Added Sanoid config. Enabled Sanoid, Unifi, and lego-auto with sops.
This commit is contained in:
parent
700475f219
commit
86aded238d
3 changed files with 137 additions and 1 deletions
36
nixos/hosts/gandalf/config/sanoid.nix
Normal file
36
nixos/hosts/gandalf/config/sanoid.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
outputs = {
|
||||||
|
# ZFS automated snapshots
|
||||||
|
templates = {
|
||||||
|
"production" = {
|
||||||
|
recursive = true;
|
||||||
|
autoprune = true;
|
||||||
|
autosnap = true;
|
||||||
|
hourly = 24;
|
||||||
|
daily = 7;
|
||||||
|
monthly = 12;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
datasets = {
|
||||||
|
"eru/xen-backups" = {
|
||||||
|
useTemplate = ["production"];
|
||||||
|
};
|
||||||
|
"eru/hansonhive" = {
|
||||||
|
useTemplate = ["production"];
|
||||||
|
};
|
||||||
|
"eru/tm_joe" = {
|
||||||
|
useTemplate = ["production"];
|
||||||
|
};
|
||||||
|
"eru/tm_elisia" = {
|
||||||
|
useTemplate = ["production"];
|
||||||
|
};
|
||||||
|
"eru/containers/volumes/xo-data" = {
|
||||||
|
useTemplate = ["production"];
|
||||||
|
};
|
||||||
|
"eru/containers/volumes/xo-redis-data" = {
|
||||||
|
useTemplate = ["production"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,7 +2,9 @@
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
let
|
||||||
|
sanoidConfig = import ./config/sanoid.nix { };
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
@ -66,6 +68,15 @@
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
secrets = {
|
||||||
|
"lego/dnsimple/token" = {
|
||||||
|
mode = "0444";
|
||||||
|
sopsFile = ./secrets.sops.yaml;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# System settings and services.
|
# System settings and services.
|
||||||
mySystem = {
|
mySystem = {
|
||||||
purpose = "Production";
|
purpose = "Production";
|
||||||
|
@ -81,5 +92,26 @@
|
||||||
samba.shares = import ./config/samba-shares.nix { };
|
samba.shares = import ./config/samba-shares.nix { };
|
||||||
samba.extraConfig = import ./config/samba-config.nix { };
|
samba.extraConfig = import ./config/samba-config.nix { };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
podman.enable = true;
|
||||||
|
|
||||||
|
# Sanoid
|
||||||
|
|
||||||
|
sanoid = {
|
||||||
|
enable = true;
|
||||||
|
inherit (sanoidConfig.outputs) templates datasets;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Unifi & Lego-Auto
|
||||||
|
unifi.enable = true;
|
||||||
|
lego-auto = {
|
||||||
|
enable = true;
|
||||||
|
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
|
||||||
|
domains = "gandalf.jahanson.tech";
|
||||||
|
email = "joe@veri.dev";
|
||||||
|
provider = "dnsimple";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
68
nixos/hosts/gandalf/secrets.sops.yaml
Normal file
68
nixos/hosts/gandalf/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
lego:
|
||||||
|
dnsimple:
|
||||||
|
