restructure folder organisation

machines/serverle/configuration.nix

@@ -0,0 +1,43 @@
+{ config, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./disks.nix
+    ./dyndns.nix
+    ./services.nix
+    ./syncthing.nix
+    ./wifi.nix
+    #../../legacy/modules/3d-printer.nix
+    ../../legacy/modules/avahi.nix
+    ../../legacy/modules/docker.nix
+    ../../legacy/modules/nix.nix
+    ../../legacy/modules/webapps/bazarr.nix
+    ../../legacy/modules/webapps/prowlarr.nix
+    ../../legacy/modules/webapps/radarr.nix
+    ../../legacy/modules/webapps/sonarr.nix
+  ];
+  networking.hostName = "serverle";
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    # disable gpg and thereby enable age
+    gnupg.sshKeyPaths = [ ];
+  };
+
+  #environment.noXlibs = true;
+
+  networking.firewall.allowedTCPPorts = [
+    8080 # aria
+  ];
+
+  # Nix
+  nix.gc = {
+    automatic = true;
+    options = "--delete-older-than 30d";
+  };
+
+  system = {
+    stateVersion = "22.05";
+    autoUpgrade.enable = true;
+  };
+}

machines/serverle/disks.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.initrd.luks.devices."luks-drive" = {
+    name = "luks-drive";
+    device = "/dev/disk/by-partlabel/Crypt";
+    preLVM = true;
+    allowDiscards = true;
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/serverle-root";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/serverle-bo";
+    fsType = "vfat";
+  };
+
+  fileSystems."/srv" = {
+    device = "/dev/disk/by-label/serverle-srv";
+    fsType = "ext4";
+  };
+
+  swapDevices = [{
+    device = "/dev/disk/by-label/serverle-swap";
+  }];
+}
+

machines/serverle/dyndns.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+{
+  services.ddclient = {
+    enable = true;
+    server = "dyndns.inwx.com";
+    username = "Stunkymonkey-dyndns";
+    passwordFile = "/root/.dyndns_password";
+    domains = [ "serverle.stunkymonkey.de" ];
+    ipv6 = true;
+  };
+}

machines/serverle/hardware-configuration.nix

@@ -0,0 +1,33 @@
+{ config, pkgs, lib, ... }:
+{
+  boot.loader = {
+    raspberryPi = {
+      firmwareConfig = ''
+        # Disable the ACT LED.
+        dtparam=act_led_trigger=none
+        dtparam=act_led_activelow=off
+        # Disable the PWR LED.
+        dtparam=pwr_led_trigger=none
+        dtparam=pwr_led_activelow=off
+
+        # Disable ethernet port LEDs
+        dtparam=eth0_led=4
+        dtparam=eth1_led=4
+    
+        # Disable SD-Card pools
+        dtparam=sd_pool_once=on
+      '';
+
+      # the bootloader has to be enabled for fat systems. for ext use the other one.
+      enable = true;
+      version = 4;
+    };
+    generic-extlinux-compatible.enable = false;
+  };
+
+  # Kernel configuration
+  boot.kernelParams = [ "cma=64M" "console=tty0" ];
+
+  # Fix wifi disconnect
+  networking.networkmanager.wifi.powersave = false;
+}

