felixalb/nixos-config
felixalb
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

challenger: move more services from voyager: calibre-web, calibre-server, komga, nextcloud, postgres, timemachine

This commit is contained in:
Felix Albrigtsen 2024-07-03 23:48:10 +02:00
parent ed08b6a0e4
commit 0e3e8218a7
9 changed files with 25 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/challenger/configuration.nix
View File

@ -9,8 +9,13 @@
./exports.nix
./filesystems.nix
./services/nginx.nix
./services/calibre.nix
./services/jellyfin.nix
./services/komga.nix
./services/nextcloud.nix
./services/nginx.nix
./services/postgres.nix
./services/timemachine.nix
];
networking = {

0
hosts/voyager/services/calibre.nix → hosts/challenger/services/calibre.nix
View File

12
hosts/voyager/services/komga.nix → hosts/challenger/services/komga.nix
View File

@ -3,6 +3,12 @@ let
domain = "komga.home.feal.no";
cfg = config.services.komga;
in {
services.komga = {
enable = true;
stateDir = "/tank/media/komga";
port = 5001;
};
services.nginx.virtualHosts.${domain} = {
locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
@ -10,10 +16,4 @@ in {
client_max_body_size 512M;
'';
};
services.komga = {
enable = true;
stateDir = "/tank/media/komga";
port = 8034;
};
}

1
hosts/voyager/services/nextcloud.nix → hosts/challenger/services/nextcloud.nix
View File

@ -109,6 +109,7 @@ in {
ProtectProc = "invisible";
ReadWritePaths = [ "/tank/nextcloud" "/run/phpfpm" "/run/systemd" ];
ReadOnlyPaths = [ "/run/secrets" "/nix/store" ];
InaccessbilePaths = [ "/tank/media" "/tank/backup" ];
RemoveIPC = true;
RestrictSUIDSGID = true;
UMask = "0007";

2
hosts/voyager/services/postgres.nix → hosts/challenger/services/postgres.nix
View File

@ -19,5 +19,3 @@
environment.systemPackages = [ config.services.postgresql.package ];
}

0
hosts/voyager/services/timemachine.nix → hosts/challenger/services/timemachine.nix
View File

4
hosts/voyager/configuration.nix
View File

@ -10,12 +10,8 @@
./exports.nix
./filesystems.nix
./services/calibre.nix
./services/fancontrol.nix
./services/komga.nix
./services/nextcloud.nix
./services/podgrab.nix
./services/postgres.nix
./services/snappymail.nix
./services/timemachine.nix
];

13
secrets/challenger/challenger.yaml
View File

@ -1,4 +1,11 @@
hello: ENC[AES256_GCM,data:YmN1loEaJo8sCOerV1WTRCIbPScil4vVyGD9lFlQj45jmQwNluu89ZGa6gQWBBRApko=,iv:/CFu9JOkoahVVmLmAPjkLIc4j3r06sLc3GSwn6NGl8k=,tag:hqyUmTY2IQpeU17SWR2D9Q==,type:str]
transmission:
vpncreds: ENC[AES256_GCM,data:XtsbPvIZXZoIEa0k/A6euANO09x85RergUAKc8v2yd5SScaH9C/AKIqiYih3g2Dq7UMzsMWi1w3/8B33eiP2KU7TUdD23SBVIdkQocdpsr6H3alAPiTlQz+PcmYjuMlA4jeUyUH/ioN/tWT5GVMPaB81Ii0kqjMdgI995Q9of71z5hhwscwSNM49ZNFr/ne63Hk08GRvksl47LkviSKjyj3rKYAvdI91xCvVYsM=,iv:TmWC4i1MGgEXG5J2WjzSgINAWfVEZqEBMMgwZ6zv6h0=,tag:+8kmhrYk4s9v/8N/tJuouw==,type:str]
nextcloud:
adminpass: ENC[AES256_GCM,data:DL5SnyPPUxiVjfIHZ/ZYJi2pNu6x,iv:/bThFVYgHsN3Yr2EJf0+YWhAVIei9ENaHfAH1ADC5Ws=,tag:bNp+2trtwFNYOqruvqPRGw==,type:str]
secretsjson: ENC[AES256_GCM,data:xmdwWBe8LWsSEI64KhSeXbA1B0ahfoGwNmgl33JWteF4AakdI73zfbdIhUBqqlqfbL0uCGlqCiOyRA02h8197mk=,iv:ncKz9ObwoFoVjT0qMzBJ0BqVBNx0ScdMRl82ZNQp4FI=,tag:6S8fqHhvE/gaknxsb+q3Jg==,type:str]
borg:
transmission: ENC[AES256_GCM,data:umr0UEKMT/n0ZRTyfq/qWX4A,iv:R92qRZqQ8onLYDlkYMtHiumFqjVuxOIZAp+k2qTcDps=,tag:WhCP5YmIutR3ckgNIw/Hww==,type:str]
postgres: ENC[AES256_GCM,data:KHL02u+X2fGlZSUrujvkkGI=,iv:gjdPbmRHmO0APXvMJzqN+Swuh2l9mdsUJQRKsSYkEyM=,tag:0Rf9MeW7xTpj2uvnAOhuBA==,type:str]
sops:
kms: []
gcp_kms: []
@ -23,8 +30,8 @@ sops:
bVhLUVBWL3QyMmVjVEswZmtDRXRRUGMKizaESv67KWTOnUkZg1R0c3BkpJrDUxJR
heau8QcBXtNS6Ct1RsJQD3oTmBPAP1NHJ2BD11kEEtpo8FhCOjcqVQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-01T22:30:06Z"
mac: ENC[AES256_GCM,data:p0olgrOkDMbpvPniSl/VL8sI6QM0EttswJ+RbEK8vC46+jnSoN+bTPdYIdVu9hIRPD7iJCldrYxvwpFifkwO03m3RvtOl6cjqcRL39fMw+Xv0R5girHgmTM2Iq1O2xwZkRHbwnceU/FdF+cKS6OuMmXFqlMJkpxUFVQoNDG5+uk=,iv:lrrruA4FT97Ix04LEXVaaFEF8/6vOayZmDfzWZRCYBE=,tag:Jve/CqdBbhoEDkBr4Z0e6g==,type:str]
lastmodified: "2024-07-03T20:11:44Z"
mac: ENC[AES256_GCM,data:feOeO7XrNEtbxp2c2a0EbwVAWUJ+PCZavmRT/4DMFfsJWwjogCqAia2KfC249RufAL2WFVZAw8UfymjtHHKp2v7alN3kqcIZ2rjwtkkzi8JqRQvbbCJwTXLkl8wr21lZD7UdNuAfZHxbwJRchRR/6bsLnxipW8AH8YCv1/Knsg0=,iv:fO4dUfRgJOaDuvJNgl6CVZFovVphQB4rlLIKGgzy7S4=,tag:8Ts1XozKYoSghho4ORDW0Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

