feat: prepare for exposure to the internet

* open ports 80 and 443 * password-protect copyparty and ntfy-sh * randomise usernames for radicale and copyparty
2026-02-22 16:49:11 +11:00 · 2026-02-22 16:49:11 +11:00 · 3c46d9e066
commit 3c46d9e066
parent fbd4da91c0
9 changed files with 38 additions and 6 deletions
--- a/modules/nixos/features/borgmatic.nix
+++ b/modules/nixos/features/borgmatic.nix
@ -20,6 +20,8 @@
      ntfy = {
        topic = "backups";
        server = config.services.ntfy-sh.settings.base-url;
+        username = "borgmatic";
+        password = "{credential file ${config.age.secrets.borgmatic-ntfy.path}}";
        finish = {
          title = "Ping!";
          message = "Your backups have succeeded :)";
@ -78,6 +80,7 @@
  # secrets
  age.secrets = {
    "borgmatic".file = ../../../secrets/borgmatic.age;
+    "borgmatic-ntfy".file = ../../../secrets/borgmatic-ntfy.age;
    "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age;
  };
 }