diff --git a/home/modules/home-pkgs.nix b/home/modules/home-pkgs.nix index b1f692d..2869990 100644 --- a/home/modules/home-pkgs.nix +++ b/home/modules/home-pkgs.nix @@ -34,6 +34,8 @@ in { pkgs.catppuccin-kde + pkgs.typst + pkgs.anki pkgs.openvpn diff --git a/hosts/x86_64-linux/beleth/borg.nix b/hosts/x86_64-linux/beleth/borg.nix index 9e36a0f..3d36135 100644 --- a/hosts/x86_64-linux/beleth/borg.nix +++ b/hosts/x86_64-linux/beleth/borg.nix @@ -6,30 +6,30 @@ }: { # # BACKUP - # Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups" + # Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u410986-sub1@u410986-sub1.your-storagebox.de:nx-data" # 0. Add subaccount on storagebox # 1. ssh-keygen -t ed25519 -f ~/.ssh/storagebox_nextcloud_data # 2. pwgen 128 # 3. Add private key as secret # 4. add passphrase as secret # 5. add ssh public key to subaccount on storagebox! - # ssh -p 23 u409248-sub1@u409248-sub1.your-storagebox.de + # ssh -p 23 u410986-sub1@u410986-sub1.your-storagebox.de # 6. set permissions # .ssh 0700 # .ssh/authorized_keys 0600 # - # Retrieve via 'ssh-keyscan -p 23 u409248-sub1.your-storagebox.de' + # Retrieve via 'ssh-keyscan -p 23 u410986-sub1.your-storagebox.de' programs.ssh.knownHosts = { "storagebox" = { hostNames = [ - "[u409248-sub1.your-storagebox.de]:23" - "[u409248-sub2.your-storagebox.de]:23" + "[u410986-sub1.your-storagebox.de]:23" + "[u410986-sub2.your-storagebox.de]:23" ]; publicKey = '' - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw== - ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw== - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw== + ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw== + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs ''; }; }; @@ -45,13 +45,13 @@ postHook = '' ${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off ''; - repo = "u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups"; + repo = "u410986-sub1@u410986-sub1.your-storagebox.de:nx-data"; encryption = { mode = "repokey-blake2"; - passCommand = "cat ${config.age.secrets.backup_nextcloud_data_passphrase.path}"; + passCommand = "cat ${config.sops.secrets.backup_nextcloud_data_passphrase.path}"; }; environment = { - BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_data_ssh.path}"; + BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_data_ssh.path}"; }; compression = "auto,lzma"; startAt = "Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00 @@ -68,13 +68,13 @@ postHook = '' ${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off ''; - repo = "u409248-sub2@u409248-sub2.your-storagebox.de:nextcloud_database_backups"; + repo = "u410986-sub2@u410986-sub2.your-storagebox.de:nx-db"; encryption = { mode = "repokey-blake2"; - passCommand = "cat ${config.age.secrets.backup_nextcloud_database_passphrase.path}"; + passCommand = "cat ${config.sops.secrets.backup_nextcloud_database_passphrase.path}"; }; environment = { - BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_database_ssh.path}"; + BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_database_ssh.path}"; }; compression = "auto,lzma"; startAt = "Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00 diff --git a/hosts/x86_64-linux/beleth/default.nix b/hosts/x86_64-linux/beleth/default.nix index 6921925..e544a3b 100644 --- a/hosts/x86_64-linux/beleth/default.nix +++ b/hosts/x86_64-linux/beleth/default.nix @@ -19,6 +19,7 @@ with lib; { ./nextcloud.nix ./paperless.nix ./docker.nix + # ./borg.nix # ./nfs.nix ../../gc.nix ../../../common @@ -97,6 +98,7 @@ with lib; { "jellyfin.heroin.trade" = { extraConfig = '' reverse_proxy http://127.0.0.1:8096 + redir /metrics* / ''; }; "calibre.heroin.trade" = { @@ -119,6 +121,11 @@ with lib; { reverse_proxy http://127.0.0.1:28981 ''; }; + "servers" = { + extraConfig = '' + metrics + ''; + }; }; }; diff --git a/hosts/x86_64-linux/beleth/monitoring.nix b/hosts/x86_64-linux/beleth/monitoring.nix index 5570e98..01500c1 100644 --- a/hosts/x86_64-linux/beleth/monitoring.nix +++ b/hosts/x86_64-linux/beleth/monitoring.nix @@ -3,6 +3,11 @@ pkgs, ... }: { + sops.secrets.nextcloud_user_password = { + path = "/etc/nx_user_pass"; + owner = "nextcloud"; + group = "nextcloud"; + }; networking.firewall.allowedTCPPorts = [80 443 9001]; services.grafana = { enable = true; @@ -40,6 +45,13 @@ wireguard = { enable = true; }; + nextcloud = { + enable = true; + user = "nextcloud"; + username = "xqtc"; + passwordFile = config.sops.secrets.nextcloud_user_password.path; + url = "https://${toString config.services.nextcloud.hostName}"; + }; }; scrapeConfigs = [ { @@ -48,7 +60,27 @@ { targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" - # "127.0.0.1:${toString config.services.prometheus.exporters.wireguard.port}" + "127.0.0.1:${toString config.services.prometheus.exporters.nextcloud.port}" + ]; + } + ]; + } + { + job_name = "jellyfin"; + static_configs = [ + { + targets = [ + "127.0.0.1:8096" + ]; + } + ]; + } + { + job_name = "caddy"; + static_configs = [ + { + targets = [ + "127.0.0.1:2019" ]; } ]; diff --git a/secrets.yaml b/secrets.yaml index 030dfe6..8557650 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -3,6 +3,7 @@ private_keys: public_keys: xqtc: ENC[AES256_GCM,data:bQ39+TS67ww01qfkhv//AfE3h4od4QgOUMATwKoeI7D7JHzCpM38jZudNlJixbyR8bLOKsBohqB3Pad6Q27dnXLCyZ/XtyZMLyhZuaOBVkx8+4ow1SWEyDxHM/N3WPZxjgM=,iv:FKHKaOknTYKzel3R6AUOb4RvXH04rQd4bHospGrsrUA=,tag:yCtxIdfWdIFjPiFbrFuPKg==,type:str] nextcloud_password: ENC[AES256_GCM,data:lwqQio1I1xTv07bLRyrvig1HRyCxcueSPgDpPRhXBqCi8d42OJt7rA==,iv:R0JxpCJz9zycph9p7Ewwt4QTEXQxaxJ691aWCXfEsFE=,tag:Qz3dD2cOkmneEWP7tI54Dg==,type:str] +nextcloud_user_password: ENC[AES256_GCM,data:fkX/1pOgRLvhHTtoK9i5F0kO+mRKj40BH2s7VD7ifPEnyJhWqy5mvg==,iv:iEnW4Z8vCY9oapOpVZNuLMa50SXT01clYaScUN+q/k8=,tag:0G0Y8XCSj+dBAy6Cw8YOHg==,type:str] paperless_password: ENC[AES256_GCM,data:OCrc00vUb+lgel8TmFm+9Ee4QJZZV7W6+Jl9+R7AfjfDh6v590ibvw==,iv:emM7g0JRcEH4xuYdvZN64drOhduXyQy6HwF1xByaLvE=,tag:D2O1qAeKtYWGf+Zd3RuBTQ==,type:str] sops: kms: [] @@ -55,8 +56,8 @@ sops: a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-03T14:48:29Z" - mac: ENC[AES256_GCM,data:LHH3qUI92p9PFkheFlHV4EwfMebLnHyrEr6iyMCOPWLh+vyai039gFHP/qZuKO51qgQdWiNYagwTNGwh/wCPUsXqmrT6/zyUVRzY+qM8ei0mTsyATPT2N/nFurb0HUueSO1rNzkYFbb6Io+5KdkQQbgbXoKxVV3xaWPB0FvB5cg=,iv:YmO2DvOP+5XUFs+r2ywn3mS8igxwhdoMB4VmtFsxVDU=,tag:udN3POCZVJvh2MircwckKQ==,type:str] + lastmodified: "2024-07-05T15:42:51Z" + mac: ENC[AES256_GCM,data:HKjqJxfseQcrP/hViiY933NQdZQpTYS+wHigWlIOKDUhW4HOjVcRPc/lcbtb/41RBXl5xPKJyYSNzj3AdSM6kMznE0USEmYU9+XHFDd845n1YVg6qRHYUH/fFKsdDF2L5tEZ9DPEZQ6mW2EpxW+9AVVlU1L7wNsm7rtpcPTPcb4=,iv:arNw7DvxMfMBALJjp63bwNrsBedohhVWRJZFboXaZpI=,tag:OKQNf28nm/LrgUueOtwDsg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1