From 0e3e8218a7cf75c658314d04a97f91480f5ac9e0 Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felix@albrigtsen.it>
Date: Wed, 3 Jul 2024 23:48:10 +0200
Subject: [PATCH] challenger: move more services from voyager: calibre-web,
 calibre-server, komga, nextcloud, postgres, timemachine

---
 hosts/challenger/configuration.nix                  |  7 ++++++-
 hosts/{voyager => challenger}/services/calibre.nix  |  0
 hosts/{voyager => challenger}/services/komga.nix    | 12 ++++++------
 .../{voyager => challenger}/services/nextcloud.nix  |  1 +
 hosts/{voyager => challenger}/services/postgres.nix |  2 --
 .../services/timemachine.nix                        |  0
 hosts/voyager/configuration.nix                     |  4 ----
 secrets/challenger/challenger.yaml                  | 13 ++++++++++---
 secrets/voyager/voyager.yaml                        | 12 ++----------
 9 files changed, 25 insertions(+), 26 deletions(-)
 rename hosts/{voyager => challenger}/services/calibre.nix (100%)
 rename hosts/{voyager => challenger}/services/komga.nix (95%)
 rename hosts/{voyager => challenger}/services/nextcloud.nix (98%)
 rename hosts/{voyager => challenger}/services/postgres.nix (99%)
 rename hosts/{voyager => challenger}/services/timemachine.nix (100%)

diff --git a/hosts/challenger/configuration.nix b/hosts/challenger/configuration.nix
index 88c2a08..bcc5b4b 100644
--- a/hosts/challenger/configuration.nix
+++ b/hosts/challenger/configuration.nix
@@ -9,8 +9,13 @@
       ./exports.nix
       ./filesystems.nix
 
-      ./services/nginx.nix
+      ./services/calibre.nix
       ./services/jellyfin.nix
+      ./services/komga.nix
+      ./services/nextcloud.nix
+      ./services/nginx.nix
+      ./services/postgres.nix
+      ./services/timemachine.nix
   ];
 
   networking = {
diff --git a/hosts/voyager/services/calibre.nix b/hosts/challenger/services/calibre.nix
similarity index 100%
rename from hosts/voyager/services/calibre.nix
rename to hosts/challenger/services/calibre.nix
diff --git a/hosts/voyager/services/komga.nix b/hosts/challenger/services/komga.nix
similarity index 95%
rename from hosts/voyager/services/komga.nix
rename to hosts/challenger/services/komga.nix
index 39346c8..4426ef9 100644
--- a/hosts/voyager/services/komga.nix
+++ b/hosts/challenger/services/komga.nix
@@ -3,6 +3,12 @@ let
   domain = "komga.home.feal.no";
   cfg = config.services.komga;
 in {
+  services.komga = {
+    enable = true;
+    stateDir = "/tank/media/komga";
+    port = 5001;
+  };
+
   services.nginx.virtualHosts.${domain} = {
     locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
 
@@ -10,10 +16,4 @@ in {
       client_max_body_size 512M;
     '';
   };
-
-  services.komga = {
-    enable = true;
-    stateDir = "/tank/media/komga";
-    port = 8034;
-  };
 }
diff --git a/hosts/voyager/services/nextcloud.nix b/hosts/challenger/services/nextcloud.nix
similarity index 98%
rename from hosts/voyager/services/nextcloud.nix
rename to hosts/challenger/services/nextcloud.nix
index 4e2ad49..04d8997 100644
--- a/hosts/voyager/services/nextcloud.nix
+++ b/hosts/challenger/services/nextcloud.nix
@@ -109,6 +109,7 @@ in {
       ProtectProc = "invisible";
       ReadWritePaths = [ "/tank/nextcloud" "/run/phpfpm" "/run/systemd" ];
       ReadOnlyPaths = [ "/run/secrets" "/nix/store" ];
+      InaccessbilePaths = [ "/tank/media" "/tank/backup" ];
       RemoveIPC = true;
       RestrictSUIDSGID = true;
       UMask = "0007";
diff --git a/hosts/voyager/services/postgres.nix b/hosts/challenger/services/postgres.nix
similarity index 99%
rename from hosts/voyager/services/postgres.nix
rename to hosts/challenger/services/postgres.nix
index 1c49f96..f5e8a88 100644
--- a/hosts/voyager/services/postgres.nix
+++ b/hosts/challenger/services/postgres.nix
@@ -19,5 +19,3 @@
 
   environment.systemPackages = [ config.services.postgresql.package ];
 }
-
-
diff --git a/hosts/voyager/services/timemachine.nix b/hosts/challenger/services/timemachine.nix
similarity index 100%
rename from hosts/voyager/services/timemachine.nix
rename to hosts/challenger/services/timemachine.nix
diff --git a/hosts/voyager/configuration.nix b/hosts/voyager/configuration.nix
index 3723c1f..d8bbe75 100644
--- a/hosts/voyager/configuration.nix
+++ b/hosts/voyager/configuration.nix
@@ -10,12 +10,8 @@
       ./exports.nix
       ./filesystems.nix
 
