2022-01-18 21:29:30 +01:00
|
|
|
{ lib, ... }:
|
|
|
|
|
let
|
|
|
|
|
niveumLib = import <niveum/lib>;
|
2022-01-18 23:28:53 +01:00
|
|
|
inherit (niveumLib) retiolumAddresses restic;
|
2022-01-18 21:29:30 +01:00
|
|
|
firewall = niveumLib.firewall lib;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
services.restic.server = {
|
|
|
|
|
enable = true;
|
|
|
|
|
appendOnly = true;
|
|
|
|
|
dataDir = "/backup/restic";
|
|
|
|
|
prometheus = true;
|
2022-01-18 23:28:53 +01:00
|
|
|
extraFlags = [ "--no-auth" ]; # auth is done via firewall
|
|
|
|
|
listenAddress = ":${toString restic.port}";
|
2022-01-18 21:29:30 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.firewall =
|
|
|
|
|
let
|
2022-01-18 23:28:53 +01:00
|
|
|
dport = restic.port;
|
2022-01-18 21:29:30 +01:00
|
|
|
protocol = "tcp";
|
|
|
|
|
rules = [
|
|
|
|
|
(firewall.accept { inherit dport protocol; source = retiolumAddresses.kabsa.ipv4; })
|
|
|
|
|
(firewall.accept { inherit dport protocol; source = retiolumAddresses.manakish.ipv4; })
|
|
|
|
|
(firewall.accept { inherit dport protocol; source = retiolumAddresses.makanek.ipv4; })
|
|
|
|
|
];
|
|
|
|
|
in {
|
|
|
|
|
extraCommands = firewall.addRules rules;
|
|
|
|
|
extraStopCommands = firewall.removeRules rules;
|
|
|
|
|
};
|
|
|
|
|
}
|
