diff --git a/osConfigs/hosts/server.nix b/osConfigs/hosts/server.nix index 2605f45..bd56341 100644 --- a/osConfigs/hosts/server.nix +++ b/osConfigs/hosts/server.nix @@ -6,7 +6,7 @@ # By: tomoron +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2025/09/06 00:57:09 by tomoron #+# #+# # -# Updated: 2026/01/27 18:56:23 by tomoron ### ########.fr # +# Updated: 2026/04/09 13:21:07 by tomoron ### ########.fr # # # # **************************************************************************** # @@ -33,11 +33,15 @@ in ]; + + services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; services.openssh.ports = [ 1880 ]; sops.secrets."cloudflared/token" = {}; + sops.secrets."zfs/p_user" = {}; + sops.secrets."zfs/p_token" = {}; systemd.services.cloudflared = { after = [ "network.target" @@ -61,6 +65,24 @@ in boot.supportedFilesystems = [ "zfs" ]; + services.zfs = { + autoScrub.enable = true; + zed.settings = { + ZED_NOTIFY_VERBOSE=1; + ZED_PUSHOVER_TOKEN="$(cat ${config.sops.secrets."zfs/p_token".path})"; + ZED_PUSHOVER_USER="$(cat ${config.sops.secrets."zfs/p_user".path})"; + }; + }; + + services.sanoid.enable = true; + services.sanoid.datasets."raid_vol" = { + daily = 31; + hourly = 24; + monthly = 12; + autosnap = true; + autoprune = true; + }; + environment.systemPackages = with pkgs; [ zfs screen #can be user (and global) diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 41d39b9..977da91 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -3,6 +3,9 @@ nextcloud_fuse: password: ENC[AES256_GCM,data:Rlyc9wO3rXJ97AAMzM+vJclEJ+eaSPtHkitqRL0=,iv:yuS2Tyo2HZGVb9tbWmmgOEwkyzLhlvq8iZ2YjGD0u9E=,tag:pf8n4pTvseh1pd12w8w4tw==,type:str] cloudflared: token: ENC[AES256_GCM,data:LS1VIwbbVsJxZ90p+kK4xJhzrBRJ51XL2j8mGLDVj5JjYJKXKBDIXtlb0x8A9WDIVyBuLBkE9pfSfQXtvfvZdUeyXswVJFUNW0mX3yC/WaeNQdPYy7UgyGjorqk31aNJ6b9XqtdfV0++qPvXQDvwn44UY0juuiIJ5KcLZEskRcqVTilG5WYi/nInhGbSqtzniRNvrbsynIq0CVQDhi3haCHNpCJMQUIyXM/g6Xsc9b++GYlHjgrtHQ==,iv:DbvJfbMblgr6+dYBJqDSzECKK90Nkq8Eci5dC8fMIXQ=,tag:bjAs8p5dAkh2Adon0JDNqg==,type:str] +zfs: + p_user: ENC[AES256_GCM,data:5RZ14HcDfSrOGm6VFNQGSlH4bcJ+DtMk4NkrXXTo,iv:iTt//ip7ZK5tuQky1DPmzgexV+chhHG9rHQNMYyJZJs=,tag:cmwA0KHsqBG7f5WI7Fwclg==,type:str] + p_token: ENC[AES256_GCM,data:VFYSHIqeKFbPaCqO08UrgqtsmCULcXlGjGco03BT,iv:aEaOH+jSp6A2Z3V+vwAYuhS26oTZ/CA+/EKg+/ZktDQ=,tag:UH1LG3aS/plWnaLdpcUcuA==,type:str] sops: age: - recipient: age1sjzkhwr8ycdsmuj8xg8y4v2hcpuq9vethnhytxtwzeury692dsxqf80fwv @@ -14,7 +17,7 @@ sops: clZaazZQdW5wYUhUNmM0QW91K0NLOTAKB6z7cKg54QmJo0U03u6RQkSCfJOAdeJa DiyPYjm02BNe8YPFbBFRpyT7G++j3h0yG+/Nr2zcQFyMMEpMv5QJvg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-16T16:16:27Z" - mac: ENC[AES256_GCM,data:2Ju1exddd4qcru1UjXKXUBjugUWT9D2HJjKV03JwMCL4Wssb/H6DNNRJcmD0oXqA9DnEp5NpElhwa93LcogcNVsXL+sKGzQpP5m+/vDVfl2NcwdLyBVIvTQ0dASee/JMwBLcgcYBZuvL00Twv07/ImdvYROIs/fQUSualc6Sgcw=,iv:XsJ1MYLwLuFPLYGJoa/RsfAqs88AQwuH+3ItWc681LU=,tag:8pNSPKnv0yLoNrmxb9l2Xg==,type:str] + lastmodified: "2026-04-09T09:44:50Z" + mac: ENC[AES256_GCM,data:1TWoO9xeAyfT5kheTDLBqqeqpSpc5begsXN/FIjwK01xJJrgFfQg+93OZcH989z6WGumvjH+JuY98y9xDfur6mc2sopbLX8/Qbnfl4D2Aq1ya42b5/2cHlFhGI8bBOiXr6qA2sixQ/E1MIklTMxN+Z1fKbT5Mp7cfoPlG8YXhbI=,iv:DB1opS2DEr/WM1yK5SJf8NtoApmzJq5mgMoMlOoLli4=,tag:ZhiLFFCZF+fdfai0djwjYw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0