How to create flake.nix for the reverse-proxy server's Docker configuration.
Especially how to specify the commit hash of the nix-server-tools code base in order to make the reverse-proxy server resistant to future breaking changes in the nix-server-tools code base.
How to set up Borg backup:
Create a storage server.
Create ssh key with a passphrase that would be visible in plain text in the server or Docker containers.
For BORG_RSH The ssh passphrase file should always be /run/secrets/borg_ssh_passphrase, since that is how the Borg backup server Docker container is create.
~/secrets/borg_secrets.env
What it is: Passphrase/password to the borg repo in the storage box server.
Clear confusion: This is different than the ssh passphrase since it required after sshing into the storage box server, in order to make changes to the Borg backup folder/data it self.
~/.ssh/known_hosts (that has entry for the storage box server)
Calling ssh-keyscan <server address> to get the public key of the server.
Calling ssh-keygen -Hf ~/.ssh/known_hosts to hash the hostnames after adding the public key of the server.
~/.ssh/private_ssh_key_storage_box_server
~/.ssh/secrets/storage_box_ssh_key_passphrase
What it is:
Passphrase to the ssh key
This file is what becomes /run/secrets/borg_ssh_passphrase in the BORG_RSH variable in the borg.env file
Why need: Scripts will ssh into the storage box server to backup the data, using the ssh key. So need the ssh key passphrase to be written to the file.
Clearing confusion: The ssh passphrase is different than the BORG_PASSPHRASE in the borg_secrets.env file.
How to setup the application configurations.
How to set up the config files:
Ex:
For applications already supported by nix-server-tools: (1) .nix config file for Borg back service, (2) .nix config file for the application it self.
For new/user specific custom applications (Ex: Personal webpage, Data dashboard).
How to use the volume_specification.nix utility to specify/configure the docker volumes needed for the applications/docker services.
How to specify an external volume (both with the volumeSpecification utility, and the server's flake.nix file), and why using a external volume could be a useful option to mount volumes (persisting data despite docker compose restarts, encrypting data, using one volume for multiple instances of the same service running on different servers)
How to set up a Borg backup service for the application.
How to generate the Docker files & run scripts for the server. (Also how to use the Nix shell environment).
How to run the run-docker-compose.sh script. (Also other useful utilities in the Nix shell environment).
How to encrypt the secrets file once the server is up & running.
Steps:
nix-server-tools
code base in order to make the reverse-proxy server resistant to future breaking changes in thenix-server-tools
code base.BORG_RSH
The ssh passphrase file should always be/run/secrets/borg_ssh_passphrase
, since that is how the Borg backup server Docker container is create.ssh
passphrase since it required after sshing into the storage box server, in order to make changes to the Borg backup folder/data it self.ssh-keyscan <server address>
to get the public key of the server.ssh-keygen -Hf ~/.ssh/known_hosts
to hash the hostnames after adding the public key of the server./run/secrets/borg_ssh_passphrase
in theBORG_RSH
variable in theborg.env
fileBORG_PASSPHRASE
in theborg_secrets.env
file.nix-server-tools
: (1).nix
config file for Borg back service, (2).nix
config file for the application it self.volumeSpecification
utility, and the server's flake.nix file), and why using a external volume could be a useful option to mount volumes (persisting data despite docker compose restarts, encrypting data, using one volume for multiple instances of the same service running on different servers)run-docker-compose.sh
script. (Also other useful utilities in the Nix shell environment).