Compare commits
No commits in common. "f2d3c7c7284ace43f027cb42dd116b39f537a4e3" and "e9c15d095fe3521341b8e87191897f87ed66b0cd" have entirely different histories.
f2d3c7c728
...
e9c15d095f
6 changed files with 5 additions and 72 deletions
|
|
@ -24,14 +24,8 @@
|
|||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
AllowUsers = [ "ellie" "forgejo" ];
|
||||
AllowUsers = [ "ellie" ];
|
||||
};
|
||||
extraConfig = ''
|
||||
Match User forgejo Address 10.10.0.1
|
||||
AllowTcpForwarding no
|
||||
X11Forwarding no
|
||||
PermitTunnel no
|
||||
'';
|
||||
};
|
||||
|
||||
services.fail2ban = {
|
||||
|
|
|
|||
|
|
@ -59,7 +59,6 @@
|
|||
./services/ergo.nix
|
||||
./services/forgejo.nix
|
||||
./services/forgejo-runner.nix
|
||||
./services/borgbackup.nix
|
||||
# ./services/akkoma.nix
|
||||
];
|
||||
};
|
||||
|
|
@ -85,7 +84,6 @@
|
|||
./hosts/vps/disko-config.nix
|
||||
./services/coturn.nix
|
||||
./services/wireguard-outer.nix
|
||||
./services/borgbackup-vps.nix
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
# Inbound: accept desktop offsite backups
|
||||
services.borgbackup.repos.desktop = {
|
||||
path = "/var/lib/borg/desktop";
|
||||
authorizedKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvKMpaawaw5bp73/W4dm0YEZa2FT99pXHLOYqZS8NPL borg-desktop"
|
||||
];
|
||||
};
|
||||
|
||||
# Inbound: accept homeserver backups
|
||||
services.borgbackup.repos.homeserver = {
|
||||
path = "/var/lib/borg/homeserver";
|
||||
authorizedKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEkWV7RJuN4/cGGsER7oHJ55R4aZZZuDnCn/fjyPd9KX borg-homeserver"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
# Outbound: back up homeserver to VPS
|
||||
services.borgbackup.jobs.homeserver = {
|
||||
paths = [
|
||||
"/var/lib"
|
||||
"/etc"
|
||||
"/home"
|
||||
];
|
||||
repo = "ssh://borg@10.10.0.1/./homeserver";
|
||||
environment.BORG_RSH = "ssh -i /etc/borg/ssh_key";
|
||||
encryption = {
|
||||
mode = "repokey";
|
||||
passCommand = "cat /etc/borg/passphrase";
|
||||
};
|
||||
compression = "zstd";
|
||||
startAt = "daily";
|
||||
prune.keep = {
|
||||
daily = 7;
|
||||
weekly = 4;
|
||||
monthly = 6;
|
||||
};
|
||||
exclude = [
|
||||
"/var/lib/docker"
|
||||
"/var/lib/containers"
|
||||
"/var/lib/systemd/coredump"
|
||||
"*.pyc"
|
||||
"__pycache__"
|
||||
".cache"
|
||||
];
|
||||
};
|
||||
|
||||
# Inbound: accept desktop backups
|
||||
services.borgbackup.repos.desktop = {
|
||||
path = "/var/lib/borg/desktop";
|
||||
authorizedKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvKMpaawaw5bp73/W4dm0YEZa2FT99pXHLOYqZS8NPL borg-desktop"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
@ -7,8 +7,8 @@
|
|||
};
|
||||
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [
|
||||
22
|
||||
3000
|
||||
2222
|
||||
];
|
||||
|
||||
services.forgejo = {
|
||||
|
|
@ -20,9 +20,10 @@
|
|||
ROOT_URL = "https://forgejo.ellie.town/";
|
||||
HTTP_ADDR = "10.10.0.2";
|
||||
HTTP_PORT = 3000;
|
||||
START_SSH_SERVER = false;
|
||||
START_SSH_SERVER = true;
|
||||
SSH_DOMAIN = "forgejo.ellie.town";
|
||||
SSH_PORT = 2222;
|
||||
SSH_LISTEN_PORT = 2222;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@
|
|||
}
|
||||
|
||||
upstream forgejo_ssh {
|
||||
server 10.10.0.2:22;
|
||||
server 10.10.0.2:2222;
|
||||
}
|
||||
server {
|
||||
listen 2222;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue