From 7d78e4984146462f7edf81047f71a1ef60b54a7e Mon Sep 17 00:00:00 2001 From: Alexandre LUCAZEAU Date: Wed, 25 May 2022 12:50:35 +0000 Subject: [PATCH] ADD : backup server config --- hosts/backup/common.nix | 13 ++++++++ hosts/backup/configuration.nix | 18 +++++++++++ hosts/backup/hardware-configuration.nix | 8 +++++ hosts/backup/rest-server.nix | 15 +++++++++ hosts/backup/users.nix | 41 +++++++++++++++++++++++++ 5 files changed, 95 insertions(+) create mode 100644 hosts/backup/common.nix create mode 100644 hosts/backup/configuration.nix create mode 100644 hosts/backup/hardware-configuration.nix create mode 100644 hosts/backup/rest-server.nix create mode 100644 hosts/backup/users.nix diff --git a/hosts/backup/common.nix b/hosts/backup/common.nix new file mode 100644 index 0000000..fc6dfb3 --- /dev/null +++ b/hosts/backup/common.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ...}: +{ + environment.variables.EDITOR = "nvim"; + environment.systemPackages = with pkgs; [ + gitAndTools.gitFull + unzip + zip + tmux + lshw + bc + neovim + ]; +} diff --git a/hosts/backup/configuration.nix b/hosts/backup/configuration.nix new file mode 100644 index 0000000..44b9568 --- /dev/null +++ b/hosts/backup/configuration.nix @@ -0,0 +1,18 @@ +{ ... }: { + imports = [ + ./hardware-configuration.nix + ./rest-server.nix + ./users.nix + ./common.nix + ]; + + boot.cleanTmpDir = true; + zramSwap.enable = false; + networking.hostName = "back"; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUA1RW6JwZasspAp8qmFRFnlV5WXjhLfStAAkM+KYLv lucazeau.alexandre@gmail.com" + ]; + + +} diff --git a/hosts/backup/hardware-configuration.nix b/hosts/backup/hardware-configuration.nix new file mode 100644 index 0000000..856a106 --- /dev/null +++ b/hosts/backup/hardware-configuration.nix @@ -0,0 +1,8 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; }; + swapDevices = [ { device = "/dev/sda2"; } ]; +} diff --git a/hosts/backup/rest-server.nix b/hosts/backup/rest-server.nix new file mode 100644 index 0000000..3baa7da --- /dev/null +++ b/hosts/backup/rest-server.nix @@ -0,0 +1,15 @@ + +{ lib, config, ... }: +{ + services.restic.server = { + enable = true; + appendOnly = true; + extraFlags = [ "--no-auth" ]; + dataDir = "/var/lib/backup"; + prometheus = true; + }; + networking = { + firewall.enable = true; + firewall.allowedTCPPorts = [ 8000 ]; + }; +} diff --git a/hosts/backup/users.nix b/hosts/backup/users.nix new file mode 100644 index 0000000..80e35a7 --- /dev/null +++ b/hosts/backup/users.nix @@ -0,0 +1,41 @@ +{ config, pkgs, ...}: +{ + users = { + groups = { + alexandre = {}; + }; + users = { + alexandre = { + isNormalUser = true; + createHome = true; + home = "/home/alexandre"; + description = "Alexandre LUCAZEAU"; + extraGroups = [ "wheel" ]; + group = "alexandre"; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUA1RW6JwZasspAp8qmFRFnlV5WXjhLfStAAkM+KYLv lucazeau.alexandre@gmail.com" ]; + }; + }; + }; + programs.git = { + enable = true; + config.user.email = "lucazeau.alexandre@gmail.com"; + config.user.name = "Alexandre LUCAZEAU"; + config.init.defaultBranch = "main"; + config.core.sshCommand = "ssh -i ~/.ssh/id_ed25519-perso"; + }; + programs.fish.enable = true; + programs.fish.shellAliases = { + ll = "ls -l"; + ls = "ls --color=tty"; + vi = "nvim"; + vim = "nvim"; + }; + security.sudo = { + enable = true; + execWheelOnly = true; + extraRules = [ + { users = [ "alexandre" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } + ]; + }; +}