JakeHillion/nixos
1
0
Fork 0
Code Issues 10 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

phoenix: enable resilio sync and backups
All checks were successful
flake / flake (push) Successful in 1m27s
Details

Browse Source
This commit is contained in:
Jake Hillion 2024-10-21 08:54:19 +01:00
parent b18ae44ccb
commit e03ce4e26c
8 changed files with 154 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
hosts/phoenix.st.ts.hillion.co.uk/default.nix
View File

@ -59,6 +59,32 @@ in
interval = "Wed, 02:00"; interval = "Wed, 02:00";
}; };
## Resilio
custom.resilio = {
enable = true;
backups.enable = true;
folders =
let
folderNames = [
"dad"
"joseph"
"projects"
"resources"
"sync"
];
mkFolder = name: {
name = name;
secret = {
name = "resilio/plain/${name}";
file = ../../secrets/resilio/plain/${name}.age;
};
};
in
builtins.map (mkFolder) folderNames;
};
services.resilio.directoryRoot = "/${zpool_name}/users/jake/sync";
## Chia ## Chia
age.secrets."chia/farmer.key" = { age.secrets."chia/farmer.key" = {
file = ../../secrets/chia/farmer.key.age; file = ../../secrets/chia/farmer.key.age;

41
modules/resilio.nix
View File

@ -16,9 +16,14 @@ in
type = with lib.types; uniq (listOf attrs); type = with lib.types; uniq (listOf attrs);
default = [ ]; default = [ ];
}; };
backups = {
enable = lib.mkEnableOption "resilio.backups";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable (lib.mkMerge [
{
users.users = users.users =
let let
mkUser = mkUser =
@ -67,5 +72,37 @@ in
}; };
systemd.services.resilio.unitConfig.RequiresMountsFor = builtins.map (folder: "${config.services.resilio.directoryRoot}/${folder.name}") cfg.folders; systemd.services.resilio.unitConfig.RequiresMountsFor = builtins.map (folder: "${config.services.resilio.directoryRoot}/${folder.name}") cfg.folders;
}; }
(lib.mkIf cfg.backups.enable {
age.secrets."resilio/restic/128G.key" = {
file = ../secrets/restic/128G.age;
owner = "rslsync";
group = "rslsync";
};
services.restic.backups."resilio" = {
repository = "rest:https://restic.ts.hillion.co.uk/128G";
user = "rslsync";
passwordFile = config.age.secrets."resilio/restic/128G.key".path;
timerConfig = {
OnBootSec = "10m";
OnUnitInactiveSec = "15m";
RandomizedDelaySec = "5m";
};
paths = [ config.services.resilio.directoryRoot ];
exclude = [
"${config.services.resilio.directoryRoot}/.sync"
"${config.services.resilio.directoryRoot}/*/.sync"
"${config.services.resilio.directoryRoot}/resources/media/films"
"${config.services.resilio.directoryRoot}/resources/media/iso"
"${config.services.resilio.directoryRoot}/resources/media/tv"
"${config.services.resilio.directoryRoot}/dad/media"
];
};
})
]);
} }

