Gabe/nix-config
1
0
Fork 0
Code Issues12 Pull requests Projects Releases Packages Wiki Activity

Restic: made modular backup declerations.

Browse source 
Required tree-wide re-wiring of the host option.
Now, rather than each host having a monolithic restic.nix file,
the hosts restic.nix file just specifies the password and url of the
restic repository. Eatch module then definies specific paths to backup
and any pre and post commands that need to be performed.
Each backed up service gets an independent systemd backup service and
timer.
This commit is contained in:
Gabe Venberg 2025-04-13 15:27:25 +02:00
parent cf33c036dd
commit 48c60629ab
36 changed files with 307 additions and 1476 deletions

4
configs/nixos/common.nix
View file

@ -48,13 +48,13 @@ in {
environment.shells = lib.mkDefault [pkgs.zsh];
# if we arent setting our password from nix secrets, we need to allow changing it.
users.mutableUsers = !inputs ? nix-secrets;
users.users.${config.host.user} = {
users.users.${config.host.details.user} = {
isNormalUser = true;
hashedPassword =
if inputs ? nix-secrets
then (lib.removeSuffix "\n" (builtins.readFile "${inputs.nix-secrets}/password-hash"))
else defaultPasswordHash;
description = config.host.fullName;
description = config.host.details.fullName;
shell = pkgs.zsh;
extraGroups = ["wheel"];
};

2
configs/nixos/docker.nix
View file

@ -9,5 +9,5 @@
enable = true;
autoPrune.enable = true;
};
users.users.${config.host.user}.extraGroups = ["docker"];
users.users.${config.host.details.user}.extraGroups = ["docker"];
}

5
configs/nixos/factorio-docker.nix
View file

@ -17,6 +17,11 @@
environment = {UPDATE_MODS_ON_START = "true";};
};
};
host.restic.backups.factorio = {
paths = ["/storage/factorio"];
};
imports = [
./docker.nix
];

10
configs/nixos/forgejo.nix
View file

@ -39,5 +39,15 @@ in {
};
};
host.restic.backups.forgejo = {
paths = [
"/var/lib/forgejo/custom"
"/var/lib/forgejo/data"
"/var/lib/forgejo/repositories"
];
preBackupCommands = "systemctl stop forgejo.service";
postBackupCommands = "systemctl start forgejo.service";
};
imports = [./nginx.nix];
}

4
configs/nixos/i3/default.nix
View file

@ -8,7 +8,7 @@
services.displayManager = {
defaultSession = "none+i3";
autoLogin = {
user = config.host.user;
user = config.host.details.user;
enable = true;
};
};
@ -22,7 +22,7 @@
};
xkb.options = "ctrl:nocaps,compose:rctrl";
};
home-manager.users.${config.host.user} = {config, ...}: {
home-manager.users.${config.host.details.user} = {config, ...}: {
home.packages = with pkgs; [
maim
brightnessctl

6
configs/nixos/i3/i3status-rust.nix
View file

@ -4,7 +4,7 @@
lib,
...
}: {
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
config,
osConfig,
lib,
@ -46,14 +46,14 @@
}
(
lib.mkIf
(!osConfig.host.isVm)
(!osConfig.host.details.isVm)
{
block = "backlight";
missing_format = "";
}
)
(
lib.mkIf (osConfig.host.isLaptop)
lib.mkIf (osConfig.host.details.isLaptop)
{
block = "battery";
driver = "upower";

2
configs/nixos/i3/lockscreen.nix
View file

@ -7,7 +7,7 @@
environment.systemPackages = with pkgs; [
betterlockscreen
];
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
config,
osConfig,
lib,

2
configs/nixos/interactive-networking.nix
View file

@ -5,5 +5,5 @@
}: {
# Enable networking
networking.networkmanager.enable = true;
users.users.${config.host.user}.extraGroups = ["networkmanager"];
users.users.${config.host.details.user}.extraGroups = ["networkmanager"];
}

