diff --git a/hosts/dingserver/rclone.nix b/hosts/dingserver/rclone.nix index 17b46d8..3db13f9 100644 --- a/hosts/dingserver/rclone.nix +++ b/hosts/dingserver/rclone.nix @@ -8,11 +8,16 @@ file = '' [dungflix] type = b2 + + [dungflix-vault] + type = crypt + remote = dungflix:dungflix-bucket ''; in { age.secrets = { dungflix_bucket_account_id.file = ../../secrets/dungflix_bucket_account_id.age; dungflix_bucket_account_key.file = ../../secrets/dungflix_bucket_account_key.age; + dungflix_crypt_remote_obscured_pass.file = ../../secrets/dungflix_crypt_remote_obscured_pass.age; }; systemd.services.dungflix-mount = { description = "Mount the Backblaze B2 media store"; @@ -24,15 +29,23 @@ in { script = '' export RCLONE_B2_ACCOUNT=''$(cat ${config.age.secrets.dungflix_bucket_account_id.path}) export RCLONE_B2_KEY=''$(cat ${config.age.secrets.dungflix_bucket_account_key.path}) - ${pkgs.rclone}/bin/rclone --config="${pkgs.writeText "" file}" mount dungflix:dungflix-bucket ${mountdir} \ + export RCLONE_CRYPT_PASSWORD=''$(cat ${config.age.secrets.dungflix_crypt_remote_obscured_pass.path}) + ${pkgs.rclone}/bin/rclone --config="${pkgs.writeText "" file}" mount dungflix-vault: ${mountdir} \ + --transfers 32 \ --vfs-cache-mode full \ - --vfs-cache-max-age 48h \ + --vfs-cache-max-age 168h \ --vfs-cache-max-size 100G \ --allow-other \ --no-modtime \ --buffer-size 2G \ - -vvv + --fast-list \ + --rc \ + --rc-no-auth \ + -vv + ''; + postStart = '' + sleep 5 + ${pkgs.rclone}/bin/rclone rc vfs/refresh recursive=true _async=true ''; - postStop = "fusermount -u ${mountdir}"; }; } diff --git a/secrets/dungflix_crypt_remote_obscured_pass.age b/secrets/dungflix_crypt_remote_obscured_pass.age new file mode 100644 index 0000000..accf32e --- /dev/null +++ b/secrets/dungflix_crypt_remote_obscured_pass.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> ssh-ed25519 eYYv1Q Ri4RQl9mOus2QIc66lZJu42a4RoKszuLAf24wrJ0gTU +Od0pYVFw83zJtMy4qRazVKYdN1CAl854LCQMHKKrMWI +-> ssh-ed25519 Bp5IaA AxvFdHIXsB2m53sJmJ88xAsrqPuGZai8cmg9uS9lyQs +mXQyRTx5R9BS3S7PzpbL+0LZgQWXIzibw9Q6kvIM0HU +-> ssh-ed25519 T/DpgA EiTxdl7hNm0YT/DStbkiMjsND7c3W5m+9c9IF2EkZhA +c1qlwzN9mkoAZVun2p1qNs+PEkURvy9PEIp/dbFrAR8 +-> ssh-ed25519 qMgRFg 0/DYlYNpoBw0rw3J7h+41QoVxVs8Rf5UHICCidg3XjQ +eY+GeESrCCgb8dsU5nYndGwPmZEIXlBye65pRFj8A98 +-> ssh-ed25519 GzHGXw gm0B2SupF0ClywijhXzH54dxMvlyTkNV8J5b6d5innQ +es3Y2pWvbEgPuk75bNLflZGluvfkvMo/ZP0haeJ3hMY +-> G-grease KrDpKj +K8OS1t1RFMg+g7UUV0DIE8GZ0uq/nSI/PYn6PPc0l5eMQtY43yYM+6BMHo4 +--- o+/vzZhLVMl98K6lsA+ajy86cU1rNlRMyZOS3xDKdwA +Í +9+[9DhsJ\'Jix,]قoPd.lK{5GlaՍbrq˳D_Ɗ KyN/ݏ; \ No newline at end of file diff --git a/secrets/dungflix_crypt_remote_pass.age b/secrets/dungflix_crypt_remote_pass.age new file mode 100644 index 0000000..a519263 --- /dev/null +++ b/secrets/dungflix_crypt_remote_pass.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> ssh-ed25519 eYYv1Q 9IgOw7ZDBzu2zfk634z4jqpiE/2L8USNaUGe/YXQGmo +jzqRh2dW2tpItrXStlaV/2ye422c9Zj5tG7cKAhySdQ +-> ssh-ed25519 Bp5IaA qkHoHaSqfm6G8nuu1aATJi7wcp5rYe4PVKN/xp+0UnY +osoRd4i56Xh7zTru6Juj2HyrJNPqivwpHe6aK7+pmd8 +-> ssh-ed25519 T/DpgA ybfFgOgMpPqvhUcys77ke0w301ZVAcGQXhmcip5wOXo +pyPe5wZCMVPVD0s9NbMXyq2kipcvuwAK3S0Tv7Bj4Wc +-> ssh-ed25519 qMgRFg hk7ceQIqtvqggk0Jyg/sDk7aUT3/sfkyvPWbC/8Q6VI +2per2s5msXlUUKI+w+uAaA5suHzAmb7TSKezcGekjmM +-> ssh-ed25519 GzHGXw Sj9hiYHxRWWAvgIBpKvrxtpPQInvT7gRSAjsRxnHdXQ +klgWxjpCBdEVthnHLw19otQxaPM3yFAPJ99JKFPzh9c +-> ]p-grease x*NAtKPV N6.Z{NW +yAbnz4dn7fdO9BUVHKU36mBFcgxdoxDdc2+5eOoF3rYLW9Sjs5MO2j76H6XB7jMz +R5IxqCY0PJDYaqT7sdgisaBGqWfGFqWeIilNjQPI63Q +--- bkdnuj10yhn2hWVp2bRU1mOf8CFp3QQb1aGcTecqIDM +dQ>ZE:VCZ%H. WsCf$uY $ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 29bae21..05ae37e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,4 +21,6 @@ in { "rclone_password2.age".publicKeys = users ++ [system2]; "dungflix_bucket_account_id.age".publicKeys = users ++ [system2]; "dungflix_bucket_account_key.age".publicKeys = users ++ [system2]; + "dungflix_crypt_remote_obscured_pass.age".publicKeys = users ++ [system2]; + "dungflix_crypt_remote_pass.age".publicKeys = users ++ [system2]; }