kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

format

Browse Source
This commit is contained in:
Kierán Meinhardt
2025-12-28 13:39:42 +01:00
parent 51533efeda
commit c15f5375e2
28 changed files with 576 additions and 475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
systems/zaatar/backup.nix
View File

@@ -3,15 +3,17 @@
pkgs,
lib,
...
}: let
}:
let
dataDir = "/backup/restic";
in {
in
{
services.restic.server = {
enable = true;
appendOnly = true;
inherit dataDir;
prometheus = true;
extraFlags = ["--no-auth"]; # auth is done via firewall
extraFlags = [ "--no-auth" ]; # auth is done via firewall
listenAddress = toString pkgs.lib.niveum.restic.port;
};
@@ -26,33 +28,35 @@ in {
fsType = "ext4";
};
networking.firewall = let
dport = pkgs.lib.niveum.restic.port;
protocol = "tcp";
rules = [
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4;
})
];
in {
extraCommands = pkgs.lib.niveum.firewall.addRules rules;
extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
};
networking.firewall =
let
dport = pkgs.lib.niveum.restic.port;
protocol = "tcp";
rules = [
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4;
})
];
in
{
extraCommands = pkgs.lib.niveum.firewall.addRules rules;
extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
};
}