Separate configs into a1d2 and fix related issues
This commit was made while a1d1's drive failed. This means there's a lot of
changes that may initially seem unrelated to separating configurations and that
this change has been deployed for several days before being pushed. It's also
expected to bypass review.
Here's a full list of changes:
- All modules have been moved from modules to modules/common
- Hardware configuration is now on a per-server basis, by Clicks device ID
- For the uninformed, everything is given an 'area' and a 'device'. As an
example, my house is 'Area 2'. My Mac is 'Device 1' in 'Area 2'. An ID is an
'a' followed by the area number then 'd' followed by the device number. For
example, my Mac is 'a2d1'.
- A 'backups' user has been provisioned. This user must have full root
permissions. On a1d2 this user has been given an ssh key which the a1d2 user
on a1d3 ('chickadee') has been given. When a1d1 is restored, a similar key
will be provisioned for it.
- The port of gerrit has been changed to conform to the normal minimum of 1024.
Note that when deploying gerrit, running its init script is required. Changing
the port will not fix this
- Due to redeployment, keycloak client secrets have changed
- Vaultwarden extra paths have been removed, due to needing to create them on
launch and this not happening by default
- A HIBP license has been bought and related options have been enabled in
vaultwarden
- Collabora has been setup in docker, as the built-in code server was not
working and the standalone nix module I've been working on is not ready
- ACME now registers certificates for mailcow, and moves its certificates into
mailcow directories after renewal. This avoids mailcow having to use its own
ACME
- Gerrit has been allowed to send and receive email. Feel free to mail in your
patches, and you'll also be able to receive mail notifications about changes
you should review
Change-Id: Ie4d50fb8f16da193195beb139922a366b72b0b0a
Reviewed-on: https://git.clicks.codes/c/Clicks/NixFiles/+/1
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>
diff --git a/modules/common/users.nix b/modules/common/users.nix
index 58dc7d3..b15feae 100644
--- a/modules/common/users.nix
+++ b/modules/common/users.nix
@@ -44,5 +44,14 @@
group = "clicks";
shell = pkgs.bashInteractive;
};
+ users.users.backups = {
+ isSystemUser = true;
+ createHome = true;
+ home = "/backups";
+ group = "backups";
+ shell = pkgs.bashInteractive;
+ extraGroups = [ "wheel" ]; # needed so we can create snapshots of everything
+ };
users.groups.clicks = { };
+ users.groups.backups = { };
}