| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
Backups are not synchronized with rclone to gcloud, but instead with
rsync to rsync.net.
|
|
|
|
|
| |
The path to the restic repository has changed, and we are a bit more
specific about the paths we want to backup.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dedicated account for backup should be named 'backup', as it's more
generic.
While it's a system account, I still need to be able to log in the host
remotely with sftp, so we give it a UID (991).
The account needs to be able to sftp to tahoe in order to store the
backups from remote hosts. However we don't want this user to get a
shell and be able to browse the host, so we configure sshd to chroot the
user to where the backups are stored.
|
|
|
|
|
|
|
| |
I don't want to have to deal with authentication and TLS certificates
for these endpoints. If they are only listening on the wireguard
interface I can trust that only authorized hosts are sending traffic to
these endpoints. I trust what's running on these machines.
|
|
|
|
|
| |
This will help to organize and structure monitoring modules a bit
better.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To prevent the unit to be triggered multiple times if the host has
already rebooted, we create a gate file when we're done running, and
before running, we check if the file exists.
Enable the service on tahoe.
Don't restart the unit when its definition has changed.
|
|
|
|
|
| |
It's not working as I want, let's fix it first then we can enable it
again later.
|
|
|
|
|
|
|
|
| |
Replace gitea with gitolite + cgit. I don't need a whole git forge for
myself, especially since I don't use most of the features.
The main thing I'm losing with this change is CI (via drone), but this
is not really a big loss for now.
|
| |
|
|
|
|
|
| |
I don't need to backup videos, and the cache of my home directory. I
also don't need to keep that many snapshots around.
|
|
|
|
|
| |
This is a broken unit and I don't need it (see
https://github.com/nixos/nixpkgs/issues/72394).
|
| |
|
|
|
|
|
| |
The URL for drone changed to https://ci.fcuny.net. The secrets also
changed (and we remove the unencrypted file with secrets).
|
| |
|
|
|
|
|
| |
Since I'm moving everything back to GitHub I don't need to run these
services anymore.
|
|
|
|
|
|
|
|
|
| |
I don't need to backup these directories in my home.
Change-Id: Ia2302f2ebe74033090b86b52864787d2a63ecb4b
Reviewed-on: https://cl.fcuny.net/c/world/+/620
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
This was done by running `nixpkgs-fmt .'.
Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295
Reviewed-on: https://cl.fcuny.net/c/world/+/404
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I12cc741bdfb074f7d2a006547860362176afe372
Reviewed-on: https://cl.fcuny.net/c/world/+/169
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I will not be using drone anymore, and will likely replace it with
buildkite.
Change-Id: I45d91c43090aaba119855158e071dae377c1897f
Reviewed-on: https://cl.fcuny.net/c/world/+/162
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I3b00408d7550d7660fb33940ae2cd0806076f4d2
Reviewed-on: https://cl.fcuny.net/c/world/+/62
Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the laptop I only backup /home/fcuny, as the rest should be
straightforward to rebuild with nix.
I run that backup as my own user, since I need my ssh key to use the
remote repository (which is on the NAS). I also need a new secret for
it (I might have been able to use `pass' for this, but well, that's easy
enough).
For the NAS, I update the list of directories to backup to include home,
this will be on the systems backup.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This will ultimately replace traefik.
|
| |
|
|
|
|
|
| |
Refactor a bit the configuration, which should simplify the management
and usage of secrets from now on.
|
|
|
|
| |
Do a single backup for the host, instead of running multiple ones.
|
|
|