-      ./services/calibre.nix
       ./services/fancontrol.nix
-      ./services/komga.nix
-      ./services/nextcloud.nix
       ./services/podgrab.nix
-      ./services/postgres.nix
       ./services/snappymail.nix
       ./services/timemachine.nix
   ];
diff --git a/secrets/challenger/challenger.yaml b/secrets/challenger/challenger.yaml
index bd9b83b..789c62a 100644
--- a/secrets/challenger/challenger.yaml
+++ b/secrets/challenger/challenger.yaml
@@ -1,4 +1,11 @@
-hello: ENC[AES256_GCM,data:YmN1loEaJo8sCOerV1WTRCIbPScil4vVyGD9lFlQj45jmQwNluu89ZGa6gQWBBRApko=,iv:/CFu9JOkoahVVmLmAPjkLIc4j3r06sLc3GSwn6NGl8k=,tag:hqyUmTY2IQpeU17SWR2D9Q==,type:str]
+transmission:
+    vpncreds: ENC[AES256_GCM,data:XtsbPvIZXZoIEa0k/A6euANO09x85RergUAKc8v2yd5SScaH9C/AKIqiYih3g2Dq7UMzsMWi1w3/8B33eiP2KU7TUdD23SBVIdkQocdpsr6H3alAPiTlQz+PcmYjuMlA4jeUyUH/ioN/tWT5GVMPaB81Ii0kqjMdgI995Q9of71z5hhwscwSNM49ZNFr/ne63Hk08GRvksl47LkviSKjyj3rKYAvdI91xCvVYsM=,iv:TmWC4i1MGgEXG5J2WjzSgINAWfVEZqEBMMgwZ6zv6h0=,tag:+8kmhrYk4s9v/8N/tJuouw==,type:str]
+nextcloud:
+    adminpass: ENC[AES256_GCM,data:DL5SnyPPUxiVjfIHZ/ZYJi2pNu6x,iv:/bThFVYgHsN3Yr2EJf0+YWhAVIei9ENaHfAH1ADC5Ws=,tag:bNp+2trtwFNYOqruvqPRGw==,type:str]
+    secretsjson: ENC[AES256_GCM,data:xmdwWBe8LWsSEI64KhSeXbA1B0ahfoGwNmgl33JWteF4AakdI73zfbdIhUBqqlqfbL0uCGlqCiOyRA02h8197mk=,iv:ncKz9ObwoFoVjT0qMzBJ0BqVBNx0ScdMRl82ZNQp4FI=,tag:6S8fqHhvE/gaknxsb+q3Jg==,type:str]
+borg:
+    transmission: ENC[AES256_GCM,data:umr0UEKMT/n0ZRTyfq/qWX4A,iv:R92qRZqQ8onLYDlkYMtHiumFqjVuxOIZAp+k2qTcDps=,tag:WhCP5YmIutR3ckgNIw/Hww==,type:str]
+    postgres: ENC[AES256_GCM,data:KHL02u+X2fGlZSUrujvkkGI=,iv:gjdPbmRHmO0APXvMJzqN+Swuh2l9mdsUJQRKsSYkEyM=,tag:0Rf9MeW7xTpj2uvnAOhuBA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +30,8 @@ sops:
             bVhLUVBWL3QyMmVjVEswZmtDRXRRUGMKizaESv67KWTOnUkZg1R0c3BkpJrDUxJR
             heau8QcBXtNS6Ct1RsJQD3oTmBPAP1NHJ2BD11kEEtpo8FhCOjcqVQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-01T22:30:06Z"
-    mac: ENC[AES256_GCM,data:p0olgrOkDMbpvPniSl/VL8sI6QM0EttswJ+RbEK8vC46+jnSoN+bTPdYIdVu9hIRPD7iJCldrYxvwpFifkwO03m3RvtOl6cjqcRL39fMw+Xv0R5girHgmTM2Iq1O2xwZkRHbwnceU/FdF+cKS6OuMmXFqlMJkpxUFVQoNDG5+uk=,iv:lrrruA4FT97Ix04LEXVaaFEF8/6vOayZmDfzWZRCYBE=,tag:Jve/CqdBbhoEDkBr4Z0e6g==,type:str]
+    lastmodified: "2024-07-03T20:11:44Z"
