diff --git a/common.nix b/common.nix index 1f5cef1..26007c8 100644 --- a/common.nix +++ b/common.nix @@ -24,14 +24,8 @@ PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = "no"; - AllowUsers = [ "ellie" "forgejo" ]; + AllowUsers = [ "ellie" ]; }; - extraConfig = '' - Match User forgejo Address 10.10.0.1 - AllowTcpForwarding no - X11Forwarding no - PermitTunnel no - ''; }; services.fail2ban = { diff --git a/flake.nix b/flake.nix index ab82480..c1eab18 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,6 @@ ./services/ergo.nix ./services/forgejo.nix ./services/forgejo-runner.nix - ./services/borgbackup.nix # ./services/akkoma.nix ]; }; @@ -85,7 +84,6 @@ ./hosts/vps/disko-config.nix ./services/coturn.nix ./services/wireguard-outer.nix - ./services/borgbackup-vps.nix ]; }; diff --git a/services/borgbackup-vps.nix b/services/borgbackup-vps.nix deleted file mode 100644 index 636e2cc..0000000 --- a/services/borgbackup-vps.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: - -{ - # Inbound: accept desktop offsite backups - services.borgbackup.repos.desktop = { - path = "/var/lib/borg/desktop"; - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvKMpaawaw5bp73/W4dm0YEZa2FT99pXHLOYqZS8NPL borg-desktop" - ]; - }; - - # Inbound: accept homeserver backups - services.borgbackup.repos.homeserver = { - path = "/var/lib/borg/homeserver"; - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEkWV7RJuN4/cGGsER7oHJ55R4aZZZuDnCn/fjyPd9KX borg-homeserver" - ]; - }; -} diff --git a/services/borgbackup.nix b/services/borgbackup.nix deleted file mode 100644 index 464501e..0000000 --- a/services/borgbackup.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ ... }: - -{ - # Outbound: back up homeserver to VPS - services.borgbackup.jobs.homeserver = { - paths = [ - "/var/lib" - "/etc" - "/home" - ]; - repo = "ssh://borg@10.10.0.1/./homeserver"; - environment.BORG_RSH = "ssh -i /etc/borg/ssh_key"; - encryption = { - mode = "repokey"; - passCommand = "cat /etc/borg/passphrase"; - }; - compression = "zstd"; - startAt = "daily"; - prune.keep = { - daily = 7; - weekly = 4; - monthly = 6; - }; - exclude = [ - "/var/lib/docker" - "/var/lib/containers" - "/var/lib/systemd/coredump" - "*.pyc" - "__pycache__" - ".cache" - ]; - }; - - # Inbound: accept desktop backups - services.borgbackup.repos.desktop = { - path = "/var/lib/borg/desktop"; - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvKMpaawaw5bp73/W4dm0YEZa2FT99pXHLOYqZS8NPL borg-desktop" - ]; - }; -} diff --git a/services/forgejo.nix b/services/forgejo.nix index e75444a..1f07440 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -7,8 +7,8 @@ }; networking.firewall.interfaces.wg0.allowedTCPPorts = [ - 22 3000 + 2222 ]; services.forgejo = { @@ -20,9 +20,10 @@ ROOT_URL = "https://forgejo.ellie.town/"; HTTP_ADDR = "10.10.0.2"; HTTP_PORT = 3000; - START_SSH_SERVER = false; + START_SSH_SERVER = true; SSH_DOMAIN = "forgejo.ellie.town"; SSH_PORT = 2222; + SSH_LISTEN_PORT = 2222; }; }; } diff --git a/services/wireguard-outer.nix b/services/wireguard-outer.nix index 03957ec..3de261d 100644 --- a/services/wireguard-outer.nix +++ b/services/wireguard-outer.nix @@ -97,7 +97,7 @@ } upstream forgejo_ssh { - server 10.10.0.2:22; + server 10.10.0.2:2222; } server { listen 2222;