machines/serverle/secrets.yaml

@@ -0,0 +1,40 @@
+users:
+    felix:
+        password: ENC[AES256_GCM,data:mrG5gb0wbjA2S0sd,iv:86PZWbVR2BkB6+c9KrtnFh1j/kJtiFJXlXEQMFqEmZA=,tag:WUXrp4+/KW+X+wUp0omqdg==,type:str]
+wifi:
+    bismarck: ENC[AES256_GCM,data:6mcU+o6GiBelKq5Av2hJdHigf+yyQRO/qXV0DbGeri00CaO1cjjGka86C/t0NAoh8EaJeLPd6lZQspeUTIdqJMleQLhmq1zk1qGw65fvEphCsWkKUsUd6flWODdmll80mmYLpllX6hmZ8I/Of7EVZPn4WEiw4M2HB1UCw5+M0W2H0MJrjlskafbL9+uYtMeoUikXVMTYNAkX3+9+MZi3KzDMEc6JVt1fQZHjXkdeKx+2iVsaXEtXL72Dbj3ihlpA+WRhgZOmrrbablYde71mpzSuQ/yqeTZT+2NCMUmkYaj0dGz4FW0gJMPzjHjji8CopeOK7/CQM/MMWGFJXR2Xdea8X/YdDoVAz34WraGylYzK9e7a1C+s37mekt6c/bvuiQ==,iv:DH0LDw1pZ5m9RScJ3+IhjUb5JroLLOJ3jru7DwCKXv0=,tag:r57fz+W2nEybNqOc8eEDFA==,type:str]
+borgbackup:
+    password: ENC[AES256_GCM,data:vXa1LO8Akwume5PVsxny59H5FDI+HTo=,iv:RKiriS4VHP3HDMRPS5e3Fz5rsDMpqQpZgC7XFI3hAWU=,tag:XHZNH4cLJzmSuF6k+gJ3cg==,type:str]
+    private_ssh_key: ENC[AES256_GCM,data:GrK7aWNUZymdgCwqemKu/7Ruh7hduHPdStzCf326beBj4sCr2CXYo9HKCIJHSnRrywzT5gqWmcEFew9qo08G4kpxIeqthcpxsIaVYVqRjusT2WL6jiLHsGqMa2R+Vui2NO5ZuGrnTdS6CWxSpno0EjT2rNG29vA8Uhort7iANRVrY20MDpiAfU675yGThOvgR7833KODS0S+cKuKKq7/8qkSgVH4KIGqjGbRsVIlgFAs/eVNHS79NKR2XdU/uBi1ahH4bTvVuV6lJAoBYEwgfiHhuGaBayhqnEzWPyilme26xjZBw/0/itd7fhNnfpdMLnOqx56kQpJMVzOxd6chX3BQawsl42IyFuYbYqPICl1jjEqdHzEFbctgYS/p4iv59l6enw+vDb4T6Toa1fqAvJSiaKltinXjZsO1SqQVCQEdLEMgufn+3VsVXYQ9WHBH9RdqLJ1u79rFYGZtIkkNjJRnREHUISkYVCJrwzphi+p4teNWnMDCq/Is6oFdY2x8lVNRq2mHhoY7iLpCUzZj,iv:FIPsM1k42srkPUbOR5Ex7M3TnDUAYCZshWBGETbZlJE=,tag:1uiiqGjuQK2BB4nVV7h1KQ==,type:str]
+syncthing:
+    key: ENC[AES256_GCM,data:SilpQP29PbI6JNGX5/Ij9YDdwN5a0rDRKicduLZizoIkwPM4zhs4PHlQDhf20Q9IE9OLxI+6Ik57e28iPY0KDL5M/Qg6sPvUaOZBriM24dCYnq8MQMncfI2AnmUSLbelSkoumxlkhOdMjPWNhh1+qoNRQadLC7RTOcrr6rv7POEoHRMJye9fyMMgmoZqWNw9bGJOV5o2O5GGx/mSJDcaxnmNNXmhJ+HaCYOU6dJ0CD4ZiAGIchOwt5H281r9Fy4qQNoQh9F00adv4X9/NN2FsbN4z9HSqikYLDtpRC14Osw/qIJ1tHK4r1KL5azmsJTG7lSd0V57LA5PwWz1WX5gMzWd6+K85mjw6YvvteektFI/PlYDzQml5R8gn7CAsTIU,iv:cZnh6Ql0n4ruhow3XwESnrwGI0L/3R7KmaqG+WjwVcY=,tag:KH0aODHRPbIM2qUse3CGuA==,type:str]
+    cert: ENC[AES256_GCM,data:vuNG3zFkAFY37xXCAjHya+Y5p/gWbEslUEPMyKDpm3j4xJD7rWIpxySj6LsDIW7iC4L/5JsLlTnTsNZWrhpmTQmKKVw0likKIhD7cFsS/21c7DkfxHphHW5wfYIPUPtLXfUwmrlZ47WWYprOuXNX2CMMVqS1WIV9YHc3Vn+p3qZbcPPHz8P+294CC3p6HHhtiAaKtYGFWY5gLVVosTz+H68TqnWRkCgc1kXN3nv6JDltsQiNvocLg6PZxJT3jTFB5+Aki1G1mT66wqWB9FBylSxAJhuE7Ty/9h5YfLRcrCu2RvlRW26s4Lbnu6UDmdNyp2aU5AZJp4T5+JLm7fpUdF0mLweHYk+wDEM1SQo7Mn5GLMABty5v9HzPxXfAjYlfIUjl1J5EhIlvKhF5y5L9Q5hX1yH5fqW7TCBJsjTLku4cz7zS3VutwzOTkBqlx8MRzUMSOL+3AMzuYaNY21/Ou5RC4nNDM4610kx1BTd08ves/4Mi4nqm9uFROLQ/0K2REIA1LgHWY+gtpAPQbiGEYe9N99bRtlN1kurknzL0U4MoNPpkjuzFEZIgDfhyNNWvUJW/HEYKOtDBhyJcxZFNhy0oZZVW9MBhVwqTKuxsiQvL1QDxIBTEsacnW8b1/GS/Q0nFSXs6fRw1B4Zs4a8BSFzv8m2WFNbJmXos5xV2d+tnkKz26YMGNZT6peIVk4bTIs6/cAafrg5dJrWDshAYONk0Xwqx3oaG4hmG7aD0EMnlynHpCz/RpaKziLkdC1FIUYpiH0YuVbQK8NEUIunrmU0q9ERCx+0ycnebXXtjKi0U2YTv/5I6,iv:NZr0LXtO0zNOv0LmD8wLZ829kgwWtPCo637UyzqSD0s=,tag:3mQckI1jSCMzsHQWFPoMgg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1dVYyRDRWUkNKQXN2c2N2
+            MDVGajJzWVl4S2FkVkNHc1FlcEtYdmc1aVV3CmRFckplMWVyNVhJWDdNOFlXK2xK
+            VW9MdmdvbTkrQiswdlU3SkZhUU9TK28KLS0tIHdxY05qaHlHbGVMejBzYk5MUSty
+            cTF3ZTZKdm9WK29Da21oRU9ERVJVS00Kp/VflSZZB0evGinqjFBnqR1zI0CIwF5s
+            jqQhA0OQV5tHcP/SBoLRJeEn5iH7aAcUzXseV1DZ2kwkZ8eKUUWmdA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOd2ozNTBXMTB0UlBnTWZs
+            VVJqdC9nUXFHUjBBdGk2RjFaRVhTeS96WENRCjJUNGJNTmJ6Nmd0ME5XTjNyaGsw
+            SFp2Z1F5djJETnpsa0tNOFJpY0F3ZmcKLS0tIEsrQ0tvZ09QeVdxTmhxSXdBUjAw
+            a1BjcjVaM01UV0o5bTFTVTE5QUZKMmsKPAGYDf1FVtp4+Z/KUrI6z0aZYEwN1DYa
+            jKtA1IUXrmdaRllN0SfC+YjMXTk7IoJvrjagCv9Zo0zEKasfO8PL4g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-12-01T22:05:10Z"
+    mac: ENC[AES256_GCM,data:BGjTt/4Db8vM+hOJoFybwyaBNcsdafe5gFDJT24kl7t+YTbMuVYdBa2tixs2LGA305s/dVfFNw4waYsENZ+rUfY7S4hhty4zG+0vk0QDy21Qrf43GGWe5Eczoz6QqwbxgkwcJTJY/4FoxeEOAI0LrkiC4URSI33eB5Y8r6CqHYE=,iv:iPzXg0OjVjF0i2BdZEYOVGu6NbC5HGnfd1uqxyMVVWU=,tag:zB6oDcjsuNX02SaYZXOFzA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