token: ENC[AES256_GCM,data:3Lj6jhHuh0YbQCSZvUnSDtyo9Qi6Mx1d8eAGuIFih9YfDlIzYGkpI7YpvQ==,iv:YKpsMww+58+/wi70iXfVYcjkB5MPIA3epWXkqdSxJ1s=,tag:yi+Kstm1Vs3D+1c549QhlA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NnVtdU9ObzB0TkdHUHBy
|
||||||
|
aGVJaXg2NExmbkpzb3JYUXgza3lrOTR2K2pJCmNNdGs1MzZ0NFIyYktaMlhWK1Vq
|
||||||
|
K0E0OXBMWjd5Tk16MUFFL2gvVzdiZzQKLS0tIEx6bEN6ZkYrKzdxNGtYM0s3VnE1
|
||||||
|
a3YweEdFaGU2bkh5R3hvNWhMTHhxSmMKS22+GD1O8RWMvg+V2IqnbSPol5wKKfEj
|
||||||
|
hNB9fkAmRQtnKieSv957XTwbraxf7IVB/BO96CtLM0d29VFNErwsXg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1nuj9sk2k8ede06f8gk5twdlc593uuc7lll2dvuy20nxw9zn97u5swrcjpj
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NUtYSGJvSkwzTFp4QTV5
|
||||||
|
WU9hcXVILzlEdklESUtKdzZIWUVzWmR2UGlFCngrUTNTM0N6VkF0ZGowbE9pVWFu
|
||||||
|
YXlCdjd0RmlXVnBmRlBGMncrZk1oeE0KLS0tIGpGOHBub3pEbVZ1Zlhxa0lEc3oy
|
||||||
|
M1lCSGNQVy96anBVTzF2Q0ZXVTlrY1EKkBzej4W8tsAqn2bgfDv7VvXuyH3rj0vT
|
||||||
|
9FPqSaMjcyPCfXvzL14+mQj24pkA1z/fYlxKnd+rDQCdvOh/T1xvNg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWnlKRHBhbUV5empIODNZ
|
||||||
|
bDdXcWVpMDY0TkV0bUtuS3ZSY3JqZVJTTzB3CjJCUEdzbmc3Rm5pSWdqQkw5MXJO
|
||||||
|
eE9ZVlo4RnFmUlI1UExBS1RkbmFwbmcKLS0tIEo1aFdSMDFFT3AvQ1ZUV3RsSHZ3
|
||||||
|
WWJuUnpJNlRsako2VDlpdEc1QVI4aDAKNKvUK6soiEKatD/y2RL8Glx3aSDAJHiI
|
||||||
|
KBtP/xL6if720Ge1EodQGjAqHa6Q65LJUmKK0wqwdOhrPNrA7Ea2fQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6VkVBQXJCdTNiZzFCVEQ5
|
||||||
|
bDZuNVdDd3B6dGJZS1pkVm40bitJODAxdXpzCmQ3WVppMEVGenBaMU4ybk5PM01L
|
||||||
|
NjJwd05vQ3dPWENSTUZiQnhkUU5meTQKLS0tIDQxL3QwanBYMzlTUVN6K3JqVWp4
|
||||||
|
aDVmWHo1bkdGRDFzb0ZPeDJJWUptcHcK2Z/AYb0yNmPwnY04SVurDromVkhinRKo
|
||||||
|
MsYAlynO4ivwrPXXLBZY136b7ecDpy5YzacJRP/YZzuaniJP4mrm2w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbXRmald0cXBjOExHRTZT
|
||||||
|
K2Nab0NvOVhiclRBMVQ2a1RreVBUa1BoMlY0ClY2OHdnSFBmTHNEOStEVlk2c0FD
|
||||||
|
Zzh4bUQzZGFWU1RyWXh4b2xVY1B2MkEKLS0tIHpBcHViNjF2YnNjOXArcDArWW1i
|
||||||
|
a3VuRDU3bzdmWnpySmowVDNkWUNic2cKxBV/uUUT/WrklKeHIrdtcxa1s7C3C+cb
|
||||||
|
A5aOMUNEDtqo9Clg+PPs8RQy45uGRhio3B80SJgChH7RYn0ifJafFA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeGZvUnk4b28wSlFJYlFN
|
||||||
|
NEJ5ZzdOT0M2cGxRVVRHRVBJYSt6dS90WUdjCndTYlViaGcwY0dxNnp6aFZFQnMx
|
||||||
|
ZUlFS1Y3SG52L05ZL3NrOXhLRjVBOXMKLS0tIGhYVXR0cjJGc0JCTTdEdFY3NEc3
|
||||||
|
REg4dkpMZmJoVDhhaUYxRVMwTVg2OHMKOs63Zk6TmRjLnloNj1QUK+I8aVcPUvJr
|
||||||
|
7Qgn2bYbyjG/seI0DzcDvUH4eRSjvDkCOqqh9Ry6K3TaRty28XS29g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-07-13T11:28:05Z"
|
||||||
|
mac: ENC[AES256_GCM,data:j2xatOmDBCBCApSomOx6LI4HpyoQ4nVLjsdNX8gKImGKGvJYQUG7liRhEVIwPeUH9oxGoZ1dJF1r4msQnfXk/OTgUNpQvoHyufeUOv+v1IBxwJRYbaAEoq8h59glJaBSJHZTBLWNsPDnijpv8f2q3HmvN9nrQhC1b0rfvMmH8hU=,iv:wsV5WBwhhZqHEBmsqczpnS7f6/8D39APmQspqOZKt8I=,tag:WdGFjwtw3jOyuYZ6OWxkHg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
Loading…
Reference in a new issue