39
secrets/resilio/plain/dad.age
View File

@ -1,21 +1,24 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-rsa GxPFJQ -> ssh-rsa GxPFJQ
EPZOBgPiAUU7ZB/+HAU/rrTRY+xYvbUxzWqDE6h58ld4NMG6+eBE7TRvzzfnYyYN W/JpTGL3h9Ie2UIPRhJ5l3KyR/TbWlgHgJY/XZNafW/mlMyZSKrA2imwyoq+vh5L
n97k00+h2ygm52hfoQFuUW7kXOAlZZDd3u9r45ELN9sx3sPM7dmuOyGMWca5VYf/ nztzl52lpvq8qQyF5jlfPsKJG/0bAPHhon63RPPj8fgh9Txp+lDVZpt8IMv3GT7v
jqObPcEdhbcr3SdTocsNM5e3hWYYyEO/bvDgoRWeckOR0WRWflVRUXXrUTfTnty2 j/wmQ1/6wTTDar2XDxn8Rz/Spn8EBnHvGNgNUEKrs6xwcWylX+dVwwobm8OsazMY
KAaNuTyOtxjJGo0T4GXEOzZrM1Bkhk9nLJPdFhC1JgYV/pjIRSYD5J3ddWYiHFX5 tLiw+NGC/ctQPJNKAUfgGrcovoOpsnYgbT5bi3NU5hma2oogMSAAL/O7LcxLy5ta
uih9bOq2TK/HdNTw2Y+c37XywQjacxqWvrk32tlf270hy4a5+xIYmuwJW/njcFXd yccw6E+Uwy20FDccvZcUCpuceKa3UT8tFBS3mjH/CmCpcPpoT+Wnx8iguwPzsEE7
7rkeEhpr6/vGftAZLhlLDw 5KDSNBjTnK9OmexEeJcVHw
-> ssh-rsa K9mW1w -> ssh-rsa K9mW1w
oRU8fuhEhxnLcbKB9XWZXcG41GFSfInyI+D3RP+Nvk0NV39rDiNZNUV25drZvAxo E8ZznY4+Ku09sNlUqrnk0V0KXdlouRDVgEipNhnlH/comEtU41DsnIminGO3fw2R
iphA7XuHDxAP5ropBjtZLNpIQDVwQynRoPmtvJmz74bYOxSRtGBvN1U9R0LOBgBz 9WS43TRzys0VOJasXN/f+nUJoc24S0RMfOCbm+S5yacr5hSctXobR8h7tJwkjchU
6Sd/DRuXKEmFBhNoaGbyi+s7RBalJaGfncHWdWSt58Pr7yVVlgX7hxk/YJ4fTLDv nh4LXpbMC9RZIPNEmlvi6ft1hvay1UARgEeLOmxXohg6i9dZN9PCgwuXhLi7LyyY
pXFUnvfO6VeCUVzowTXEZ62vh72L4+lNETBcJOx/ckJveee8kWrY0WAaxKEOXiC5 Xp+Dp8qTV8Z47wj4drkt5xo8CRADpK2gmaJM1gsKVHhiYw9YG0HDP4HnHj2eDX42
IVHjWHXXhXic56ShaDUOcjICoBlQMg9OgYf0lRLOAN1gCAN5DXbQOMsFl3S7VSsF Ub9fonGVe7qAtOcdGwvfE5asI7oRV0vMNWVXVeCpVJz4HnOS9j3KmBsIjqjYhtbd
YhdmaKTuV6IJ7cy5RIIdLg GYmbj433+djDi7pkyuUAUg
-> ssh-ed25519 rjda/A 6iDdTEocgv06P/3+L1iWwq7Gm7a1b7T6lZShSM5EJRs -> ssh-ed25519 RR/L5A uX9nKtJKe5+S9h0xKahI20M5IbKhrhIPcrjSLquuW1c
m/S+62etPaEeHwtlFBtzUfnx2nkOgiQgIgBKceAJHeQ Kkds3meVksyqjrn2Tz8LjowfFLqPlvlvK3/eyG1DbWw
-> ssh-ed25519 iWiFbA pfQMsGLDsG++Xm/fD818zYDmRAa2nC0k549NX2OxiA0 -> ssh-ed25519 rjda/A f//WHnXa7eTJryZXEZHn3RMaEahT/MwG5Y5i2lQwuls
Dmlw+2WwBdVWzr13OTy6cjZAQVQRm9RVHFF5LsM5EBo Iqw8M/kxiJPUOVuAIucFeY+fo9CBK9oGbLXtuz99eB4
--- JUB1zhbUjh1AMqVohboNnNqsPBvv0fCaVqMgcyVpPH8 -> ssh-ed25519 iWiFbA 5IkM2IPNwhwgW5fTiaiaIyAi2BgBPHDgdL/5C/Qt2QA
¹hÜ<EFBFBD>fÈ$où,8°A`œ÷†¼³<C2BC>™ë™šíH f\_y0Ý éí÷„wcPáÄ”àËÈÆ€1Øúõ$[!tv AJ4wLzu6fAJ3R+PayHAyIZZgutWSO2zZddq4H6g4qRs
--- VyVB3OASslBK+4eWM2toRNwpKgpOn0qOs+F3e8MgEUs
’¬)­ôrù°Î><3E> :¸Ç·û’œðã霸][8*É‹%9Ÿ"ßÓ§‚–´/`
ÿf ðŸbH´S_ÒâxÐî²

BIN
secrets/resilio/plain/joseph.age
View File

Binary file not shown.

BIN
secrets/resilio/plain/projects.age
View File

Binary file not shown.

BIN
secrets/resilio/plain/resources.age
View File

Binary file not shown.

