phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 13:46:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move last service to hel1

Browse source
This commit is contained in:
Paul-Henri Froidmont 2024-12-19 01:31:50 +01:00
parent d43684fde5
commit 4cd8ad24f2
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
3 changed files with 30 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

25
profiles/hel.nix
View file

@ -39,6 +39,9 @@
noreplyFroidmontPassword = { noreplyFroidmontPassword = {
key = "email/accounts_passwords/noreply_froidmont"; key = "email/accounts_passwords/noreply_froidmont";
}; };
nixCacheKey = {
key = "nix/cache_secret_key";
};
}; };
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
@ -487,4 +490,26 @@
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
}; };
nix = {
settings = {
trusted-users = [ "nix-ssh" ];
secret-key-files = [ config.sops.secrets.nixCacheKey.path ];
};
sshServe = {
enable = true;
write = true;
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODEuNOPisaBoF+7CGpWO80n0v5kg1LNMN4yD/wr4cCL root@nixos-desktop"
];
};
};
services.borgbackup.repos = {
epicerie_du_cellier = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDbiI5UOGpVbaV+xihLqKP0B3UehboMMzOy3HhjjbSz backend1@epicerieducellier.be"
];
path = "/nix/var/data/epicerie_du_cellier_backup";
};
};
} }

33
profiles/storage.nix
View file

@ -11,41 +11,12 @@
../modules ../modules
]; ];
sops.secrets = {
nixCacheKey = {
key = "nix/cache_secret_key";
};
};
custom = { custom = {
services.binary-cache = {
enable = true;
secretKeyFile = config.sops.secrets.nixCacheKey.path;
};
services.monit = {
enable = false;
additionalConfig = ''
check program raid-md127 with path "${pkgs.mdadm}/bin/mdadm --misc --detail --test /dev/md127"
if status != 0 then alert
'';
};
services.nginx.enable = true;
services.openssh.enable = true; services.openssh.enable = true;
}; };
networking.firewall.allowedTCPPorts = [ users.users.root.openssh.authorizedKeys.keys = [
80 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQKmE04ZeXN65PTt5cc0YAgBeFukwhP39Ccq9ZxlCkovUMcm9q1Gqgb1tw0hfHCUYK9D6In/qLgNQ6h0Etnesi9HUncl6GC0EE89kNOANZVLuPir0V9Rm7zo55UUUM/qlZe1L7b19oO4qT5tIUlM1w4LfduZuyaag2RDpJxh4xBontftZnCS6O2OI4++/6OKLkn4qtsepxPWb9M6lY/sb6w75LqyUXyjxxArrQMHpE4RQHTCEJiK9t+z5xpfI4WfTnIRQaCw6LxZhE9Kh/pOSVbLU6c5VdBHfCOPk6xrB3TbuUvMpR0cRtn5q0nJQHGhL0A709UXR1fnPm7Xs4GTIf2LWXch6mcrjkTocz8qmKDuMxQzY76QXy6A+rvghhOxnrZTEhLKExZxNqag72MIeippPFNbyOJgke3htHy74b9WjM1vZJ9VRYnmhxpGz0af//GF6LZQy7gOxBasSOv5u5r//1Ow7FNf2K5xYPGYzWRIDx+abMa+JwOyPHdZ9bR+jmB5R9VohFECFLgjm+O5Ed1LJgRX/6vYlB+8gZeeflbZpYYsSY/EcpsUKgtOmIBJT1svdjVTDdplihdFUzWfjL+n2O30K7yniNz6dGbXhxfqOVlp9R6ZsEdbGTX0IGpG+0ZgkUkLrgROAH1xiOYNhpXuD3l6rNXLw4HP3Mqjp3Fw== root@hel1"
443
]; ];
services.borgbackup.repos = {
epicerie_du_cellier = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDbiI5UOGpVbaV+xihLqKP0B3UehboMMzOy3HhjjbSz backend1@epicerieducellier.be"
];
path = "/var/lib/epicerie_du_cellier_backup";
};
};
} }

6
secrets.enc.yml
View file

@ -4,7 +4,7 @@ hcloud:
grafana: grafana:
admin_password: ENC[AES256_GCM,data:seXajvIHrEU7XR/XVD6uG/dmZ5I2oiL5IxsM+sMlV9awLwnYpDI0u0gJbYqSYvMRhXS/ZhXuXaTJhgXD,iv:oavt6HtbCCLznPgpSSLKHcHPuJSP+7hPPLepu5orqm0=,tag:Gubg8LEYUMInZpXE1SDYtQ==,type:str] admin_password: ENC[AES256_GCM,data:seXajvIHrEU7XR/XVD6uG/dmZ5I2oiL5IxsM+sMlV9awLwnYpDI0u0gJbYqSYvMRhXS/ZhXuXaTJhgXD,iv:oavt6HtbCCLznPgpSSLKHcHPuJSP+7hPPLepu5orqm0=,tag:Gubg8LEYUMInZpXE1SDYtQ==,type:str]
nix: nix:
cache_secret_key: ENC[AES256_GCM,data:Q2mRU+EuTyqjYNvbuyGLqoDSqa/7EPlzNuCJU7QUBRSozf1D4dDzAPNU47xZ2rKcjz6Eg4OhAZLlGeFw9le8SzHOSJ65UYHoMMc6Rpvv/fPhgg2s2UMArrqyO3ultj1pVe3eIIRzBQcdoFqVDg==,iv:jhMTWEO6ahcZl+Dq6mA+mWIie8T0Dq1ZYe/HHYAD5ss=,tag:2GRmd2z96+TGI7MdvOBEdA==,type:str] cache_secret_key: ENC[AES256_GCM,data:L5HJ6TRpKVJRM0GVc9pztflyHitK1n6l56vyxbkuRbT5ZPjq8qJnUwD7sVrqYdtEUr1VA+q3Tf021u/PjK4He2hAHKEGWwviel5YBl4dZE/pSgzONP2e2NkE5USWxigyivdFfz8Apix+0Rpq,iv:cQcmGijhZmAwW9kCLbeISBYGkXa9w9IZsLDNaKqiOyg=,tag:jIEMfXjjnWNs1yC8d7RHxQ==,type:str]
gitlab: gitlab:
password: ENC[AES256_GCM,data:ellmwJv7zasbAD3hzAkSSJ4Z9qHqmlernG0=,iv:czXgy9wnDHLSrzefL+nKfbPm6DhZwpNARkUxNsBDHzM=,tag:NYXTjgaUAvOOeJlGe5fchQ==,type:str] password: ENC[AES256_GCM,data:ellmwJv7zasbAD3hzAkSSJ4Z9qHqmlernG0=,iv:czXgy9wnDHLSrzefL+nKfbPm6DhZwpNARkUxNsBDHzM=,tag:NYXTjgaUAvOOeJlGe5fchQ==,type:str]
runner_registration_config: runner_registration_config:
@ -71,8 +71,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-12-14T02:34:20Z" lastmodified: "2024-12-18T23:35:08Z"
mac: ENC[AES256_GCM,data:H1CKyLrN3RpzotFbPHS8rY8hEpySJ858d19B9veE3jrgJFeG2qsVmGsFwRiOyHqXGntvak6hP4lMsZFHl3XK21kduwgq0N10i9hpPvfa+L2Zifjtt7+7mVWsFJrCEZ1Ku963DAZL3nujeZKm4BNgbijD2N6bx1Oz1lW1AFO9VQo=,iv:j2cMWQ7L1dXG8BzYG0bHCtpXYJDb33oDMUXaFzsOvrg=,tag:+hny9nFCAcoa2zgmK+BYcw==,type:str] mac: ENC[AES256_GCM,data:M+pepYwbvH5WVSsrE1KqIsY1pi8ZuCzZ27wi0eMCVAvKLu6f+Sx4JMbYA5xDrSbJky2zaFDmfMRV/ykDAwSAhyrDVT8uneD/WRQuNbCLpnES2CmIdIRt7DuKN7OozcecrpQa/MP/9PnJfPjL2ho6yYXka28PJSCQrm7cX0Ln2O4=,iv:JSmQI/IAd6tw5lDhQbsT+1MdlGaQZ6za0Ri8ZdtUOUo=,tag:QfnUwJN6DpetX9e0qz+Iaw==,type:str]
pgp: pgp:
- created_at: "2024-12-05T00:56:17Z" - created_at: "2024-12-05T00:56:17Z"
enc: |- enc: |-