JakeHillion/nixos
1
0
Fork 0
Code Issues 10 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
b39549e1a9
nixos/hosts/tywin.storage.ts.hillion.co.uk/default.nix

225 lines
6.3 KiB
Nix
Raw Normal View History

tywin.storage: add host
2023-05-20 16:54:50 +01:00
{ config, pkgs, lib, ... }:
{
imports = [
../../modules/common/default.nix
./hardware-configuration.nix
];
config = {
system.stateVersion = "22.11";
networking.hostName = "tywin";
networking.domain = "storage.ts.hillion.co.uk";
tywin: enable zfs
2023-05-30 20:21:07 +01:00
networking.hostId = "2a9b6df5";
tywin.storage: add host
2023-05-20 16:54:50 +01:00
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
downloads: add container to tywin.storage
2023-03-18 22:41:29 +00:00
custom.locations.autoServe = true;
tywin.storage: add host
2023-05-20 16:54:50 +01:00
## Tailscale
age.secrets."tailscale/tywin.storage.ts.hillion.co.uk".file = ../../secrets/tailscale/tywin.storage.ts.hillion.co.uk.age;
custom.tailscale = {
enable = true;
preAuthKeyFile = config.age.secrets."tailscale/tywin.storage.ts.hillion.co.uk".path;
tywin: setup restic server
2023-07-01 18:51:48 +01:00
ipv4Addr = "100.115.31.91";
ipv6Addr = "fd7a:115c:a1e0:ab12:4843:cd96:6273:1f5b";
tywin.storage: add host
2023-05-20 16:54:50 +01:00
};
tywin: enable zfs
2023-05-30 20:21:07 +01:00
## Filesystems
tywin.storage: add host
2023-05-20 16:54:50 +01:00
fileSystems."/".options = [ "compress=zstd" ];
tywin: set max arc size to 24GB
2023-06-17 11:28:17 +01:00
tywin: enable zfs
2023-05-30 20:21:07 +01:00
boot.supportedFilesystems = [ "zfs" ];
boot.zfs = {
forceImportRoot = false;
extraPools = [ "data" ];
};
tywin: set max arc size to 24GB
2023-06-17 11:28:17 +01:00
boot.kernelParams = [ "zfs.zfs_arc_max=25769803776" ];
resilio: tywin: sync all folders
2023-05-30 21:18:12 +01:00
tywin: enable weekly zfs scrubs
2023-07-01 14:28:49 +01:00
services.zfs.autoScrub = {
enable = true;
interval = "Tue, 02:00";
};
tywin: enable git backups
2023-07-02 22:43:53 +01:00
## Backups
### Git
age.secrets."git/git_backups_ecdsa".file = ../../secrets/git/git_backups_ecdsa.age;
age.secrets."git/git_backups_remotes".file = ../../secrets/git/git_backups_remotes.age;
custom.backups.git = {
enable = true;
sshKey = config.age.secrets."git/git_backups_ecdsa".path;
reposFile = config.age.secrets."git/git_backups_remotes".path;
repos = [ "https://gitea.hillion.co.uk/JakeHillion/nixos.git" ];
};
resilio: tywin: sync all folders
2023-05-30 21:18:12 +01:00
## Resilio
custom.resilio.enable = true;
tywin: resilio: fix device name
2023-06-08 11:00:30 +01:00
services.resilio.deviceName = "tywin.storage";
resilio: tywin: sync all folders
2023-05-30 21:18:12 +01:00
services.resilio.directoryRoot = "/data/users/jake/sync";
services.resilio.storagePath = "/data/users/jake/sync/.sync";
custom.resilio.folders =
let
folderNames = [
"dad"
"joseph"
"projects"
"resources"
"sync"
];
mkFolder = name: {
name = name;
secret = {
name = "resilio/plain/${name}";
file = ../../secrets/resilio/plain/${name}.age;
};
};
in
builtins.map (mkFolder) folderNames;
chia: create service and start syncing
2023-05-11 21:12:57 +01:00
restic: backup synced folders
2023-07-08 15:50:46 +01:00
age.secrets."resilio/restic/128G.key" = {
file = ../../secrets/restic/128G.age;
owner = "rslsync";
group = "rslsync";
};
services.restic.backups."sync" = {
repository = "rest:http://restic.tywin.storage.ts.hillion.co.uk/128G";
user = "rslsync";
passwordFile = config.age.secrets."resilio/restic/128G.key".path;
timerConfig = {
Persistent = true;
OnUnitInactiveSec = "15m";
RandomizedDelaySec = "5m";
};
paths = [ "/data/users/jake/sync" ];
exclude = [
"/data/users/jake/sync/.sync"
"/data/users/jake/sync/*/.sync"
"/data/users/jake/sync/resources/media/films"
"/data/users/jake/sync/resources/media/iso"
"/data/users/jake/sync/resources/media/tv"
"/data/users/jake/sync/dad/media"
];
};
tywin: setup restic server
2023-07-01 18:51:48 +01:00
## Restic
age.secrets."restic/128G.key" = {
file = ../../secrets/restic/128G.age;
owner = "restic";
group = "restic";
};
age.secrets."restic/1.6T.key" = {
file = ../../secrets/restic/1.6T.age;
owner = "restic";
group = "restic";
};
services.restic.server = {
enable = true;
appendOnly = true;
extraFlags = [ "--no-auth" ];
dataDir = "/data/backups/restic";
listenAddress = "127.0.0.1:8000"; # TODO: can this be a Unix socket?