12
secrets/voyager/voyager.yaml
View File

@ -8,14 +8,6 @@
#ENC[AES256_GCM,data:T+pI1ogtfjo57NrOvCuhbs//,iv:mqkwAHWxqvt9XkQX0EKXQyJrK5KOCVDpva1Ok37XvKc=,tag:qrp2QeNrJSDr3ECN6cBDiA==,type:comment]
#ENC[AES256_GCM,data:46+Qt0FRlg2tN8A=,iv:4y5C0S75gp4qFFkJ4lOMcPbftOLyzB12wApqNOFYan4=,tag:T/4zLU7d90GkzDohJd2XTg==,type:comment]
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
transmission:
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
nextcloud:
adminpass: ENC[AES256_GCM,data:r2Z6KsQ1hP90/Bf8J804a5D7BTS7,iv:f3TkiPVxw8lAPcyStWqOZuhF4p/5nUPkzL2j/yjsnyg=,tag:c2JWdxZUjkHQWNWDILBrRQ==,type:str]
secretsjson: ENC[AES256_GCM,data:xvUdDoTaTum/gkDBujSfHeunAmwmYhZMY7zY72Ct9wly9gpcbNrJNiwuWSgBP3uYtwArce+n6co33OYZvV8rs/Q=,iv:6nLq9ZxgBHKbjD8I1PbjWf/9XthTSrm3lOwx/YX+Tc4=,tag:UN+c2fjUHK1lpyRsTBpOUw==,type:str]
borg:
transmission: ENC[AES256_GCM,data:VGP23BjX6rjMbcEMA6O7UEX6,iv:C0ehtDSO0eMkIYbwi9wYAKncOBrNCiJB4S5tJ1rxctI=,tag:RNcGwihAxOwCt3XOSoCvfw==,type:str]
postgres: ENC[AES256_GCM,data:nA+Ga56rG8XippMmHsOLEik=,iv:41llHBWEU7ESiUetJC/SkcjHG+beXs/ur8QTmxDGFE8=,tag:92n88ZtrDQWz0gYZmuWD8g==,type:str]
podgrab:
password: ENC[AES256_GCM,data:mH/AZfmUCaUVH9km/dY9+AsmJQ==,iv:1/L0tslY7senVgfi+1g7ijcP3dt9cI4ecyGpkgF0OMo=,tag:fUG+lk7kgI5R9OZyCYP0nQ==,type:str]
sops:
@ -42,8 +34,8 @@ sops:
RmU5MnR3Tmt3dis0YjB4U1JtVW9mTkEKRBSWg2HOB/Q+zHNooV8YsePdrkUzd+Ug
ALu4+IhIl8YHtvBcPiFmupm/Qk173mTvi+x3ZkwzoCaTwDcxsy9FtA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-12T18:57:43Z"
mac: ENC[AES256_GCM,data:46xA8exSUbaEJBufvzt5TbUXQa4956sGQUh9hS8a1nhXasDkdwTtGgSfZq/ENcL/VoEz0ORVJ43OwVE+TV1j9aOzwck96c/KDKTp4iEVbRfcsK/PMccf2FJke3TUmSV6f1hFBpGHpdujghHQTiGct+XQNuuI3RPXYLEYPJrqyeY=,iv:fzQL+ymHTP6XET9YlaCaW1ZGUJaZzCM0neGzMveoSt4=,tag:rsDV5tkU5pTlq4YTel6V1g==,type:str]
lastmodified: "2024-07-03T20:11:59Z"
mac: ENC[AES256_GCM,data:JI0klnv4yA+mwotpMAfQYfc5KTBHYX406jgXtsJh8BRzBZJ7fZZknmuCZpYW1u/pyflqTZ1JK+OKnvlOWrY2C/a6ySIuS3FNiKKQ1gvPc8T7+G9vrVyDNd3VkPMgmNiJuzVQaeYICWr5jHZgzduhZCnAU16VS8VThO7TeF7jFL4=,iv:fxqmMtxPfDzsVZqiKY2vTFFaVXTZeiU69bes1Pik1qQ=,tag:OKnrmx5385oO4Xv8FLQQ+A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1