
|
|
|
networking.nat.internalInterfaces = [ "ve-+" ];
|
|
|
|
|
networking.nat.externalInterface = "enp2s0";
|
|
|
|
|
|
|
|
|
|
users.users.www-data = {
|
|
|
|
|
uid = 993;
|
2021-12-26 23:01:12 +01:00
|
|
|
isNormalUser = true;
|
2021-12-10 03:02:34 +01:00
|
|
|
group = config.users.groups.www-data.name;
|
2021-12-26 23:01:12 +01:00
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDc7kX8riTSxRNwqIwZ/XwTKHzl1C786TbeU5qx2gTidR4H56+GxA5jrpWLZrcu0MRBu11/URzyGrJGxdBps6Hu/Arp482Y5OxZeDUzD+tZJa79NylG9GQFMTmGLjH3IqBbmgx91WdYsLmgXjz0f+NxANzmgvzRt2IolHc4hxIkrDickfT2dT3uVtaJOGBsLC2BxVT0rCHFmvjB7+qnJ4jvC8b/V+F6+hijom1kUq9zhZzWEg8H5imR0UoXrXLetxY+PGAqKkDLm/pNQ/cUSX4FaKZ5bpGYed7ioSeRHW3xIh4zHhWbiyBPsrjyOmEnxNL5f4o4KgHfUDY0DpVrhs+6JPJTsMfsyb0GciqSYR5PCL73zY+IEo+ZHdGubib4G5+t1UqaK+ZZGqW+a7DLHMFR6tr3I/b/Jz8KHjYztdx/ZHS3CA2+17JgLG/ycq+a3ETBkIGSta5I4BUfcbVvkxKq7A99aODDyYc+jMp7gbQlwKhdHcAoVcWRKqck/sL0Qnb4e+BoUm+ajxRo6DNcpGL5LLtD/i1NuWjFugh6q1KcgXP/Bc11Owhqg3nlIUMUoVc2/h/9Er9Eaplv27rw180ItGR1UEQ4gQHCGQB6vCF5NRPjAS5y515UcDu+rceFIr1W15IZvhMrcphb8clu8E2us68ghas7ZgXKU2xypsaGPw== sshfs-2021-07-16"
|
|
|
|
|
];
|
2021-12-10 03:02:34 +01:00
|
|
|
};
|
|
|
|
|
users.groups.www-data = { gid = 991; };
|
2021-12-26 19:42:23 +01:00
|
|
|
|
|
|
|
|
users.users.steam = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
group = config.users.groups.steam.name;
|
|
|
|
|
};
|
|
|
|
|
users.groups.steam = { };
|
2021-12-27 04:03:07 +01:00
|
|
|
|
|
|
|
|
services.custom-backup-job = {
|
|
|
|
|
readWritePaths = [ "/nix/var/data/backup" ];
|
|
|
|
|
preHook = "${pkgs.docker}/bin/docker exec stb-mariadb sh -c 'mysqldump -u stb -pstb stb' > /nix/var/data/backup/stb_mariadb.sql";
|
2021-12-27 05:28:51 +01:00
|
|
|
postHook = "touch /nix/var/data/backup/backup-ok";
|
2021-12-27 04:03:07 +01:00
|
|
|
startAt = "04:00";
|
|
|
|
|
sshKey = config.sops.secrets.borgSshKey.path;
|
|
|
|
|
};
|
2021-12-27 05:28:51 +01:00
|
|
|
|
|
|
|
|
services.custom-monit.additionalConfig = ''
|
|
|
|
|
check host nextcloud with address cloud.banditlair.com
|
|
|
|
|
if failed port 443 protocol https with timeout 20 seconds then alert
|
|
|
|
|
check host anderia-wiki with address anderia.banditlair.com
|
|
|
|
|
if failed port 443 protocol https with timeout 20 seconds then alert
|
|
|
|
|
check host arkadia-wiki with address arkadia.banditlair.com
|
|
|
|
|
if failed port 443 protocol https with timeout 20 seconds then alert
|
|
|
|
|
check host website-marie with address osteopathie.froidmont.org
|
|
|
|
|
if failed port 443 protocol https with timeout 20 seconds then alert
|
2021-12-27 16:39:22 +01:00
|
|
|
check host webmail with address webmail.banditlair.com
|
|
|
|
|
if failed port 443 protocol https with timeout 20 seconds then alert
|
2021-12-27 05:28:51 +01:00
|
|
|
'';
|
2021-11-26 00:14:44 +01:00
|
|
|
}
|
