System/machines/oracles.nix

102 lines
2.5 KiB
Nix
Raw Normal View History

2022-05-13 20:28:07 -04:00
{ config, lib, pkgs, ... }:
{
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Configure networking
networking = {
hostName = "oracles";
domain = "mccarty.io";
useDHCP = false;
interfaces.enp1s0f1.ipv4.addresses = [{
address = "104.238.220.96";
prefixLength = 24;
}];
defaultGateway = "104.238.220.1";
nameservers = [ "172.23.98.121" "1.1.1.1" ];
};
# Open ports in firewall
2022-06-03 23:08:40 -04:00
networking.firewall.allowedTCPPorts = [ 22 80 443 25565 ];
networking.firewall.allowedUDPPorts = [ 22 80 443 25565 ];
2022-05-13 20:28:07 -04:00
networking.firewall.enable = true;
# Trust zerotier interface
networking.firewall.trustedInterfaces = [ "zt5u4uutwm" ];
# Add nginx and acme certs
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
security.acme = {
2022-05-30 21:47:04 -04:00
defaults.email = "nathan@mccarty.io";
2022-05-13 20:28:07 -04:00
acceptTerms = true;
};
# Redis
2022-05-30 21:47:04 -04:00
services.redis.servers.main = {
enable = true;
bind = "172.23.108.12";
};
2022-06-03 23:00:13 -04:00
# Install java
environment.systemPackages = with pkgs; [
jdk
2022-06-10 19:30:15 -04:00
borgbackup
2022-06-03 23:00:13 -04:00
];
2022-06-10 19:30:15 -04:00
# Setup sops
sops.secrets."borg-sshKey" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
sops.secrets."borg-oraclesPassword" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
# Setup the job
services.borgbackup.jobs = {
files = {
paths = [
"/home"
"/var"
"/etc"
];
exclude = [
"*/.cache"
"*/.tmp"
"/home/nathan/minecraft/server/backup"
"/var/lib/postgresql"
"/var/lib/redis"
"/var/lib/docker"
2022-06-10 20:10:18 -04:00
"/var/log"
2022-06-10 19:30:15 -04:00
];
repo = "de1955@de1955.rsync.net:computers/oracles";
encryption = {
mode = "repokey-blake2";
2022-06-10 19:31:02 -04:00
passCommand = "cat ${config.sops.secrets."borg-oraclesPassword".path}";
2022-06-10 19:30:15 -04:00
};
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
compression = "auto,zstd";
2022-06-10 20:23:41 -04:00
startAt = "OnCalendar=00/4:30";
2022-06-10 19:30:15 -04:00
prune.keep = {
within = "7d"; # Keep all archives for the past week
daily = 1; # Keep 1 snapshot a day for 2 weeks
weekly = 4; # Keep 1 snapshot a week for 4 weeks
monthly = -1; # Keep unlimited monthly backups
};
};
2022-06-10 19:47:47 -04:00
};
# Backup postgres
services.postgresqlBackup = {
enable = true;
compression = "none";
backupAll = true;
startAt = "OnCalendar=00/2:00";
2022-06-10 19:30:15 -04:00
};
2022-05-13 20:28:07 -04:00
}