media-mount: Init

This commit is contained in:
Simon Bruder 2022-05-14 17:50:11 +02:00
parent 322ce8885f
commit 4712cd20be
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
4 changed files with 45 additions and 3 deletions

View file

@ -11,4 +11,14 @@
}; };
services.nginx-interactive-index.virtualHosts."media.sbruder.de".locations."/".enable = true; services.nginx-interactive-index.virtualHosts."media.sbruder.de".locations."/".enable = true;
users.users.media = {
home = "/data/media";
isSystemUser = true;
group = "media";
openssh.authorizedKeys.keys = [
"restrict,command=\"internal-sftp\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt91kAEA7ezIdve/64sv1kV4sd50ayzM09f5s5uOD+V"
];
};
users.groups.media = { };
} }

View file

@ -29,6 +29,7 @@
./locales.nix ./locales.nix
./logitech.nix ./logitech.nix
./mailserver.nix ./mailserver.nix
./media-mount.nix
./media-proxy.nix ./media-proxy.nix
./mullvad ./mullvad
./network-manager.nix ./network-manager.nix

30
modules/media-mount.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
let
mkMount = remote: {
device = remote;
fsType = "sshfs";
options = [
"ro"
"allow_other"
"_netdev"
"x-systemd.idle-timeout=5min"
"x-systemd.automount"
"reconnect"
"ServerAliveInterval=15"
"ServerAliveCountMax=1"
"IdentityFile=${config.sops.secrets.media-ssh-key.path}"
];
};
in
lib.mkIf config.sbruder.gui.enable {
sops.secrets.media-ssh-key = { };
system.fsPackages = with pkgs; [ sshfs ];
fileSystems = {
"/home/simon/mounts/media" = mkMount "media@fuuko.home.sbruder.de:/data/media";
"/home/simon/mounts/torrent" = mkMount "media@fuuko.home.sbruder.de:/data/torrent";
};
}

