diff options
Diffstat (limited to 'nix/hosts/corrino/www/md.emile.space.nix')
| -rw-r--r-- | nix/hosts/corrino/www/md.emile.space.nix | 35 |
1 files changed, 8 insertions, 27 deletions
diff --git a/nix/hosts/corrino/www/md.emile.space.nix b/nix/hosts/corrino/www/md.emile.space.nix index d94c06c..1ee46fd 100644 --- a/nix/hosts/corrino/www/md.emile.space.nix +++ b/nix/hosts/corrino/www/md.emile.space.nix @@ -11,13 +11,16 @@ }; }; + age.secrets.hedgedoc_oidc_client_secret.owner = "authelia-main"; + age.secrets.hedgedoc_oidc_client_secret.group = "authelia-main"; + # auth via authelia services.authelia.instances.main.settings.identity_providers.oidc.clients = [ { client_id = "HedgeDoc"; # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 - client_secret = "$pbkdf2-sha512$310000$l4Kyec7Q9oY2GAhWA/xMig$P/MYFmulfgsDNyyiclUzd6le0oSiOvqCIvl4op5DkXtVTxLWlMA3ZwhJ6Z7u.OfIREuEM2htH6asxWPhBhkpNQ"; + client_secret = "{{ secret \"${config.age.secrets.hedgedoc_oidc_client_secret.path}\" }}"; public = false; authorization_policy = "two_factor"; redirect_uris = [ "https://md.emile.space/auth/oauth2/callback" ]; @@ -85,10 +88,13 @@ }; }; + services.restic.backups."corrino" = { + paths = [ "/var/lib/hedgedoc" ]; + }; + services.restic.backups."hedgedoc" = { repository = "/mnt/storagebox-bx11/hedgedoc"; paths = [ "/var/lib/hedgedoc" ]; - timerConfig = null; passwordFile = config.age.secrets.restic_password.path; initialize = true; pruneOpts = [ @@ -98,29 +104,4 @@ "--keep-yearly 75" ]; }; - - # backups - # services.restic.backups."hedgedoc" = { - # user = "u331921"; - # timerConfig = { - # OnCalendar = "daily"; - # Persistent = true; - # }; - # # repository = "stfp:u331921@u331921.your-storagebox-de:23/restic"; - # repository = "/mnt/storagebox-bx11/backup/hedgedoc"; - # initialize = true; # initializes the repo, don't set if you want manual control - # passwordFile = config.age.secrets.restic_password.path; - # paths = [ "/var/lib/hedgedoc/" ]; - # pruneOpts = [ - # "--keep-daily 7" - # "--keep-weekly 5" - # "--keep-monthly 12" - # "--keep-yearly 75" - # ]; - - # # extraOpts = [ - # # "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'" - # # ]; - # }; - } |
