diff options
Diffstat (limited to 'tw')
| -rw-r--r-- | tw/services/restic.scm | 3 | ||||
| -rw-r--r-- | tw/system.scm | 14 | ||||
| -rw-r--r-- | tw/system/vin.scm | 15 |
3 files changed, 25 insertions, 7 deletions
diff --git a/tw/services/restic.scm b/tw/services/restic.scm index 637c7104..c0c09552 100644 --- a/tw/services/restic.scm +++ b/tw/services/restic.scm @@ -22,7 +22,8 @@ using @code{htpasswd-file}.") (restic-server (package restic-rest-server) "The restic REST server package to use.") (bind-address (string ":8000") "The listen address (including port) to bind to.") (htpasswd-file (maybe-string #f) "Location of @code{.htpasswd} file -(default: @code{REPOSITORY-PATH/.htpasswd}).") +(default: @code{REPOSITORY-PATH/.htpasswd}). Use @code{htpasswd} from the +@code{httpd} package to create and/or update this file.") (auth? (boolean #t) "Whether to authenticate users at all (using .htpasswd).") (verify-upload? (boolean #t) "Whether to verify the integrity of uploaded data. @emph{Do not disable} unless the restic server is to be run on a very diff --git a/tw/system.scm b/tw/system.scm index c9904e24..0b738038 100644 --- a/tw/system.scm +++ b/tw/system.scm @@ -43,6 +43,14 @@ ("vin.twilken.net" . 22022) ("pi3.twilken.net" . 51022))) +(export server-wireguard-address) +(define* (server-wireguard-address host-name #:optional (port "")) + (string-replace-substring + (car ; get the IPv4 address + (wireguard-peer-allowed-ips + (assoc-ref %wireguard-peers host-name))) + "/32" port)) + (define-public (server-base-services host-name) (cons* ;; SSH login, allowing access only for me. To give more public keys @@ -61,11 +69,7 @@ (service prometheus-node-exporter-service-type (prometheus-node-exporter-configuration (web-listen-address - (string-replace-substring - (car ; get the IPv4 address - (wireguard-peer-allowed-ips - (assoc-ref %wireguard-peers host-name))) - "/32" ":9100")))) + (server-wireguard-address host-name ":9100")))) (simple-service 'disk-maintenance mcron-service-type (list #~(job "0 2 * * *" "guix gc -d 2w") diff --git a/tw/system/vin.scm b/tw/system/vin.scm index e8baec57..e74d0df6 100644 --- a/tw/system/vin.scm +++ b/tw/system/vin.scm @@ -4,6 +4,7 @@ #:use-module (gnu system locale) #:use-module (gnu system nss) #:use-module (guix gexp) + #:use-module (tw services restic) #:use-module (tw system)) ;; The device's BIOS does not support UEFI, sadly. It also doesn't recognise @@ -40,7 +41,19 @@ ;; Below is the list of system services. To search for available ;; services, run 'guix system search KEYWORD' in a terminal. - (services (server-base-services host-name)) + (services + (cons* + (service restic-server-service-type + (restic-server-configuration + (repository-path "/var/backups/restic") + (bind-address + (server-wireguard-address host-name ":8181")) + (append-only? #t) ; run cleanup jobs separately, using plain restic + (private-repos-only? #t) ; require /user/ path prefix + (prometheus? #t) + (prometheus-auth? #f))) + + (server-base-services host-name))) ;; The list of user accounts ('root' is implicit). (users %server-base-user-accounts) |