View file

@ -1,6 +1,7 @@
binary-cache-secret-key: ENC[AES256_GCM,data:EHBLyOPY0WYrJLfdML3c1ZqXLknWTKmx1nmxpSzOeyR2vKOlu50Xjldnoyff/BwIAB1E16rJuuHtMb5PRXfL57AvLBAprg5RzqIzJqnCKl/EIk2bJ3NoD9t2aw48M9R4nk3ixXGYJztdoIz+G0/gnQ==,iv:jwwTaktWMPWFnCN3Ur84cgUm1kNZqzEEbyfZ7dIysWA=,tag:ky4fYddxwVpB4+8NzlmLWg==,type:str] binary-cache-secret-key: ENC[AES256_GCM,data:EHBLyOPY0WYrJLfdML3c1ZqXLknWTKmx1nmxpSzOeyR2vKOlu50Xjldnoyff/BwIAB1E16rJuuHtMb5PRXfL57AvLBAprg5RzqIzJqnCKl/EIk2bJ3NoD9t2aw48M9R4nk3ixXGYJztdoIz+G0/gnQ==,iv:jwwTaktWMPWFnCN3Ur84cgUm1kNZqzEEbyfZ7dIysWA=,tag:ky4fYddxwVpB4+8NzlmLWg==,type:str]
nix-netrc: ENC[AES256_GCM,data:F0vHeSsDDcaE5qAt7mNV0Az7NBdGjXfvn3v82R43bHhUJIH5lbbCUWQSyhDgA9aQ+NYACAhJCPAh7aWBzoimyfTSqZlSVglgZ3mkUT41BSanJYWTTyI6bW4YUsF+J4netFljsE15cn3+twZmNgtkTuzTEg==,iv:sISKlZx+pMU7LnaT1ZC6tZo8ITYXpgLwYPpkoG51zks=,tag:ZP7YN7Q2wVYpdV0huO+qeA==,type:str] nix-netrc: ENC[AES256_GCM,data:F0vHeSsDDcaE5qAt7mNV0Az7NBdGjXfvn3v82R43bHhUJIH5lbbCUWQSyhDgA9aQ+NYACAhJCPAh7aWBzoimyfTSqZlSVglgZ3mkUT41BSanJYWTTyI6bW4YUsF+J4netFljsE15cn3+twZmNgtkTuzTEg==,iv:sISKlZx+pMU7LnaT1ZC6tZo8ITYXpgLwYPpkoG51zks=,tag:ZP7YN7Q2wVYpdV0huO+qeA==,type:str]
media-proxy-auth: ENC[AES256_GCM,data:OcmYZq/tyzMB61NfyYZ8gAlEE+8w2IhlPlZ+dfedtfqVlPHk3iJsd9mvsXHf5ODTtuy00ll0MF4KYNePZkz7TeuaIdBgGlshFyE4gwsJdPXZNYnhcg==,iv:qo6SOaHrWsXfvRwgSKDTSnreOcO9xy3RKrfE2k+VLEg=,tag:14DT86PQdEuK9zyZzcAohA==,type:str] media-proxy-auth: ENC[AES256_GCM,data:OcmYZq/tyzMB61NfyYZ8gAlEE+8w2IhlPlZ+dfedtfqVlPHk3iJsd9mvsXHf5ODTtuy00ll0MF4KYNePZkz7TeuaIdBgGlshFyE4gwsJdPXZNYnhcg==,iv:qo6SOaHrWsXfvRwgSKDTSnreOcO9xy3RKrfE2k+VLEg=,tag:14DT86PQdEuK9zyZzcAohA==,type:str]
media-ssh-key: ENC[AES256_GCM,data:cT5Jp5asgF2GZL4nn0rS4+tmli5adZjDa/G6WD/QXbOLtAjquytX63LKrLYUoTjOa7rNAjxDBIYEi90uvubKxOI0QbXACj0MSt6WbkxmosYResnFl9/WefpROctpGcDvn60fzer0K75IRBAtpAogVU7VynOkOuPa0xhTyAU8ZPOmij456UjpbtIgSg4yKVDn14jj/OZ1Oz+qd3bHC8FSQvp0jSKD9xfIizc2kb6ca3LRdR7VtJtTnJOOADRKaLC+rBywVyTOlCQBLiZ6LE9i6SmgFOdI+l6z9jE1Vi3vZ3BAe8Q/wWQ6Kjts+3+RkjPbgdjdWzxyHly/dr8lU1HcwtMHgKBV84asJBghCm6B1o48AEqd4oF9W039rCRQkR/VMb/ser0ifEjwnpDnDskrFYxWzidMKsfHGOtZxm7rzvOxSRA+Rcx9vxwa90gRsU4mBdx7QG0y3f/AbxRvVCuLLZW/y0JpCtE2B/mcObRvjsZP3RXQIS4vGAeTerd18RwsrsWO,iv:+ASa0hhWXmQ2hgJ9UuRFjnf/fA65kxWXiC+rDI6Lnx8=,tag:LDYSsN0DXAFiW0w+YBcopA==,type:str]
