wizzy/home-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: wizzy:e9c15d095fe3521341b8e87191897f87ed66b0cd
Branches Tags
wizzy:master
..
compare: wizzy:f2d3c7c7284ace43f027cb42dd116b39f537a4e3
Branches Tags
wizzy:master

3 commits
e9c15d095f ... f2d3c7c728

Author SHA1 Message Date
Ellie
f2d3c7c728 yay 2026-02-24 17:29:07 -08:00
Ellie
c43c6c43a5 fix forgejo crypto 2026-02-24 16:57:52 -08:00
Ellie
311c85642b added backup 2026-02-24 16:44:03 -08:00
6 changed files with 72 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common.nix
View file

@ -24,8 +24,14 @@
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
PermitRootLogin = "no"; PermitRootLogin = "no";
AllowUsers = [ "ellie" ]; AllowUsers = [ "ellie" "forgejo" ];
}; };
extraConfig = ''
Match User forgejo Address 10.10.0.1
AllowTcpForwarding no
X11Forwarding no
PermitTunnel no
'';
}; };
services.fail2ban = { services.fail2ban = {

2
flake.nix
View file

@ -59,6 +59,7 @@
./services/ergo.nix ./services/ergo.nix
./services/forgejo.nix ./services/forgejo.nix
./services/forgejo-runner.nix ./services/forgejo-runner.nix
./services/borgbackup.nix
# ./services/akkoma.nix # ./services/akkoma.nix
]; ];
}; };
@ -84,6 +85,7 @@
./hosts/vps/disko-config.nix ./hosts/vps/disko-config.nix
./services/coturn.nix ./services/coturn.nix
./services/wireguard-outer.nix ./services/wireguard-outer.nix
./services/borgbackup-vps.nix
]; ];
}; };

19
services/borgbackup-vps.nix Normal file
View file

@ -0,0 +1,19 @@
{ ... }:
{
# Inbound: accept desktop offsite backups
services.borgbackup.repos.desktop = {
path = "/var/lib/borg/desktop";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvKMpaawaw5bp73/W4dm0YEZa2FT99pXHLOYqZS8NPL borg-desktop"
];
};
# Inbound: accept homeserver backups
services.borgbackup.repos.homeserver = {
path = "/var/lib/borg/homeserver";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEkWV7RJuN4/cGGsER7oHJ55R4aZZZuDnCn/fjyPd9KX borg-homeserver"
];
};
}

41
services/borgbackup.nix Normal file
View file

@ -0,0 +1,41 @@
{ ... }:
{
# Outbound: back up homeserver to VPS
services.borgbackup.jobs.homeserver = {
paths = [
"/var/lib"
"/etc"
"/home"
];
repo = "ssh://borg@10.10.0.1/./homeserver";
environment.BORG_RSH = "ssh -i /etc/borg/ssh_key";
encryption = {
mode = "repokey";
passCommand = "cat /etc/borg/passphrase";
};
compression = "zstd";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
};
exclude = [
"/var/lib/docker"
"/var/lib/containers"
"/var/lib/systemd/coredump"
"*.pyc"
"__pycache__"
".cache"
];
};
# Inbound: accept desktop backups
services.borgbackup.repos.desktop = {
path = "/var/lib/borg/desktop";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvKMpaawaw5bp73/W4dm0YEZa2FT99pXHLOYqZS8NPL borg-desktop"
];
};
}

5
services/forgejo.nix
View file

@ -7,8 +7,8 @@
}; };
networking.firewall.interfaces.wg0.allowedTCPPorts = [ networking.firewall.interfaces.wg0.allowedTCPPorts = [
22
3000 3000
2222
]; ];
services.forgejo = { services.forgejo = {
@ -20,10 +20,9 @@
ROOT_URL = "https://forgejo.ellie.town/"; ROOT_URL = "https://forgejo.ellie.town/";
HTTP_ADDR = "10.10.0.2"; HTTP_ADDR = "10.10.0.2";
HTTP_PORT = 3000; HTTP_PORT = 3000;
START_SSH_SERVER = true; START_SSH_SERVER = false;
SSH_DOMAIN = "forgejo.ellie.town"; SSH_DOMAIN = "forgejo.ellie.town";
SSH_PORT = 2222; SSH_PORT = 2222;
SSH_LISTEN_PORT = 2222;
}; };
}; };
} }

2
services/wireguard-outer.nix
View file

@ -97,7 +97,7 @@
} }
upstream forgejo_ssh { upstream forgejo_ssh {
server 10.10.0.2:2222; server 10.10.0.2:22;
} }
server { server {
listen 2222; listen 2222;