27
configs/nixos/minecraft-docker.nix
View file

@ -4,7 +4,23 @@
pkgs,
lib,
...
}: {
}: let
preBackup = pkgs.writeShellScriptBin "mc-docker-pre-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "say server backing up, expect minor lag"
sleep 10
docker exec minecraft rcon-cli "save-all flush"
docker exec minecraft rcon-cli "save-off"
sleep 10
'';
postBackup = pkgs.writeShellScriptBin "mc-docker-post-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "save-on"
docker exec minecraft rcon-cli "say server backup succsessful!"
'';
in {
virtualisation.oci-containers = {
backend = "docker";
containers.minecraft = {
@ -31,7 +47,7 @@
# SETUP_ONLY = "true";
MOTD = "Welcome!";
DIFFICULTY = "normal";
OPS ="TheToric";
OPS = "TheToric";
ENFORCE_WHITELIST = "true";
ENABLE_WHITELIST = "true";
ANNOUNCE_PLAYER_ACHIEVEMENTS = "true";
@ -42,6 +58,13 @@
extraOptions = ["--stop-timeout=60"];
};
};
host.restic.backups.minecraft = {
preBackupCommands = "${preBackup}/bin/mc-docker-pre-backup";
postBackupCommands = "${postBackup}/bin/mc-docker-post-backup";
paths = ["/storage/minecraft"];
};
imports = [
./docker.nix
];

6
configs/nixos/radicale.nix
View file

@ -25,5 +25,11 @@
};
};
host.restic.backups.radicale = {
paths = [
"/var/lib/radicale"
];
};
imports = [./nginx.nix];
}

2
configs/nixos/sound.nix
View file

@ -13,7 +13,7 @@
pulse.enable = true;
};
home-manager.users.${config.host.user} = {config, ...}: {
home-manager.users.${config.host.details.user} = {config, ...}: {
home.packages = with pkgs; [
pwvucontrol
helvum

6
configs/nixos/sshd.nix
View file

@ -2,8 +2,8 @@
config,
pkgs,
inputs,
configLib,
lib,
myLib,
...
}: {
services.openssh = {
@ -18,10 +18,10 @@
users.users.root.openssh.authorizedKeys.keys = lib.mkDefault (
if inputs ? nix-secrets
then (configLib.dirToStrings "${inputs.nix-secrets}/public-keys")
then (myLib.dirToStrings "${inputs.nix-secrets}/public-keys")
else []
);
# if it can log into root, it should also be able to log in to the main user.
users.users.${config.host.user}.openssh.authorizedKeys.keys =
users.users.${config.host.details.user}.openssh.authorizedKeys.keys =
config.users.users.root.openssh.authorizedKeys.keys;
}

7
configs/nixos/syncthing.nix
View file

@ -2,19 +2,18 @@
config,
pkgs,
inputs,
configLib,
lib,
...
}: {
services.syncthing = {
enable = true;
user = config.host.user;
user = config.host.details.user;
group = "users";
overrideDevices = false;
overrideFolders = false;
openDefaultPorts = true;
systemService = true;
dataDir = "/home/${config.host.user}/Sync";
configDir = "/home/${config.host.user}/.local/state/syncthing";
dataDir = "/home/${config.host.details.user}/Sync";
configDir = "/home/${config.host.details.user}/.local/state/syncthing";
};
}

