From 7a8203e58c26f9533d2a7195ab1ae6d8b51ec812 Mon Sep 17 00:00:00 2001 From: dadada <dadada@dadada.li> Date: Wed, 21 Jun 2023 15:04:41 +0200 Subject: [PATCH] use backup VLAN and configure DDNS --- nixos/ninurta/configuration.nix | 23 +++++++++++++++++++++++ secrets/ddns-credentials.age | 11 +++++++++++ secrets/secrets.nix | 1 + 3 files changed, 35 insertions(+) create mode 100644 secrets/ddns-credentials.age diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 1217619..f128c54 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -76,6 +76,8 @@ in }; dadada.ddns.domains = [ "backup1.dadada.li" ]; + dadada.ddns.credentialsPath = config.age.secrets."ddns-credentials".path; + dadada.ddns.interface = "backup"; dadada.borgServer = { enable = true; @@ -118,6 +120,11 @@ in location = "/var/backup/postgresql"; }; + age.secrets."ddns-credentials" = { + file = "${secretsPath}/ddns-credentials.age"; + mode = "400"; + }; + age.secrets."ninurta-backup-passphrase" = { file = "${secretsPath}/ninurta-backup-passphrase.age"; mode = "400"; @@ -241,6 +248,10 @@ in matchConfig.Name = "enp*"; linkConfig.MACAddressPolicy = "persistent"; }; + "20-backup" = { + matchConfig.Name = "backup"; + linkConfig.MACAddressPolicy = "persistent"; + }; }; networks = { "10-wlan" = { @@ -256,6 +267,11 @@ in networkConfig.DHCP = "ipv4"; linkConfig.RequiredForOnline = "routable"; }; + "20-backup" = { + matchConfig.Name = "backup"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = false; + }; "10-hydra" = { matchConfig.Name = "hydra"; address = [ "10.3.3.3/24" ]; @@ -316,6 +332,13 @@ in }; }]; }; + "20-backup" = { + netdevConfig = { + Name = "backup"; + Kind = "vlan"; + }; + vlanConfig.Id = 13; + }; }; }; diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age new file mode 100644 index 0000000..f7b00b0 --- /dev/null +++ b/secrets/ddns-credentials.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 J6ROvw BhBy5hKm+udUmCgQOhVnFFaGSGOOKqxOkaZUcp7Wy3k +itvOOCUKNo0IseolH//6Uj1zEDt207HleT1YWnDogAg +-> ssh-ed25519 Otklkw /5YCYZwTZ//JfGJzIIizcwhqem1P/ZTDdhJFfEjQQX4 +z7WS/uHDKGyuUP+ZKVVVc8b4bybsaQH6XrxOO3vOg1Q +-> n\fdBI(-grease -PZuR<|s w,[Y J* h~ +mwA80O5+Q8KqYJSYneiqKcP5tbDgA0GI9AuDOjbFPFcb8evizd0RJxHdw9lDtIf1 +EBddBaL+m0/JjzvGE+Y +--- ybCpT9fTz498c//mW49ziO5Qcpl+hJGly/qm9lzZR4s +���7#��:EP�b5�2��@��K�U���VM��UAP_��J x���0>��3 � +���-�f��� \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index fe31719..3cdc77b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,6 +23,7 @@ in "paperless.age".publicKeys = [ systems.gorgon dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; + "ddns-credentials.age".publicKeys = [ systems.ninurta dadada ]; } // backupSecrets "ninurta" // backupSecrets "gorgon" //