Rename server 2 to bigding

2022-07-26 16:06:32 +01:00
parent 912908f1af
commit 9954c0f177
16 changed files with 158 additions and 109 deletions
--- a/hosts/dingserver2/caddy.nix
+++ b/hosts/dingserver2/caddy.nix
@@ -74,6 +74,15 @@
          reverse_proxy localhost:8096
        '';
      };
+
+      "bigding.squirrel-clownfish.ts.net" = {
+        extraConfig = ''
+          tls {
+            get_certificate tailscale
+          }
+          reverse_proxy localhost:9091
+        '';
+      };
    };
  };
 }
--- a/hosts/dingserver2/configuration.nix
+++ b/hosts/dingserver2/configuration.nix
@@ -25,7 +25,7 @@
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only

  networking = {
-    hostName = "dingserver2";
+    hostName = "bigding";
    interfaces.ens3.useDHCP = true;

    firewall.interfaces = {
@@ -37,6 +37,18 @@

  services.jellyfin.enable = true;

+  services.transmission = {
+    enable = true;
+    settings = {
+      rpc-host-whitelist-enable = true;
+      rpc-host-whitelist = "bigding.squirrel-clownfish.ts.net";
+    };
+  };
+
+  services.tailscale.permitCertUid = "caddy";
+  
+  users.users."daniel".extraGroups = ["transmission"];
+  
  environment.systemPackages = with pkgs; [
    helix
    kitty # For terminfo
--- a/hosts/dingserver2/hardware-configuration.nix
+++ b/hosts/dingserver2/hardware-configuration.nix
--- a/hosts/dingserver2/prometheus.nix
+++ b/hosts/dingserver2/prometheus.nix
--- a/hosts/dingserver2/rclone.nix
+++ b/hosts/dingserver2/rclone.nix
@@ -5,14 +5,19 @@
 }: let
  mountdir = "/var/media/dungflix";

-  file = ''
+  rclone_config = pkgs.writeText "" ''
    [dungflix]
    type = b2
+
+    [dungflix-vault]
+    type = crypt
+    remote = dungflix:dungflix-bucket
  '';
 in {
  age.secrets = {
    dungflix_bucket_account_id.file = ../../secrets/dungflix_bucket_account_id.age;
    dungflix_bucket_account_key.file = ../../secrets/dungflix_bucket_account_key.age;
+    dungflix_crypt_remote_obscured_pass.file = ../../secrets/dungflix_crypt_remote_obscured_pass.age;
  };
  systemd.services.dungflix-mount = {
    description = "Mount the Backblaze B2 media store";
@@ -24,15 +29,25 @@ in {
    script = ''
      export RCLONE_B2_ACCOUNT=''$(cat ${config.age.secrets.dungflix_bucket_account_id.path})
      export RCLONE_B2_KEY=''$(cat ${config.age.secrets.dungflix_bucket_account_key.path})
-      ${pkgs.rclone}/bin/rclone --config="${pkgs.writeText "" file}" mount dungflix:dungflix-bucket ${mountdir} \
+      export RCLONE_CRYPT_PASSWORD=''$(cat ${config.age.secrets.dungflix_crypt_remote_obscured_pass.path})
+      ${pkgs.rclone}/bin/rclone --config="${rclone_config}" mount dungflix-vault: ${mountdir} \
+        --transfers 32 \
        --vfs-cache-mode full \
-        --vfs-cache-max-age 48h \
-        --vfs-cache-max-size 100G \
+        --vfs-cache-max-age 168h \
+        --vfs-cache-max-size 200G \
        --allow-other \
        --no-modtime \
-        --buffer-size 2G \
-        -vvv
+        --buffer-size 4G \
+        --rc \
+        --rc-no-auth \
+        -vv
    '';
-    postStop = "fusermount -u ${mountdir}";
+    postStart = ''
+      sleep 5
+      ${pkgs.rclone}/bin/rclone --config="${rclone_config}" rc vfs/refresh recursive=true _async=true
+    '';
+    serviceConfig = {
+      Restart = "on-failure";
+    };
  };
 }
--- a/hosts/dingserver2/synapse.nix
+++ b/hosts/dingserver2/synapse.nix
@@ -8,6 +8,17 @@
 in {
  services.postgresql = {
    enable = true;
+    ensureUsers = [
+      {
+        name = "matrix-synapse";
+        ensurePermissions = {
+            "DATABASE synapse" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+    ensureDatabases = [
+      "synapse"
+    ];
  };

  services.matrix-synapse = {
--- a/hosts/dingserver2/tmux.nix
+++ b/hosts/dingserver2/tmux.nix