From acf5706bf6c0a2a60be7a60595fcb632e19947d7 Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 22 Jan 2025 19:15:53 +0000 Subject: [PATCH 1/3] change data drive locations and minor backup modifications --- .../optional/nixos-containers/baseddata-worker.nix | 8 ++++++++ hosts/common/optional/nixos-containers/docker.nix | 2 -- .../optional/nixos-containers/metrics-server.nix | 2 -- hosts/common/optional/nixos-containers/nix-bitcoin.nix | 10 ++++++---- hosts/common/optional/nixos-containers/pihole.nix | 2 -- .../optional/nixos-containers/semitamaps-worker.nix | 8 ++++++++ hosts/merlin/default.nix | 10 ++++++++++ vars/default.nix | 10 +++++----- 8 files changed, 37 insertions(+), 15 deletions(-) diff --git a/hosts/common/optional/nixos-containers/baseddata-worker.nix b/hosts/common/optional/nixos-containers/baseddata-worker.nix index 3e7a98c..f6f5038 100644 --- a/hosts/common/optional/nixos-containers/baseddata-worker.nix +++ b/hosts/common/optional/nixos-containers/baseddata-worker.nix @@ -17,6 +17,14 @@ in { ]; }; + services.restic.backups = { + daily = { + paths = [ + baseddataData + ]; + }; + }; + networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.externalInterface = "br0"; diff --git a/hosts/common/optional/nixos-containers/docker.nix b/hosts/common/optional/nixos-containers/docker.nix index af4e4a2..a8ba7a0 100644 --- a/hosts/common/optional/nixos-containers/docker.nix +++ b/hosts/common/optional/nixos-containers/docker.nix @@ -23,8 +23,6 @@ in { paths = [ dockerContainerData ]; - exclude = [ - ]; }; }; diff --git a/hosts/common/optional/nixos-containers/metrics-server.nix b/hosts/common/optional/nixos-containers/metrics-server.nix index 29e062e..e777228 100644 --- a/hosts/common/optional/nixos-containers/metrics-server.nix +++ b/hosts/common/optional/nixos-containers/metrics-server.nix @@ -21,8 +21,6 @@ in { paths = [ metricsServerContainerData ]; - exclude = [ - ]; }; }; diff --git a/hosts/common/optional/nixos-containers/nix-bitcoin.nix b/hosts/common/optional/nixos-containers/nix-bitcoin.nix index 95eccd2..8946f1d 100644 --- a/hosts/common/optional/nixos-containers/nix-bitcoin.nix +++ b/hosts/common/optional/nixos-containers/nix-bitcoin.nix @@ -10,6 +10,7 @@ containerIp = configVars.networking.addresses.bitcoin-node.ip; mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port; bitcoinNodeContainerData = configVars.locations.bitcoinNodeContainerData; + bitcoindData = configVars.locations.bitcoindData; gatewayIp = configVars.networking.addresses.gateway.ip; allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip; pubKeys = lib.filesystem.listFilesRecursive ../../users/keys; @@ -19,10 +20,7 @@ in { daily = { paths = [ bitcoinNodeContainerData - ]; - exclude = [ - "${bitcoinNodeContainerData}/bitcoind" - "${bitcoinNodeContainerData}/electrs" + bitcoindData ]; }; }; @@ -48,6 +46,10 @@ in { hostPath = bitcoinNodeContainerData; isReadOnly = false; }; + "/var/lib/bitcoind" = { + hostPath = bitcoindData; + isReadOnly = false; + }; }; config = { diff --git a/hosts/common/optional/nixos-containers/pihole.nix b/hosts/common/optional/nixos-containers/pihole.nix index 781a4e9..edcc740 100644 --- a/hosts/common/optional/nixos-containers/pihole.nix +++ b/hosts/common/optional/nixos-containers/pihole.nix @@ -21,8 +21,6 @@ in { paths = [ piholeContainerData ]; - exclude = [ - ]; }; }; diff --git a/hosts/common/optional/nixos-containers/semitamaps-worker.nix b/hosts/common/optional/nixos-containers/semitamaps-worker.nix index 7e24e52..23d7ab8 100644 --- a/hosts/common/optional/nixos-containers/semitamaps-worker.nix +++ b/hosts/common/optional/nixos-containers/semitamaps-worker.nix @@ -24,6 +24,14 @@ in { ]; }; + services.restic.backups = { + daily = { + paths = [ + semitamapsData + ]; + }; + }; + containers."