Merge branch 'development'

2025-01-22 20:47:01 +00:00 · 2025-01-22 20:47:01 +00:00 · 41e0737541
parent daef8c69a5 d89fe5e5e7
commit 41e0737541
9 changed files with 58 additions and 25 deletions
--- a/hosts/common/optional/arion-containers/arrstack.nix
+++ b/hosts/common/optional/arion-containers/arrstack.nix
@ -1,5 +1,4 @@
-{config, ...}: 
-let
+{config, ...}: let
  openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path;
  openVpnUser = config.sops.secrets."software/proton/openvpn_user".path;
 in {
@ -8,6 +7,18 @@ in {
    "software/proton/openvpn_user" = {};
  };

+  networking = {
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        6887
+      ];
+      allowedUDPPorts = [
+        6887
+      ];
+    };
+  };
+
  virtualisation.arion = {
    backend = "podman-socket";
    projects.arrstack = {
@ -31,6 +42,7 @@ in {
            VPN_SERVICE_PROVIDER = "protonvpn";
            VPN_TYPE = "openvpn";
            SERVER_COUNTRIES = "Switzerland";
+            VPN_PORT_FORWARDING = "on";
          };
          devices = ["/dev/net/tun:/dev/net/tun"];
        };
@ -41,7 +53,7 @@ in {
          restart = "always";
          volumes = [
            "/srv/docker/media-server/arrstack/qbittorrent:/config"
-            "/media/media:/media"
+            "/media/media/downloads:/downloads"
          ];
          environment = {
            TZ = "Europe/London";
@ -52,7 +64,6 @@ in {
          };
          network_mode = "service:gluetun";
        };
-
      };
    };
  };
--- a/hosts/common/optional/nixos-containers/baseddata-worker.nix
+++ b/hosts/common/optional/nixos-containers/baseddata-worker.nix
@ -17,6 +17,14 @@ in {
    ];
  };

+  services.restic.backups = {
+    daily = {
+      paths = [
+        baseddataData
+      ];
+    };
+  };
+
  networking.nat.enable = true;
  networking.nat.internalInterfaces = ["ve-+"];
  networking.nat.externalInterface = "br0";
--- a/hosts/common/optional/nixos-containers/docker.nix
+++ b/hosts/common/optional/nixos-containers/docker.nix
@ -23,8 +23,6 @@ in {
      paths = [
        dockerContainerData
      ];
-      exclude = [
-      ];
    };
  };

--- a/hosts/common/optional/nixos-containers/metrics-server.nix
+++ b/hosts/common/optional/nixos-containers/metrics-server.nix
@ -21,8 +21,6 @@ in {
      paths = [
        metricsServerContainerData
      ];
-      exclude = [
-      ];
    };
  };

--- a/hosts/common/optional/nixos-containers/nix-bitcoin.nix
+++ b/hosts/common/optional/nixos-containers/nix-bitcoin.nix
@ -10,6 +10,7 @@
  containerIp = configVars.networking.addresses.bitcoin-node.ip;
  mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
  bitcoinNodeContainerData = configVars.locations.bitcoinNodeContainerData;
+  bitcoindData = configVars.locations.bitcoindData;
  gatewayIp = configVars.networking.addresses.gateway.ip;
  allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
  pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
@ -19,10 +20,7 @@ in {
    daily = {
      paths = [
        bitcoinNodeContainerData
-      ];
-      exclude = [
-        "${bitcoinNodeContainerData}/bitcoind"
-        "${bitcoinNodeContainerData}/electrs"
+        bitcoindData
      ];
    };
  };
@ -48,6 +46,10 @@ in {
        hostPath = bitcoinNodeContainerData;
        isReadOnly = false;
      };
+      "/var/lib/bitcoind" = {
+        hostPath = bitcoindData;
+        isReadOnly = false;
+      };
    };

    config = {
--- a/hosts/common/optional/nixos-containers/pihole.nix
+++ b/hosts/common/optional/nixos-containers/pihole.nix
@ -21,8 +21,6 @@ in {
      paths = [
        piholeContainerData
      ];
-      exclude = [
-      ];
    };
  };

--- a/hosts/common/optional/nixos-containers/semitamaps-worker.nix
+++ b/hosts/common/optional/nixos-containers/semitamaps-worker.nix
@ -24,6 +24,14 @@ in {
    ];
  };

+  services.restic.backups = {
+    daily = {
+      paths = [
+        semitamapsData
+      ];
+    };
+  };
+
  containers."${containerName}" = {
    enableTun = true;

--- a/hosts/merlin/default.nix
+++ b/hosts/merlin/default.nix
@ -12,6 +12,8 @@
  btrfsMountDevice = "/dev/disk/by-id/wwn-0x5001b448b5f7cc7f-part2";
  impermanence = true;

+  homeshareDataLocation = configVars.locations.homeshareDataLocation;
+
  piholeIp = configVars.networking.addresses.pihole.ip;
  gatewayIp = configVars.networking.addresses.gateway.ip;
  merlinIp = configVars.networking.addresses.merlin.ip;
@ -110,6 +112,14 @@ in {
    ];
  };

+  services.restic.backups = {
+    daily = {
+      paths = [
+        homeshareDataLocation
+      ];
+    };
+  };
+
  # Enable OpenGL
  hardware.graphics = {
    enable = true;
--- a/vars/default.nix
+++ b/vars/default.nix
@ -8,16 +8,16 @@
    mediaDataMountPoint = "/media/media";
    photosDataMountPoint = "/media/photos";
    personalDataMountPoint = "/media/personal";
-
    homeshareDataLocation = "/mnt/main-ssd/homeshare";
    metricsServerContainerData = "/mnt/main-ssd/metrics-server";
    dockerContainerData = "/mnt/main-ssd/docker";
    piholeContainerData = "/mnt/main-ssd/docker/pihole";
-    bitcoinNodeContainerData = "/mnt/main-ssd/nix-bitcoin";
-    backupContainerData = "/mnt/main-ssd/backup";
-    postgresContainerData = "/mnt/main-ssd/postgresql";
-    semitamapsData = "/mnt/main-ssd/semitamaps-data";
    baseddataData = "/mnt/main-ssd/baseddata-data";
+    bitcoinNodeContainerData = "/mnt/main-ssd/nix-bitcoin";
+    bitcoindData = "/mnt/btcnode/bitcoind";
+    backupContainerData = "/mnt/deepzfs/backup";
+    postgresContainerData = "/mnt/nvme-zpool/postgresql";
+    semitamapsData = "/mnt/nvme-zpool/semitamaps-data";
  };

 }