diff options
| -rw-r--r-- | flake.nix | 1 | ||||
| -rw-r--r-- | modules/core/default.nix | 7 | ||||
| -rw-r--r-- | modules/core/packages.nix | 2 | ||||
| -rw-r--r-- | modules/snorlax/default.nix | 27 | ||||
| -rw-r--r-- | secrets/ghostnet-auth-user-pass.age | bin | 361 -> 361 bytes | |||
| -rw-r--r-- | secrets/ghostnet-ca.age | bin | 2755 -> 2755 bytes | |||
| -rw-r--r-- | secrets/ghostnet-cert.age | bin | 6996 -> 6996 bytes | |||
| -rw-r--r-- | secrets/ghostnet-key.age | bin | 3616 -> 3616 bytes | |||
| -rw-r--r-- | secrets/ghostnet-tls-auth.age | bin | 980 -> 980 bytes | |||
| -rw-r--r-- | secrets/intelephense-licence.age | bin | 470 -> 580 bytes | |||
| -rw-r--r-- | secrets/secrets.nix | bin | 870 -> 1013 bytes | |||
| -rw-r--r-- | secrets/syncoid-key.age | bin | 0 -> 963 bytes | |||
| -rw-r--r-- | secrets/systems-auth-user-pass.age | bin | 378 -> 378 bytes | |||
| -rw-r--r-- | secrets/systems-ca.age | bin | 1138 -> 1138 bytes | |||
| -rw-r--r-- | secrets/systems-cert.age | bin | 1373 -> 1373 bytes | |||
| -rw-r--r-- | secrets/systems-key.age | bin | 2198 -> 2198 bytes | |||
| -rw-r--r-- | secrets/systems-tls-auth.age | bin | 980 -> 980 bytes | |||
| -rw-r--r-- | syncoid-key.pub | 1 |
18 files changed, 37 insertions, 1 deletions
@@ -89,6 +89,7 @@ disko.nixosModules.disko nixos-facter-modules.nixosModules.facter microvm.nixosModules.host + agenix.nixosModules.default { config.facter.reportPath = ./modules/snorlax/facter.json; } ./modules/snorlax diff --git a/modules/core/default.nix b/modules/core/default.nix index 2640047..f26e6c7 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -9,4 +9,11 @@ ]; programs.mtr.enable = true; + + programs.ssh.knownHosts = { + backup = { + extraHostNames = [ "185.107.88.38" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGr0wvMck97G+g7PY3IaQ12/29Y7B3Me7HDPabMxHoKa"; + }; + }; } diff --git a/modules/core/packages.nix b/modules/core/packages.nix index 37d1562..16ff140 100644 --- a/modules/core/packages.nix +++ b/modules/core/packages.nix @@ -17,5 +17,7 @@ wget iftop htop + + nixos-anywhere ]; } diff --git a/modules/snorlax/default.nix b/modules/snorlax/default.nix index cbc0430..1817661 100644 --- a/modules/snorlax/default.nix +++ b/modules/snorlax/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: { imports = [ ./disk-config.nix @@ -19,4 +19,29 @@ time.timeZone = "Europe/Amsterdam"; home-manager.users.jras = { home.stateVersion = "24.11"; }; + + age.secrets.syncoid-key = { + file = ../../secrets/syncoid-key.age; + owner = "syncoid"; + group = "syncoid"; + }; + + services.sanoid.enable = true; + services.sanoid.datasets."zroot/persist" = { + autoprune = true; + autosnap = true; + daily = 7; + hourly = 24; + monthly = 1; + yearly = 1; + }; + + services.syncoid.enable = true; + services.syncoid.sshKey = config.age.secrets.syncoid-key.path; + services.syncoid.commands = { + "zroot/persist" = { + source = "zroot/persist"; + target = "ubuntu@185.107.88.38:backup/snorlax"; + }; + }; } diff --git a/secrets/ghostnet-auth-user-pass.age b/secrets/ghostnet-auth-user-pass.age Binary files differindex a11d7f0..8b774b2 100644 --- a/secrets/ghostnet-auth-user-pass.age +++ b/secrets/ghostnet-auth-user-pass.age diff --git a/secrets/ghostnet-ca.age b/secrets/ghostnet-ca.age Binary files differindex ff1e92d..cb9e3a3 100644 --- a/secrets/ghostnet-ca.age +++ b/secrets/ghostnet-ca.age diff --git a/secrets/ghostnet-cert.age b/secrets/ghostnet-cert.age Binary files differindex 907a939..3b6b5e9 100644 --- a/secrets/ghostnet-cert.age +++ b/secrets/ghostnet-cert.age diff --git a/secrets/ghostnet-key.age b/secrets/ghostnet-key.age Binary files differindex 85e94ff..782ab48 100644 --- a/secrets/ghostnet-key.age +++ b/secrets/ghostnet-key.age diff --git a/secrets/ghostnet-tls-auth.age b/secrets/ghostnet-tls-auth.age Binary files differindex 3907e1d..cbca658 100644 --- a/secrets/ghostnet-tls-auth.age +++ b/secrets/ghostnet-tls-auth.age diff --git a/secrets/intelephense-licence.age b/secrets/intelephense-licence.age Binary files differindex a52d4be..0b43493 100644 --- a/secrets/intelephense-licence.age +++ b/secrets/intelephense-licence.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix Binary files differindex 8f049a5..b87293b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix diff --git a/secrets/syncoid-key.age b/secrets/syncoid-key.age Binary files differnew file mode 100644 index 0000000..db8ac6b --- /dev/null +++ b/secrets/syncoid-key.age diff --git a/secrets/systems-auth-user-pass.age b/secrets/systems-auth-user-pass.age Binary files differindex 5cd6055..9d32e33 100644 --- a/secrets/systems-auth-user-pass.age +++ b/secrets/systems-auth-user-pass.age diff --git a/secrets/systems-ca.age b/secrets/systems-ca.age Binary files differindex a5afa4d..4720060 100644 --- a/secrets/systems-ca.age +++ b/secrets/systems-ca.age diff --git a/secrets/systems-cert.age b/secrets/systems-cert.age Binary files differindex 92c4c9f..a4235f9 100644 --- a/secrets/systems-cert.age +++ b/secrets/systems-cert.age diff --git a/secrets/systems-key.age b/secrets/systems-key.age Binary files differindex 3d6691a..3b8b42e 100644 --- a/secrets/systems-key.age +++ b/secrets/systems-key.age diff --git a/secrets/systems-tls-auth.age b/secrets/systems-tls-auth.age Binary files differindex 714baa8..ff011e6 100644 --- a/secrets/systems-tls-auth.age +++ b/secrets/systems-tls-auth.age diff --git a/syncoid-key.pub b/syncoid-key.pub new file mode 100644 index 0000000..bc2f101 --- /dev/null +++ b/syncoid-key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnWMAq+6bzP3TVo5mHkg+ABQOyM32hN1Jg6AiXemHG9 jras@work |