torrent-proxy-auth: ENC[AES256_GCM,data:4oi4uZCgslTvmso1SCedu3gKsOTCtYIAf3g1mBS6/ta3d/hd6GJ0Ns+/9w51WrhcyJQRLSR7jLlzxRzKFp6JvKXlNAeflXDqOKNfk0LXY1GKTZynOA==,iv:26d+hQ9yn5CzDGNZvi9A5bvzgo87IrJHz67xTac4UA4=,tag:e8fO5Xpu7wpDiSC4CBsaaQ==,type:str] torrent-proxy-auth: ENC[AES256_GCM,data:4oi4uZCgslTvmso1SCedu3gKsOTCtYIAf3g1mBS6/ta3d/hd6GJ0Ns+/9w51WrhcyJQRLSR7jLlzxRzKFp6JvKXlNAeflXDqOKNfk0LXY1GKTZynOA==,iv:26d+hQ9yn5CzDGNZvi9A5bvzgo87IrJHz67xTac4UA4=,tag:e8fO5Xpu7wpDiSC4CBsaaQ==,type:str]
restic-s3: ENC[AES256_GCM,data:RXRvwIwR7EqZSKxoqSYhGIWGH3GEBagPYCdwkRh0CDSTTRHQYN280gpgQA7ef2NkWnkrwQK4FCwCu2CBaPSMO0X6OcSVNJsmBySDQqZAb8SCs6pOSn2J+kHP2n8K9Fgy9/7OeX2i,iv:yrp2QZLXJypWh5XjsAHcpiXEPUcYF8A+mQZ+W2w7zpU=,tag:XhktIlDqXeq/tLMPZpQuLA==,type:str] restic-s3: ENC[AES256_GCM,data:RXRvwIwR7EqZSKxoqSYhGIWGH3GEBagPYCdwkRh0CDSTTRHQYN280gpgQA7ef2NkWnkrwQK4FCwCu2CBaPSMO0X6OcSVNJsmBySDQqZAb8SCs6pOSn2J+kHP2n8K9Fgy9/7OeX2i,iv:yrp2QZLXJypWh5XjsAHcpiXEPUcYF8A+mQZ+W2w7zpU=,tag:XhktIlDqXeq/tLMPZpQuLA==,type:str]
restic-password: ENC[AES256_GCM,data:nzbUoZgK+XP99/hPlIBm83hIDqRWlmNNNHwq0TXE9cQGTJyEmLfB6qlUdEtateG3,iv:8/WPCuGfLkd0LkLTEr7pjpT8kb/P64VICppDeEcKDIE=,tag:eytBikegC2fzCtUFh84qIw==,type:str] restic-password: ENC[AES256_GCM,data:nzbUoZgK+XP99/hPlIBm83hIDqRWlmNNNHwq0TXE9cQGTJyEmLfB6qlUdEtateG3,iv:8/WPCuGfLkd0LkLTEr7pjpT8kb/P64VICppDeEcKDIE=,tag:eytBikegC2fzCtUFh84qIw==,type:str]
@ -10,8 +11,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2021-10-05T18:29:56Z" lastmodified: "2022-05-14T14:52:12Z"
mac: ENC[AES256_GCM,data:6hU8rMnWDGopyG+SkkWcevXliR80EVnxiEJ+lZyZ7yMwuJhozenBWr89VIzEoPnFhsHcfOpFIa30OkfxMD+xLhHEt7ZQfcJRa7WuzsvU1br6OKtaSdjqbkemgTBhj4zvsUPbGmIELEkkUxYSJsr6n9wAfhpBDTPdeqYNqznjcDc=,iv:NFD8F+TTkhr2b76ziYzLkYpYgBJ7ur4E7Fvmb19Xh0Q=,tag:dobYJK5UU5yF5k00J2V9Nw==,type:str] mac: ENC[AES256_GCM,data:EX4EUdhx1i9gdWmq+U3AAIGef2OLwsmwedR2K3jqz3Kf0fpF6rWdc5Rl1xZjW329lCwiTure5akyzU+y3bgDPPlxYUK+rBLasLzmeWQds49h0lBoibKJ6svfwt6rVguJMkpCnlLd8o/ROR3F8/UTm/+VBYL1cQyZI36fmJKR6Jk=,iv:87riv7ubEC2T4XKLpQ65J/yNrnyiyRzMWQkxgYff72o=,tag:Agol878GjW7iHJN6j+Mnyg==,type:str]
pgp: pgp:
- created_at: "2022-03-23T14:19:34Z" - created_at: "2022-03-23T14:19:34Z"
enc: | enc: |
@ -170,4 +171,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: FD4E1FB15DD0F36A77790229826C04C0BE319FA2 fp: FD4E1FB15DD0F36A77790229826C04C0BE319FA2
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.1 version: 3.7.2