};
services.caddy = {
enable = true;
virtualHosts."http://restic.tywin.storage.ts.hillion.co.uk".extraConfig = ''
bind ${config.custom.tailscale.ipv4Addr} ${config.custom.tailscale.ipv6Addr}
reverse_proxy http://localhost:8000
'';
};
flake: update to nixpkgs 2311
2024-02-04 10:29:07 +00:00
### HACK: Allow Caddy to restart if it fails. This happens because Tailscale
### is too late at starting. Upstream nixos caddy does restart on failure
### but it's prevented on exit code 1. Set the exit code to 0 (non-failure)
### to override this.
systemd.services.caddy = {
requires = [ "tailscaled.service" ];
after = [ "tailscaled.service" ];
serviceConfig = {
RestartPreventExitStatus = lib.mkForce 0;
};
};
flake: update 8th July 2023
2023-07-08 15:50:31 +01:00
tywin: setup restic server
2023-07-01 18:51:48 +01:00
services.restic.backups."prune-128G" = {
repository = "/data/backups/restic/128G";
user = "restic";
passwordFile = config.age.secrets."restic/128G.key".path;
timerConfig = {
Persistent = true;
OnCalendar = "02:30";
RandomizedDelaySec = "1h";
};
pruneOpts = [
tywin: enable git backups
2023-07-02 22:43:53 +01:00
"--keep-last 48"
tywin: setup restic server
2023-07-01 18:51:48 +01:00
"--keep-within-hourly 7d"
"--keep-within-daily 1m"
"--keep-within-weekly 6m"
"--keep-within-monthly 24m"
];
};
services.restic.backups."prune-1.6T" = {
repository = "/data/backups/restic/1.6T";
user = "restic";
passwordFile = config.age.secrets."restic/1.6T.key".path;
timerConfig = {
Persistent = true;
OnCalendar = "Wed, 02:30";
RandomizedDelaySec = "4h";
};
pruneOpts = [
"--keep-within-daily 14d"
"--keep-within-weekly 2m"
"--keep-within-monthly 18m"
];
};
chia: create service and start syncing
2023-05-11 21:12:57 +01:00
## Chia
age.secrets."chia/farmer.key" = {
file = ../../secrets/chia/farmer.key.age;
owner = "chia";
group = "chia";
};
custom.chia = {
enable = true;
chia: router: forward port 8444 tcp to tywin
2023-06-04 21:36:07 +01:00
openFirewall = true;
chia: create service and start syncing
2023-05-11 21:12:57 +01:00
keyFile = config.age.secrets."chia/farmer.key".path;
tywin: mount /mnt/d6
2023-11-02 20:54:20 +00:00
plotDirectories = builtins.genList (i: "/mnt/d${toString i}/plots/contract-k32") 7;
chia: create service and start syncing
2023-05-11 21:12:57 +01:00
};
storj: create module
2023-06-11 17:09:10 +01:00
downloads: add container to tywin.storage
2023-03-18 22:41:29 +00:00
## Downloads
custom.services.downloads = {
metadataPath = "/data/downloads/metadata";
downloadCachePath = "/data/downloads/torrents";
filmsPath = "/data/media/films";
tvPath = "/data/media/tv";
};
tywin: enable plex
2023-07-22 19:57:48 +01:00
## Plex
users.users.plex.extraGroups = [ "mediaaccess" ];
services.plex = {
enable = true;
openFirewall = true;
};
router.home: enable unbound dns server
2024-04-26 19:29:13 +01:00
## Networking
networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
tywin: setup restic server
2023-07-01 18:51:48 +01:00
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
80 # Caddy (restic.tywin.storage.ts.)
tywin: storj: enable on d3
2023-09-08 20:51:42 +01:00
14002 # Storj Dashboard (d0.)
14003 # Storj Dashboard (d1.)
14004 # Storj Dashboard (d2.)
14005 # Storj Dashboard (d3.)
tywin: setup restic server
2023-07-01 18:51:48 +01:00
];
tywin.storage: add host
2023-05-20 16:54:50 +01:00
};
}
Reference in New Issue Copy Permalink