${containerName}" = { enableTun = true; diff --git a/hosts/merlin/default.nix b/hosts/merlin/default.nix index 9442dea..fa692fa 100644 --- a/hosts/merlin/default.nix +++ b/hosts/merlin/default.nix @@ -12,6 +12,8 @@ btrfsMountDevice = "/dev/disk/by-id/wwn-0x5001b448b5f7cc7f-part2"; impermanence = true; + homeshareDataLocation = configVars.locations.homeshareDataLocation; + piholeIp = configVars.networking.addresses.pihole.ip; gatewayIp = configVars.networking.addresses.gateway.ip; merlinIp = configVars.networking.addresses.merlin.ip; @@ -110,6 +112,14 @@ in { ]; }; + services.restic.backups = { + daily = { + paths = [ + homeshareDataLocation + ]; + }; + }; + # Enable OpenGL hardware.graphics = { enable = true; diff --git a/vars/default.nix b/vars/default.nix index 4cd2aab..3acbb18 100644 --- a/vars/default.nix +++ b/vars/default.nix @@ -8,16 +8,16 @@ mediaDataMountPoint = "/media/media"; photosDataMountPoint = "/media/photos"; personalDataMountPoint = "/media/personal"; - homeshareDataLocation = "/mnt/main-ssd/homeshare"; metricsServerContainerData = "/mnt/main-ssd/metrics-server"; dockerContainerData = "/mnt/main-ssd/docker"; piholeContainerData = "/mnt/main-ssd/docker/pihole"; - bitcoinNodeContainerData = "/mnt/main-ssd/nix-bitcoin"; - backupContainerData = "/mnt/main-ssd/backup"; - postgresContainerData = "/mnt/main-ssd/postgresql"; - semitamapsData = "/mnt/main-ssd/semitamaps-data"; baseddataData = "/mnt/main-ssd/baseddata-data"; + bitcoinNodeContainerData = "/mnt/main-ssd/nix-bitcoin"; + bitcoindData = "/mnt/btcnode/bitcoind"; + backupContainerData = "/mnt/deepzfs/backup"; + postgresContainerData = "/mnt/nvme-zpool/postgresql"; + semitamapsData = "/mnt/nvme-zpool/semitamaps-data"; }; } From 46cc81b5e99f69faace001b08ef0d981f41b5fbb Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 22 Jan 2025 20:08:13 +0000 Subject: [PATCH 2/3] port forwarding in gluetun container --- .../optional/arion-containers/arrstack.nix | 29 +++++++++++++------ 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/hosts/common/optional/arion-containers/arrstack.nix b/hosts/common/optional/arion-containers/arrstack.nix index 6a57033..0dfa389 100644 --- a/hosts/common/optional/arion-containers/arrstack.nix +++ b/hosts/common/optional/arion-containers/arrstack.nix @@ -1,5 +1,4 @@ -{config, ...}: -let +{config, ...}: let openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path; openVpnUser = config.sops.secrets."software/proton/openvpn_user".path; in { @@ -8,6 +7,18 @@ in { "software/proton/openvpn_user" = {}; }; + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ + 6887 + ]; + allowedUDPPorts = [ + 6887 + ]; + }; + }; + virtualisation.arion = { backend = "podman-socket"; projects.arrstack = { @@ -19,7 +30,7 @@ in { "6887:6887/udp" # qbittorrent torrenting port ]; image = "qmcgaw/gluetun"; - capabilities = { NET_ADMIN = true; }; + capabilities = {NET_ADMIN = true;}; container_name = "glutun"; restart = "always"; volumes = [ @@ -31,6 +42,7 @@ in { VPN_SERVICE_PROVIDER = "protonvpn"; VPN_TYPE = "openvpn"; SERVER_COUNTRIES = "Switzerland"; + VPN_PORT_FORWARDING = "on"; }; devices = ["/dev/net/tun:/dev/net/tun"]; }; @@ -44,15 +56,14 @@ in { "/media/media:/media" ]; environment = { - TZ="Europe/London"; - WEBUI_PORT=8076; - TORRENTING_PORT=6887; - PUID=1000; - PGID=1000; + TZ = "Europe/London"; + WEBUI_PORT = 8076; + TORRENTING_PORT = 6887; + PUID = 1000; + PGID = 1000; }; network_mode = "service:gluetun"; }; - }; }; }; From d89fe5e5e71d1ef9247c49e99e36e387b143fb64 Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 22 Jan 2025 20:46:37 +0000 Subject: [PATCH 3/3] change qbittorrent data mount dir --- hosts/common/optional/arion-containers/arrstack.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/common/optional/arion-containers/arrstack.nix b/hosts/common/optional/arion-containers/arrstack.nix index 0dfa389..5eed23d 100644 --- a/hosts/common/optional/arion-containers/arrstack.nix +++ b/hosts/common/optional/arion-containers/arrstack.nix @@ -53,7 +53,7 @@ in { restart = "always"; volumes = [ "/srv/docker/media-server/arrstack/qbittorrent:/config" - "/media/media:/media" + "/media/media/downloads:/downloads" ]; environment = { TZ = "Europe/London";