diff options
author | makefu <github@syntax-fehler.de> | 2019-01-28 08:32:05 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2019-01-28 08:32:05 +0100 |
commit | 7bc36518d1afc1050994e0806477fed2c8fa45da (patch) | |
tree | f801d55e368f7ce7c10a97482808eeab9491f45f /lass | |
parent | 0c25e9790578821a1038831ea852c6bfbc83ff97 (diff) | |
parent | 56a0b3f0020b4465d1f1d573e5d427d8c702fd86 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/prism/config.nix | 15 | ||||
-rw-r--r-- | lass/1systems/prism/physical.nix | 14 | ||||
-rw-r--r-- | lass/1systems/yellow/config.nix | 92 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 2 | ||||
-rw-r--r-- | lass/2configs/default.nix | 5 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | lass/2configs/mail.nix | 2 | ||||
-rw-r--r-- | lass/2configs/reaktor-coders.nix | 194 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 24 |
9 files changed, 198 insertions, 151 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index df2778bef..23746d210 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -36,10 +36,10 @@ with import <stockholm/lib>; # TODO write function for proxy_pass (ssl/nonssl) krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; } ]; } { @@ -379,6 +379,7 @@ with import <stockholm/lib>; name = "download"; home = "/var/download"; useDefaultShell = true; + uid = genid "download"; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-shodan.pubkey @@ -420,6 +421,16 @@ with import <stockholm/lib>; { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } ]; } + { + nix.trustedUsers = [ "Mic92" ]; + users.users.Mic92 = { + uid = genid_uint31 "Mic92"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.Mic92.pubkey + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index a2b5efb29..9a84e9d63 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -63,9 +63,15 @@ defaultGateway = "95.216.1.129"; # Use google's public DNS server nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "95.216.1.150"; - prefixLength = 26; - }; + interfaces.eth0.ipv4.addresses = [ + { + address = "95.216.1.150"; + prefixLength = 26; + } + { + address = "95.216.1.130"; + prefixLength = 26; + } + ]; }; } diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 58fa564a1..9d8bcd7be 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -88,7 +88,7 @@ with import <stockholm/lib>; client dev tun proto udp - remote 82.102.16.229 1194 + remote 89.249.65.83 1194 resolv-retry infinite remote-random nobind @@ -103,13 +103,9 @@ with import <stockholm/lib>; reneg-sec 0 comp-lzo no - explicit-exit-notify 3 - remote-cert-tls server - #mute 10000 auth-user-pass ${toString <secrets/nordvpn.txt>} - verb 3 pull fast-io @@ -118,32 +114,33 @@ with import <stockholm/lib>; <ca> -----BEGIN CERTIFICATE----- - MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD - VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH - Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw - bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y - ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG - A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT - B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 - cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v - cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG - UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny - mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X - +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT - ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI - 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA - VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT - Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh - MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ - MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy - Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW - EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ - e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW - //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB - wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB - KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p - lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ + MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2 + MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV + BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI + hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF + kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr + XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU + eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV + skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu + MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA + 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR + hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s + Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy + WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6 + MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST + LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG + SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g + nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/ + k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S + DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/ + pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo + k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp + +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd + NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa + wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC + VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S + PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA== -----END CERTIFICATE----- </ca> key-direction 1 @@ -152,23 +149,24 @@ with import <stockholm/lib>; # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- - 49b2f54c6ee58d2d97331681bb577d55 - 054f56d92b743c31e80b684de0388702 - ad3bf51088cd88f3fac7eb0729f2263c - 51d82a6eb7e2ed4ae6dfa65b1ac764d0 - b9dedf1379c1b29b36396d64cb6fd6b2 - e61f869f9a13001dadc02db171f04c4d - c46d1132c1f31709e7b54a6eabae3ea8 - fbd2681363c185f4cb1be5aa42a27c31 - 21db7b2187fd11c1acf224a0d5a44466 - b4b5a3cc34ec0227fe40007e8b379654 - f1e8e2b63c6b46ee7ab6f1bd82f57837 - 92c209e8f25bc9ed493cb5c1d891ae72 - 7f54f4693c5b20f136ca23e639fd8ea0 - 865b4e22dd2af43e13e6b075f12427b2 - 08af9ffd09c56baa694165f57fe2697a - 3377fa34aebcba587c79941d83deaf45 + e685bdaf659a25a200e2b9e39e51ff03 + 0fc72cf1ce07232bd8b2be5e6c670143 + f51e937e670eee09d4f2ea5a6e4e6996 + 5db852c275351b86fc4ca892d78ae002 + d6f70d029bd79c4d1c26cf14e9588033 + cf639f8a74809f29f72b9d58f9b8f5fe + fc7938eade40e9fed6cb92184abb2cc1 + 0eb1a296df243b251df0643d53724cdb + 5a92a1d6cb817804c4a9319b57d53be5 + 80815bcfcb2df55018cc83fc43bc7ff8 + 2d51f9b88364776ee9d12fc85cc7ea5b + 9741c4f598c485316db066d52db4540e + 212e1518a9bd4828219e24b20d88f598 + a196c9de96012090e333519ae18d3509 + 9427e7b372d348d352dc4c85e18cd4b9 + 3f8a56ddb2e64eb67adfc9b337157ff4 -----END OpenVPN Static key V1----- </tls-auth> + ''; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index b8a0a9f2a..1d2d1173d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -74,7 +74,7 @@ in { nmap pavucontrol powertop - rxvt_unicode_with-plugins + rxvt_unicode-with-plugins sxiv taskwarrior termite diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 69e697a1d..2547e8bac 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,6 +2,7 @@ with import <stockholm/lib>; { config, pkgs, ... }: { imports = [ + <stockholm/krebs/2configs/nscd-fix.nix> ./binary-cache/client.nix ./gc.nix ./mc.nix @@ -81,9 +82,6 @@ with import <stockholm/lib>; services.timesyncd.enable = mkForce true; - #why is this on in the first place? - services.nscd.enable = false; - systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; @@ -115,6 +113,7 @@ with import <stockholm/lib>; #network iptables iftop + tcpdump #stuff for dl aria2 diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f487a9910..555295422 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -96,6 +96,7 @@ with import <stockholm/lib>; { from = "nordvpn@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; } { from = "nintendo@lassul.us"; to = lass.mail; } + { from = "overleaf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 3c19fe061..52d380b7c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -225,7 +225,7 @@ in { msmtp mutt pkgs.notmuch - pkgs.much + pkgs.haskellPackages.much tag-new-mails tag-old-mails ]; diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 7cdcdf20c..44d9d6866 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -1,99 +1,107 @@ { config, lib, pkgs, ... }: with import <stockholm/lib>; -{ - krebs.Reaktor.coders = { - nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" "#panthermoderns" ]; - extraEnviron = { - REAKTOR_HOST = "irc.hackint.org"; - }; - plugins = with pkgs.ReaktorPlugins; let - - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - - lambdabotflags = '' - -XStandaloneDeriving -XGADTs -XFlexibleContexts \ - -XFlexibleInstances -XMultiParamTypeClasses \ - -XOverloadedStrings -XFunctionalDependencies \''; - in [ - sed-plugin - url-title - (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-pl" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@pl $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-type" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@type $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-let" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@let $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-run" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@run $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "ping" { - pattern = "^!ping (?P<args>.*)$$"; - script = pkgs.writeDash "ping" '' - exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 - ''; - }) - (buildSimpleReaktorPlugin "google" { - pattern = "^!g (?P<args>.*)$$"; - script = pkgs.writeDash "google" '' - exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ - ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' - ''; - }) - (buildSimpleReaktorPlugin "blockchain" { - pattern = ".*[Bb]lockchain.*$$"; - script = pkgs.writeDash "blockchain" '' - exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline' - ''; - }) - (buildSimpleReaktorPlugin "shrug" { - pattern = "^!shrug$"; - script = pkgs.writeDash "shrug" '' - exec echo '¯\_(ツ)_/¯' - ''; - }) - (buildSimpleReaktorPlugin "flip" { - pattern = "^!flip$"; - script = pkgs.writeDash "shrug" '' - exec echo '(╯°□°)╯ ┻━┻' - ''; - }) +let + hooks = pkgs.reaktor2-plugins.hooks; +in { + krebs.reaktor2.coders = { + hostname = "irc.hackint.org"; + port = "9999"; + useTLS = true; + nick = "reaktor2|lass"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#coders" + "#germany" + "#panthermoderns" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.coders.stateDir; + hooks.PRIVMSG = [ + hooks.sed + hooks.url-title + { + activate = "match"; + pattern = ''@([^ ]+) (.*)$''; + command = 1; + arguments = [2]; + commands = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" '' + exec ${lambdabot}/bin/lambdabot \ + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \ + -e "$@" + ''; + in { + pl = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-pl" '' + ${lambdabotWrapper} "@pl $1" + ''; + }; + type = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-type" '' + ${lambdabotWrapper} "@type $1" + ''; + }; + "let" = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-let" '' + ${lambdabotWrapper} "@let $1" + ''; + }; + run = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-run" '' + ${lambdabotWrapper} "@run $1" + ''; + }; + kind = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-kind" '' + ${lambdabotWrapper} "@kind $1" + ''; + }; + }; + } + { + activate = "match"; + pattern = ''!([^ ]+)(?:\s*(.*))?''; + command = 1; + arguments = [2]; + commands = { + ping.filename = pkgs.writeDash "ping" '' + exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + google.filename = pkgs.writeDash "google" '' + exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ + ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' + ''; + shrug.filename = pkgs.writeDash "shrug" '' + exec echo '¯\_(ツ)_/¯' + ''; + table.filename = pkgs.writeDash "table" '' + exec echo '(╯°□°)╯ ┻━┻' + ''; + }; + } + ]; + }; + } ]; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 223fc73ba..7fb248139 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -155,6 +155,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.UBIK-SFTP = { + uid = genid_uint31 "UBIK-SFTP"; + home = "/home/UBIK-SFTP"; + useDefaultShell = true; + createHome = true; + }; + users.users.xanf = { uid = genid_uint31 "xanf"; home = "/home/xanf"; @@ -227,5 +234,22 @@ in { createHome = true; }; + services.restic.backups.domsen = { + initialize = true; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; + repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + passwordFile = toString <secrets> + "/domsen_backup_pw"; + paths = [ + "/srv/http" + "/home/domsen/Mail" + "/home/ms/Mail" + "/home/klabusterbeere/Mail" + "/home/jms/Mail" + "/home/bruno/Mail" + "/home/akayguen/Mail" + "/backups/sql_dumps" + ]; + }; + } |