Merge

2023-06-09 15:07:00 +02:00 · 2023-06-09 15:07:00 +02:00 · c1ab40ec04
commit c1ab40ec04
parent 7e0a7fb1bc 1e394c925b
15 changed files with 135 additions and 59 deletions
--- a/nixos/hosts/hades/attic/configuration.nix
+++ b/nixos/hosts/hades/attic/configuration.nix
@ -18,10 +18,21 @@ in {
  # Additional packages
  environment.systemPackages = with pkgs; [ ];

-  vault-secrets.secrets.attic = {
-    services = [ "atticd" ];
-   };
+  vault-secrets.secrets.attic = { services = [ "atticd" ]; };

+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_15;
+    ensureDatabases = [ "atticd" ];
+    ensureUsers = [{
+      name = "atticd";
+      ensurePermissions = {
+        "DATABASE atticd" = "ALL PRIVILEGES";
+        "schema public" = "ALL";
+      };
+    }];
+
+  };

  services.atticd = {
    enable = true;
@ -44,6 +55,8 @@ in {
        level = 8;
      };

+      database.url = "postgresql://atticd?host=/run/postgresql";
+
      storage = {
        type = "s3";
        region = "hades";
--- a/nixos/hosts/hades/dns/configuration.nix
+++ b/nixos/hosts/hades/dns/configuration.nix
@ -21,7 +21,10 @@
  services.unbound.settings.server = {
    local-zone = [
      "xirion.net typetransparent"
+      "attic.xirion.net typetransparent"
      "o.xirion.net typetransparent"
+      "attic.xirion.net typetransparent"
+      "g.xirion.net typetransparent"
      "fedi-media.xirion.net typetransparent"
      "hades.xirion.net typetransparent"
      "requests.xirion.net typetransparent"
@ -31,8 +34,11 @@

    local-data = [
      ''"xirion.net A 192.168.0.122"''
+      ''"attic.xirion.net A 192.168.0.122"''
      ''"hades.xirion.net A 192.168.0.122"''
      ''"o.xirion.net A 192.168.0.122"''
+      ''"attic.xirion.net A 192.168.0.122"''
+      ''"g.xirion.net A 192.168.0.122"''
      ''"fedi-media.xirion.net A 192.168.0.122"''
      ''"requests.xirion.net A 192.168.0.122"''
      ''"ha.xirion.net A 192.168.0.122"''
--- a/nixos/hosts/hades/nginx/configuration.nix
+++ b/nixos/hosts/hades/nginx/configuration.nix
@ -36,7 +36,7 @@ in {
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedBrotliSettings = true;
-    clientMaxBodySize = "500m";
+    clientMaxBodySize = "1024m";

    package = pkgs.nginxMainline;

@ -59,6 +59,7 @@ in {
    virtualHosts."git.xirion.net" = proxy "http://10.10.10.12";
    virtualHosts."mail.xirion.net" = proxy "http://192.168.0.118";
    virtualHosts."o.xirion.net" = proxy "http://192.168.0.112:9000";
+    virtualHosts."g.xirion.net" = proxy "http://garage.hades:3900";
    virtualHosts."requests.xirion.net" = proxy "http://overseerr.hades:5055";
    virtualHosts."pass.xirion.net" = proxy "http://bitwarden_rs";
    virtualHosts."repo.xirion.net" = proxy "http://archlinux";
--- a/nixos/hosts/hades/rtorrent/configuration.nix
+++ b/nixos/hosts/hades/rtorrent/configuration.nix
@ -34,12 +34,20 @@ in {
      privateKeyFile = "${vs.rtorrent}/wireguardKey";
      postUp = "${postUpScript}/bin/post_up || true";

-      peers = [{
-        publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
-        allowedIPs = [ "0.0.0.0/0" "::/0" ];
-        endpoint = "185.65.134.82:51820";
-        persistentKeepalive = 25;
-      }];
+      peers = [
+        {
+          publicKey = "33BoONMGCm2vknq2eq72eozRsHmHQY6ZHEEZ4851TkY=";
+          allowedIPs = [ "0.0.0.0/0" "::/0"];
+          endpoint = "193.32.249.70:51820";
+          persistentKeepalive = 25;
+        }
+        # {
+        # publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
+        # allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        # endpoint = "185.65.134.82:51820";
+        # persistentKeepalive = 25;
+        # }
+      ];
    };
  };
 }