blob: b8a1b3454a115f74cd7df7cbddf7062b37ecf969 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
{ self, config, ... }:
let secrets = config.age.secrets;
in
{
# this unit is broken and useless. I don't know how to not install
# it, so let's mask it.
systemd.services.mdmonitor.enable = false;
my.services = {
samba = {
enable = true;
publicShares = [ "/data/fast/music" "/data/fast/videos" ];
};
monitoring = {
prometheus = {
enable = true;
listenAddress = "192.168.6.40";
};
loki = {
enable = true;
listenAddress = "192.168.6.40";
};
grafana = {
enable = true;
vhostName = "dash.${config.homelab.domain}";
};
promtail.enable = true;
node-exporter.enable = true;
};
syncthing.enable = true;
backup = {
enable = true;
repository = "/data/slow/backups/hosts/tahoe";
timerConfig = { OnCalendar = "00:15"; };
passwordFile = secrets."restic/repo-systems".path;
paths =
[
"/data/fast/music"
"/data/fast/photos"
"/home/fcuny/documents"
"/home/fcuny/workspace"
"/home/fcuny/media"
];
exclude = [ ];
};
backup.rsync = {
enable = true;
timerConfig = { OnCalendar = "00:15"; };
sourceDir = "/data/slow/backups/";
destination = "de2664@de2664.rsync.net:backups/";
};
sendsms.enable = true;
};
services.openssh.sftpServerExecutable = "internal-sftp";
services.openssh.extraConfig = ''
Match User backup
ChrootDirectory ${config.users.users.backup.home}
ForceCommand internal-sftp
AllowTcpForwarding no
'';
}
|
