diff --git a/hardware/hetzner-dedicated-storage1.nix b/hardware/hetzner-dedicated-storage1.nix index 5743b82..62519f7 100644 --- a/hardware/hetzner-dedicated-storage1.nix +++ b/hardware/hetzner-dedicated-storage1.nix @@ -33,21 +33,47 @@ nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + networking = { + useDHCP = false; + defaultGateway = "78.46.96.225"; + defaultGateway6 = { address = "fe80::1"; interface = "enp2s0"; }; + nameservers = [ + "213.133.100.100" + "213.133.99.99" + "213.133.98.98" + ]; + interfaces = { + enp2s0 = { + ipv4.addresses = [ + { + address = "78.46.96.243"; + prefixLength = 24; + } + ]; + ipv6.addresses = [ + { + address = "2a01:4f8:120:8233::1"; + prefixLength = 64; + } + ]; + }; + vlan4000 = { + mtu = 1400; + ipv4 = { + addresses = [{ + address = "10.0.2.3"; + prefixLength = 24; + }]; + routes = [{ + address = "10.0.0.0"; + prefixLength = 16; + via = "10.0.2.1"; + }]; + }; + }; + }; + vlans.vlan4000 = { id = 4000; interface = "enp2s0"; }; + }; + - networking.useDHCP = false; - networking.interfaces."enp2s0".ipv4.addresses = [ - { - address = "78.46.96.243"; - prefixLength = 24; - } - ]; - networking.interfaces."enp2s0".ipv6.addresses = [ - { - address = "2a01:4f8:120:8233::1"; - prefixLength = 64; - } - ]; - networking.defaultGateway = "78.46.96.225"; - networking.defaultGateway6 = { address = "fe80::1"; interface = "enp2s0"; }; - networking.nameservers = [ "8.8.8.8" ]; } diff --git a/modules/mailserver.nix b/modules/mailserver.nix index d17f177..2f6477b 100644 --- a/modules/mailserver.nix +++ b/modules/mailserver.nix @@ -105,6 +105,7 @@ hashedPasswordFile = config.sops.secrets.eliosPassword.path; aliases = [ "webshit@banditlair.com" + "outlook-pascal@banditlair.com" "nexusmods.webshit@banditlair.com" "pizza.webshit@banditlair.com" "fnac.webshit@banditlair.com" diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 1cd3eb5..791afc4 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: let uidFile = pkgs.writeText "uidfile" '' - nextcloud:33 + nextcloud:993 ''; gidFile = pkgs.writeText "gidfile" '' - nextcloud:33 + nextcloud:991 ''; in { @@ -48,7 +48,7 @@ in "nomap=ignore" ]; in - "${pkgs.sshfs}/bin/mount.fuse.sshfs www-data@10.0.2.2:/var/lib/nextcloud/data " + "${pkgs.sshfs}/bin/mount.fuse.sshfs www-data@10.0.2.3:/nix/var/data/nextcloud/data " + "/var/lib/nextcloud/data -o ${options}"; ExecStopPost = "-${pkgs.fuse}/bin/fusermount -u /var/lib/nextcloud/data"; KillMode = "process"; diff --git a/profiles/storage.nix b/profiles/storage.nix index d1dc3eb..bfffc5d 100644 --- a/profiles/storage.nix +++ b/profiles/storage.nix @@ -20,8 +20,11 @@ users.users.www-data = { uid = 993; - isSystemUser = true; + isNormalUser = true; group = config.users.groups.www-data.name; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDc7kX8riTSxRNwqIwZ/XwTKHzl1C786TbeU5qx2gTidR4H56+GxA5jrpWLZrcu0MRBu11/URzyGrJGxdBps6Hu/Arp482Y5OxZeDUzD+tZJa79NylG9GQFMTmGLjH3IqBbmgx91WdYsLmgXjz0f+NxANzmgvzRt2IolHc4hxIkrDickfT2dT3uVtaJOGBsLC2BxVT0rCHFmvjB7+qnJ4jvC8b/V+F6+hijom1kUq9zhZzWEg8H5imR0UoXrXLetxY+PGAqKkDLm/pNQ/cUSX4FaKZ5bpGYed7ioSeRHW3xIh4zHhWbiyBPsrjyOmEnxNL5f4o4KgHfUDY0DpVrhs+6JPJTsMfsyb0GciqSYR5PCL73zY+IEo+ZHdGubib4G5+t1UqaK+ZZGqW+a7DLHMFR6tr3I/b/Jz8KHjYztdx/ZHS3CA2+17JgLG/ycq+a3ETBkIGSta5I4BUfcbVvkxKq7A99aODDyYc+jMp7gbQlwKhdHcAoVcWRKqck/sL0Qnb4e+BoUm+ajxRo6DNcpGL5LLtD/i1NuWjFugh6q1KcgXP/Bc11Owhqg3nlIUMUoVc2/h/9Er9Eaplv27rw180ItGR1UEQ4gQHCGQB6vCF5NRPjAS5y515UcDu+rceFIr1W15IZvhMrcphb8clu8E2us68ghas7ZgXKU2xypsaGPw== sshfs-2021-07-16" + ]; }; users.groups.www-data = { gid = 991; }; diff --git a/secrets.enc.yml b/secrets.enc.yml index 61e24b1..88f4a8a 100644 --- a/secrets.enc.yml +++ b/secrets.enc.yml @@ -12,7 +12,7 @@ email: paultrial: ENC[AES256_GCM,data:fDGYNdu9DQcfheOkc5aixUGmHPrVh4/6JGAECwhl64zpxXqPQ/jqYoaOMz3o3wozF1g+ZOKdBd2daBm0,iv:nyz37z1gmKbdpBDRvEe/4l36+evh89kpgowNxd+KdE0=,tag:j6JWAXglSPtKqN0v7akrSg==,type:str] elios: ENC[AES256_GCM,data:J1Q1dz7IuDshfVk6PREMwatI6vbpAWhYjk3q/0+rZcvmGhmqXw+3CO8Q6M9ATd1j4cRGvK9G2pLAeu4m,iv:0RxXvfzhmEFWVnNdhQJ2ZvaZ86AFfFhpNKahfmp/ONk=,tag:4XGo6fEINSrhPfWF1EABHA==,type:str] marie: ENC[AES256_GCM,data:XM1Gt2fY0GqOq+J3+CQflnWPLMmILqTWviWxzkrluovweQ+iMWmfGAS9o2K/GAS1Rr0G3P4NFmhPe6YL,iv:g9Y3WClUzvE4bkXaV82q2/cFME20KvsIV1T/q0ysBIo=,tag:Gc5rE/WubuD66uz+8OOclQ==,type:str] - alice: ENC[AES256_GCM,data:YKGwIj3RnsKuVZYfKGi9O+QE05wMMs86nw0NI5Q1XfRLdzGhBfAaPI/WjZ3C7APAzkNWKtYWgrCvQXcn,iv:dirLlOph9Vh2lmZga0HJ48SIwsRCgC1JzgF+pLVF62I=,tag:VcMbpEoxHdhCpxZI6ODzAw==,type:str] + alice: ENC[AES256_GCM,data:wLnrPro2FIsT+i5rpcmen63waTE6RBF/aw5yUz6BmsMRXCMmJyoLxrGgB4faIaBEnRNT68iozP8dSCIG,iv:2Tjvz/5JMBby+OBAYShIAz7Tl3gSQAYmUepJcHM9my0=,tag:ulrfLiTBExN5D9hjg3rgSA==,type:str] monit: ENC[AES256_GCM,data:p/Vtc9MM8BeNF2V3l0VL82oOk0JUeKY/hAqPtW45Sdm8hiZbCNdF68jurvoI2oBu8b0d2Fer0n4ybAQJ,iv:R7PhqwaWaxx7g1gyYnh0UdoQILYHKuFG84AGghiOJ9g=,tag:S/IpeyVHLzHyqPDHIxAT8w==,type:str] wiki: anderia: @@ -39,8 +39,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2021-12-26T15:01:54Z" - mac: ENC[AES256_GCM,data:NZHnzTzxv6rAGxOJUyrYvt4W0nvzBIRcSbTqwmu7ICLXGlNNnt0mKL/j4LgQPufUM1RLAKX3DwUamN7FqdcGAb0QdgGeF/3QPa3T2Fuaj/wZz6/MnzKAlVadfBKF5N7JsfPnjPnZ2J+dbJPGS5FK5yQJRi5GbBd69WbLHbwBSOM=,iv:19vPP3wikeC4GcAgu/oGPxIJAaOXEGCTOd8exAZz/8U=,tag:Wm2ytvLSk5EG1Fb3ycTRGw==,type:str] + lastmodified: "2021-12-26T19:03:13Z" + mac: ENC[AES256_GCM,data:bq+LPYRwPHJUEfaoF68+WOnmRyx028nJN6DISJQHNFCeiGS40Yd0IwnOQUgb9nu5OMB+WJwOFZtbXpIXPgsczcvDVuoLPpch6CgA3QTFT0uxgQ5eMMSbVdshpSFaVJQPkHZ1anOqIgCg4t9iFtx6E1pFeMUAKCrY2w3kyijq05U=,iv:ql4DMS8Nbyp1oQ4IM7XwcmTB1eezhDrpp4SEejLlXmM=,tag:OdWAZZdDTdmVCl4eASbXiA==,type:str] pgp: - created_at: "2021-11-29T00:57:34Z" enc: |