Move last service to hel1

2025-12-25 05:36:59 +01:00 · 2024-12-19 01:31:50 +01:00 · 2024-12-19 01:31:50 +01:00 · 4cd8ad24f2
commit 4cd8ad24f2
parent d43684fde5
3 changed files with 30 additions and 34 deletions
--- a/profiles/hel.nix
+++ b/profiles/hel.nix
@ -39,6 +39,9 @@
    noreplyFroidmontPassword = {
      key = "email/accounts_passwords/noreply_froidmont";
    };
+    nixCacheKey = {
+      key = "nix/cache_secret_key";
+    };
  };

  time.timeZone = "Europe/Amsterdam";
@ -487,4 +490,26 @@
    certificateScheme = "acme-nginx";
  };

+  nix = {
+    settings = {
+      trusted-users = [ "nix-ssh" ];
+      secret-key-files = [ config.sops.secrets.nixCacheKey.path ];
+    };
+    sshServe = {
+      enable = true;
+      write = true;
+      keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODEuNOPisaBoF+7CGpWO80n0v5kg1LNMN4yD/wr4cCL root@nixos-desktop"
+      ];
+    };
+  };
+
+  services.borgbackup.repos = {
+    epicerie_du_cellier = {
+      authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDbiI5UOGpVbaV+xihLqKP0B3UehboMMzOy3HhjjbSz backend1@epicerieducellier.be"
+      ];
+      path = "/nix/var/data/epicerie_du_cellier_backup";
+    };
+  };
 }
--- a/profiles/storage.nix
+++ b/profiles/storage.nix
@ -11,41 +11,12 @@
    ../modules
  ];

-  sops.secrets = {
-    nixCacheKey = {
-      key = "nix/cache_secret_key";
-    };
-  };
-
  custom = {
-    services.binary-cache = {
-      enable = true;
-      secretKeyFile = config.sops.secrets.nixCacheKey.path;
-    };
-
-    services.monit = {
-      enable = false;
-      additionalConfig = ''
-        check program raid-md127 with path "${pkgs.mdadm}/bin/mdadm --misc --detail --test /dev/md127"
-          if status != 0 then alert
-      '';
-    };
-
-    services.nginx.enable = true;
    services.openssh.enable = true;
  };

-  networking.firewall.allowedTCPPorts = [
-    80
-    443
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQKmE04ZeXN65PTt5cc0YAgBeFukwhP39Ccq9ZxlCkovUMcm9q1Gqgb1tw0hfHCUYK9D6In/qLgNQ6h0Etnesi9HUncl6GC0EE89kNOANZVLuPir0V9Rm7zo55UUUM/qlZe1L7b19oO4qT5tIUlM1w4LfduZuyaag2RDpJxh4xBontftZnCS6O2OI4++/6OKLkn4qtsepxPWb9M6lY/sb6w75LqyUXyjxxArrQMHpE4RQHTCEJiK9t+z5xpfI4WfTnIRQaCw6LxZhE9Kh/pOSVbLU6c5VdBHfCOPk6xrB3TbuUvMpR0cRtn5q0nJQHGhL0A709UXR1fnPm7Xs4GTIf2LWXch6mcrjkTocz8qmKDuMxQzY76QXy6A+rvghhOxnrZTEhLKExZxNqag72MIeippPFNbyOJgke3htHy74b9WjM1vZJ9VRYnmhxpGz0af//GF6LZQy7gOxBasSOv5u5r//1Ow7FNf2K5xYPGYzWRIDx+abMa+JwOyPHdZ9bR+jmB5R9VohFECFLgjm+O5Ed1LJgRX/6vYlB+8gZeeflbZpYYsSY/EcpsUKgtOmIBJT1svdjVTDdplihdFUzWfjL+n2O30K7yniNz6dGbXhxfqOVlp9R6ZsEdbGTX0IGpG+0ZgkUkLrgROAH1xiOYNhpXuD3l6rNXLw4HP3Mqjp3Fw== root@hel1"
  ];

-  services.borgbackup.repos = {
-    epicerie_du_cellier = {
-      authorizedKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDbiI5UOGpVbaV+xihLqKP0B3UehboMMzOy3HhjjbSz backend1@epicerieducellier.be"
-      ];
-      path = "/var/lib/epicerie_du_cellier_backup";
-    };
-  };
 }