+    mac: ENC[AES256_GCM,data:feOeO7XrNEtbxp2c2a0EbwVAWUJ+PCZavmRT/4DMFfsJWwjogCqAia2KfC249RufAL2WFVZAw8UfymjtHHKp2v7alN3kqcIZ2rjwtkkzi8JqRQvbbCJwTXLkl8wr21lZD7UdNuAfZHxbwJRchRR/6bsLnxipW8AH8YCv1/Knsg0=,iv:fO4dUfRgJOaDuvJNgl6CVZFovVphQB4rlLIKGgzy7S4=,tag:8Ts1XozKYoSghho4ORDW0Q==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/secrets/voyager/voyager.yaml b/secrets/voyager/voyager.yaml
index 2c4ec04..2931094 100644
--- a/secrets/voyager/voyager.yaml
+++ b/secrets/voyager/voyager.yaml
@@ -8,14 +8,6 @@
 #ENC[AES256_GCM,data:T+pI1ogtfjo57NrOvCuhbs//,iv:mqkwAHWxqvt9XkQX0EKXQyJrK5KOCVDpva1Ok37XvKc=,tag:qrp2QeNrJSDr3ECN6cBDiA==,type:comment]
 #ENC[AES256_GCM,data:46+Qt0FRlg2tN8A=,iv:4y5C0S75gp4qFFkJ4lOMcPbftOLyzB12wApqNOFYan4=,tag:T/4zLU7d90GkzDohJd2XTg==,type:comment]
 #ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
-transmission:
-    vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
-nextcloud:
-    adminpass: ENC[AES256_GCM,data:r2Z6KsQ1hP90/Bf8J804a5D7BTS7,iv:f3TkiPVxw8lAPcyStWqOZuhF4p/5nUPkzL2j/yjsnyg=,tag:c2JWdxZUjkHQWNWDILBrRQ==,type:str]
-    secretsjson: ENC[AES256_GCM,data:xvUdDoTaTum/gkDBujSfHeunAmwmYhZMY7zY72Ct9wly9gpcbNrJNiwuWSgBP3uYtwArce+n6co33OYZvV8rs/Q=,iv:6nLq9ZxgBHKbjD8I1PbjWf/9XthTSrm3lOwx/YX+Tc4=,tag:UN+c2fjUHK1lpyRsTBpOUw==,type:str]
-borg:
-    transmission: ENC[AES256_GCM,data:VGP23BjX6rjMbcEMA6O7UEX6,iv:C0ehtDSO0eMkIYbwi9wYAKncOBrNCiJB4S5tJ1rxctI=,tag:RNcGwihAxOwCt3XOSoCvfw==,type:str]
-    postgres: ENC[AES256_GCM,data:nA+Ga56rG8XippMmHsOLEik=,iv:41llHBWEU7ESiUetJC/SkcjHG+beXs/ur8QTmxDGFE8=,tag:92n88ZtrDQWz0gYZmuWD8g==,type:str]
 podgrab:
     password: ENC[AES256_GCM,data:mH/AZfmUCaUVH9km/dY9+AsmJQ==,iv:1/L0tslY7senVgfi+1g7ijcP3dt9cI4ecyGpkgF0OMo=,tag:fUG+lk7kgI5R9OZyCYP0nQ==,type:str]
 sops:
@@ -42,8 +34,8 @@ sops:
             RmU5MnR3Tmt3dis0YjB4U1JtVW9mTkEKRBSWg2HOB/Q+zHNooV8YsePdrkUzd+Ug
             ALu4+IhIl8YHtvBcPiFmupm/Qk173mTvi+x3ZkwzoCaTwDcxsy9FtA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-12T18:57:43Z"
-    mac: ENC[AES256_GCM,data:46xA8exSUbaEJBufvzt5TbUXQa4956sGQUh9hS8a1nhXasDkdwTtGgSfZq/ENcL/VoEz0ORVJ43OwVE+TV1j9aOzwck96c/KDKTp4iEVbRfcsK/PMccf2FJke3TUmSV6f1hFBpGHpdujghHQTiGct+XQNuuI3RPXYLEYPJrqyeY=,iv:fzQL+ymHTP6XET9YlaCaW1ZGUJaZzCM0neGzMveoSt4=,tag:rsDV5tkU5pTlq4YTel6V1g==,type:str]
+    lastmodified: "2024-07-03T20:11:59Z"
+    mac: ENC[AES256_GCM,data:JI0klnv4yA+mwotpMAfQYfc5KTBHYX406jgXtsJh8BRzBZJ7fZZknmuCZpYW1u/pyflqTZ1JK+OKnvlOWrY2C/a6ySIuS3FNiKKQ1gvPc8T7+G9vrVyDNd3VkPMgmNiJuzVQaeYICWr5jHZgzduhZCnAU16VS8VThO7TeF7jFL4=,iv:fxqmMtxPfDzsVZqiKY2vTFFaVXTZeiU69bes1Pik1qQ=,tag:OKnrmx5385oO4Xv8FLQQ+A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1