machines/serverle/services.nix

@@ -0,0 +1,27 @@
+# Deployed services
+{ config, lib, ... }:
+let
+  secrets = config.sops.secrets;
+in
+{
+  sops.secrets."borgbackup/password" = { };
+  sops.secrets."borgbackup/private_ssh_key" = { };
+
+  # List services that you want to enable:
+  my.services = {
+    backup = {
+      enable = true;
+      OnFailureMail = "server@buehler.rocks";
+      passwordFile = secrets."borgbackup/password".path;
+      sshKeyFile = secrets."borgbackup/private_ssh_key".path;
+    };
+
+    ssh-server = {
+      enable = true;
+    };
+
+    jellyfin = {
+      enable = true;
+    };
+  };
+}

machines/serverle/syncthing.nix

@@ -0,0 +1,68 @@
+{ config, ... }:
+{
+  sops.secrets."syncthing/key" = { };
+  sops.secrets."syncthing/cert" = { };
+
+  services.syncthing = {
+    enable = true;
+    openDefaultPorts = true;
+    dataDir = "/srv/data";
+    key = config.sops.secrets."syncthing/key".path;
+    cert = config.sops.secrets."syncthing/cert".path;
+    devices = {
+      "thinkman" = {
+        id = "KXSCPX3-JCCFZM4-S2LQZZL-3AM6WRL-IPNWVG2-IB5FEDJ-YYFUIRR-VMDO3AL";
+      };
+      "birdman" = {
+        id = "34Z4J7W-MJIODUD-J6LDJY6-QILQLLB-CJ4GR7K-7TJM2K3-R7SIPRV-XQO5TAI";
+      };
+      "newton" = {
+        id = "5RISLVO-U5A5A7N-5BRYF2X-FTPNAI6-LOQDIMP-MVSM663-6W6VYBL-L7626A6";
+      };
+    };
+    folders = {
+      "Computer" = {
+        id = "djdxo-1akub";
+        path = "/srv/data/computer";
+        devices = [
+          "thinkman"
+          "birdman"
+          "newton"
+        ];
+      };
+      "Phone" = {
+        id = "4hds7-gpypp";
+        path = "/srv/data/phone";
+        devices = [
+          "thinkman"
+          "birdman"
+          "newton"
+        ];
+      };
+      "Music" = {
+        id = "mphdq-n6q7y";
+        path = "/srv/data/music";
+        devices = [
+          "thinkman"
+          "birdman"
+          "newton"
+        ];
+      };
+      "Pictures" = {
+        id = "cujyo-yiabu";
+        path = "/srv/data/photos";
+        devices = [
+          "thinkman"
+          "newton"
+        ];
+      };
+      "Aria2" = {
+        id = "jjnzq-pgzua";
+        path = "/srv/data/tmp/aria2";
+        devices = [
+          "thinkman"
+        ];
+      };
+    };
+  };
+}

machines/serverle/wifi.nix

@@ -0,0 +1,6 @@
+{ config, ... }:
+{
+  sops.secrets."wifi/bismarck" = {
+    path = "/etc/NetworkManager/system-connections/Bismarck WLAN.nmconnection";
+  };
+}