38
secrets/resilio/plain/sync.age
View File

@ -1,21 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-rsa GxPFJQ -> ssh-rsa GxPFJQ
ZVcJQCHZVc/K9KaJTDRPCFJJCb9OAg6WYKLiS3hbBA2NhARsvw6plBu9WBrlExMj D0Idk3mWqB1Xnv/ovfhrhxigYg4iYpIVUv4Xq6mz3E/kf1aM1KMH+vOfdDpf6eg6
n++ZCx6Jl1n0yq2+6rSaThHf7c7SoGRdO77rclK6ILhZ2uar49fRbjiJyhIEaH9g ufriFO51HPAEN1nqq3bFteOxLq7B3RkbonDjgq90i+1er3bSNxrzlC+f440mmB6w
g2pMwdvlqh4CyQBdyFigriXDpxhKPLBnNVZrlHknFNeEy+oMnrFgZXaEZMvsgzmD nc2UvqqN3UTGuQqrHWCUp7HQ/RBToASgz8SCqim96UY86Df2BPTY7P+EsMraO2Zw
T+laML8uH6dodxW48P7kOwKX0ya9WKrBAcEZ+XXEeTpwgGD0vXJmizRpCs6DrJl/ bHTDNyLZB6hZZQfoCpUz4J7Hq5x7cBpLH+S2No1xWMHDy11LkgS9DDFGL6/lDGMm
FDy1p65vLIfZYzgxVBsoutdJKQP1h+Zu1ykVYm4JKwprD/hrK9vP9MBc5nSNRD0P GcoQv0V14iQyb0KHYwkJKd4q4Vx20LMwAYqSFt33XN2SAbqKgo8p2nJQnCBZkn/P
kYOcTkmueSh4S8tQGaf3lA fl61Tqiiy5NEya2hc9bELQ
-> ssh-rsa K9mW1w -> ssh-rsa K9mW1w
PTIieqZ31cNjwUSHCXny/5botfCJt0X4ot1kzkDOXt402ZxrmSh7Lt+Zf3Avjvbs T/A5xeJ+mP8uK+yuhxvqMwvdMqFMIb8ZPB1K4L8gnVk4xTPW3jIYgGqOFVOOtf0I
+Q2jfSvh6Oj8bubBZdCgYADI7OOAAUGSFGjG9ctTVnoORUGF2P0xaVGv/EShO+2W 4+nBvGxbA9fqi4Mi5q9to0Lg/8vMOOBG7cx5ApqXP+UAhXZEsyAyIZ+TK3pIYTXW
1gDUEJXfkDXW8GN7NmOlt7Yh0NNOndzsMhjxo+iqd8e4Ux8J6L7CV/Yg25v9Zs8W mj8DBw7AtvvHdEb1rBA7RxWHW1WdjoOlnuz+X9hMSKbBfhhINwuYopn+jGbrAz4B
ocwFYCngeFTZmvlTe7hsd+26BlvHSMOqKXZUDfjzsMX+bWTxzIgS4lAjNDCYDNan 5ehpzYMjyGMM0u621A34UaVD6ocVpVzYVMJuXtACAZcY11porzoVtPHDiibX+Ysf
vIXSktu051Q0aQ5bdGJtnWYx8xRz8/S+K9Xs7WgP9TEENd0kAcxQhn6dd2AUZYSD t2oV16Hw52yEa/QnSxhB3f1XPdzqo6yllLkWk+7kEsMXbGM6snKPjnfzOHpvo47W
4SqV4SgKsGpdNv6ceHI9qA tCjTYVmHDS/maSYKEVMNcg
-> ssh-ed25519 rjda/A WkxHtfUpVL2AE1eLn0Zp0qVr191/umWcGJl7KUGfURE -> ssh-ed25519 RR/L5A Jd+CAknpb/VluTjp1rmyzyOaLBPWFXApespITJpc+2Q
FBhE2Qwib+n3x9XL/GM1HzWMeeznPJw0gPZ/ALjGtJA UqrPrFFvG/4qA4VT4TvJSWQ1wPTsGpkn9141ob5yizY
-> ssh-ed25519 iWiFbA +5PSAc60g3QsJ3rPaz1a1S2A79Vew85c1uCn0ajLbyQ -> ssh-ed25519 rjda/A AGNRQXks1E2i+in4IcTVCxv7sU+W6aWPqPxzMe2lig8
IUcm6BA1kH8ZcvCBRoyR1HJ2GJEXaOrUH6JCIGAzKRE /w+iid2fSic4HwjuU9wNvyL3O5KLeQBiRFFO+8HOda4
--- OZtfOD2pDRkjgPMMFYErZfyAozBLBKzmUndxfKBcewI -> ssh-ed25519 iWiFbA RxKG7+5QYBMxf/5GOlLkJtmxRIGrHZ0fNRT+SlIM33g
Oj)öùð 9Ô®Ê. <20>±bý ãè<C3A3>€šLüŠ™{k½+4dá¹á·ÉYC/ªîù<1A>ñ <ÞÅMãþJe4 ejBO6/qUF2CGa6FiVutpjdTlakIoSSklfg6+ykgzo1U
--- CocYhJAFnI9XN+CU/AieVbBL1USYo1VydYANS35DASw
Œ<EFBFBD>æƒ 7ÿ“3#”å ÃÌ /'ûëe½€|rÁçÇÒÿv»f®|–ÙµŸ{Íß2Žhç.?æ=øi¿ÉnPdx

10
secrets/secrets.nix
View File

@ -70,11 +70,11 @@ in
"resilio/encrypted/sync.age".publicKeys = jake_users ++ [ ]; "resilio/encrypted/sync.age".publicKeys = jake_users ++ [ ];
## Read/Write Resilio Sync Secrets ## Read/Write Resilio Sync Secrets
"resilio/plain/dad.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; "resilio/plain/dad.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ];
"resilio/plain/joseph.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; "resilio/plain/joseph.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ];
"resilio/plain/projects.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; "resilio/plain/projects.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ];
"resilio/plain/resources.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; "resilio/plain/resources.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ];
"resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; "resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ];
# Matrix Secrets # Matrix Secrets
"matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ]; "matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ];