os/hosts/droppie/droppie.nix

60 lines
1.5 KiB
Nix
Raw Normal View History

2022-08-23 16:23:08 +00:00
{ config, pkgs, lib, self, ... }:
2022-08-13 16:08:27 +00:00
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
config = {
hardware.cpu.intel.updateMicrocode = true;
2022-08-14 15:51:01 +00:00
pub-solar.core.disk-encryption-active = false;
2022-08-13 18:15:22 +00:00
security.sudo.extraRules = [
{
users = [ "${psCfg.user.name}" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
systemd.user.services.ssh-tunnel-cloud-pub-solar = {
unitConfig = {
Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
After = [ "network.target" ];
};
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
Restart = "always";
RestartSec = "5s";
};
wantedBy = [ "multi-user.target" ];
};
2022-08-23 16:04:21 +00:00
services.ddclient = {
enable = true;
ipv6 = true;
domains = [ "backup.b12f.io" ];
server = "ddns.hosting.de";
2022-08-23 16:23:08 +00:00
username = "b12f";
2022-08-23 16:04:21 +00:00
use = "web, web=http://checkip6.spdyn.de/, web-skip=''";
passwordFile = "/run/agenix/dyndns-droppie.key";
};
age.secrets."dyndns-droppie.key" = {
file = "${self}/secrets/dyndns-droppie.key";
mode = "400";
owner = "root";
};
2022-08-13 16:08:27 +00:00
};
}