1
configs/nixos/tailscale.nix
View file

@ -2,7 +2,6 @@
config,
pkgs,
inputs,
configLib,
lib,
...
}: {

24
flake.nix
View file

@ -63,7 +63,7 @@
"aarch64-linux"
];
inherit (nixpkgs) lib;
configLib = import ./lib {inherit lib;};
myLib = import ./lib {inherit lib;};
in {
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
@ -80,24 +80,22 @@
}
);
lib = configLib;
homeManagerModules = import ./modules/home-manager;
# NixOS configuration entrypoint
# Available through 'nixos-rebuild --flake .#your-hostname'
nixosConfigurations = {
rockhole = import ./hosts/rockhole64 {inherit inputs configLib;};
cirrus = import ./hosts/cirrus {inherit inputs configLib;};
cirrostratus = import ./hosts/cirrostratus {inherit inputs configLib;};
rockhole = import ./hosts/rockhole64 {inherit inputs myLib;};
cirrus = import ./hosts/cirrus {inherit inputs myLib;};
cirrostratus = import ./hosts/cirrostratus {inherit inputs myLib;};
};
# Standalone home-manager configuration entrypoint
# Available through 'home-manager --flake .#your-username@your-hostname'
homeConfigurations = {
"gabe@archlaptop" = import ./hosts/home-laptop.nix {inherit inputs configLib;};
"gabe@linuxgamingrig" = import ./hosts/home-personal.nix {inherit inputs configLib;};
"gabe@gvworklaptop" = import ./hosts/work-laptop.nix {inherit inputs configLib;};
"gabe@archlaptop" = import ./hosts/home-laptop.nix {inherit inputs myLib;};
"gabe@linuxgamingrig" = import ./hosts/home-personal.nix {inherit inputs myLib;};
"gabe@gvworklaptop" = import ./hosts/work-laptop.nix {inherit inputs myLib;};
};
deploy = {
@ -121,10 +119,10 @@
};
packages.x86_64-linux = {
proxmox = import ./packages/proxmox.nix {inherit inputs configLib;};
iso = import ./packages/iso.nix {inherit inputs configLib;};
aarch-64-iso = import ./packages/aarch64-iso.nix {inherit inputs configLib;};
rpi3-sd-image = import ./packages/rpi3-sd-image.nix {inherit inputs configLib;};
proxmox = import ./packages/proxmox.nix {inherit inputs myLib;};
iso = import ./packages/iso.nix {inherit inputs myLib;};
aarch-64-iso = import ./packages/aarch64-iso.nix {inherit inputs myLib;};
rpi3-sd-image = import ./packages/rpi3-sd-image.nix {inherit inputs myLib;};
};
templates = import ./templates;

11
hosts/archlaptop-vm/default.nix
View file

@ -1,11 +1,11 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -21,7 +21,6 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
...
}: {
host = {
@ -33,14 +32,14 @@ inputs.nixpkgs.lib.nixosSystem {
networking.hostName = "archlaptop-vm"; # Define your hostname.
# Define a user account. Don't forget to set a password with passwd.
users.users.${config.host.user} = {
users.users.${config.host.details.user} = {
packages = with pkgs; [firefox];
};
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
lib,
@ -50,7 +49,7 @@ inputs.nixpkgs.lib.nixosSystem {
user = {
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

13
hosts/cirrostratus/default.nix
View file

@ -1,12 +1,12 @@
{
inputs,
configLib,
myLib,
...
}:
# Kapr site server.
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -31,11 +31,10 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
lib,
...
}: {
host = {
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
gui.enable = false;
@ -72,18 +71,18 @@ inputs.nixpkgs.lib.nixosSystem {
# virtualisation.docker.daemon.settings.data-root="/storage/docker";
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
lib,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
nvim.enable-lsp = false;
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

77
hosts/cirrostratus/restic.nix
View file

@ -6,82 +6,37 @@
...
}: let
port = "8090";
# TODO: I should really make restic a custom module at this point, with an enable option, a option for being the host,
# and the ability to add paths and pre/post commands from multiple places.
preBackup = pkgs.writeShellScriptBin "mc-docker-pre-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "say server backing up, expect minor lag"
sleep 10
docker exec minecraft rcon-cli "save-all flush"
docker exec minecraft rcon-cli "save-off"
sleep 10
'';
postBackup = pkgs.writeShellScriptBin "mc-docker-post-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "save-on"
docker exec minecraft rcon-cli "say server backup succsessful!"
'';
in {
services.restic.server = lib.mkIf (inputs ? nix-secrets) {
enable = true;
appendOnly = true;
dataDir = "/backup/restic";
listenAddress = "127.0.0.1:${port}";
};
services.nginx.virtualHosts."restic.venberg.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${port}";
};
};
sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-server-credentials = {
sopsFile = "${inputs.nix-secrets}/restic-server";
format = "binary";
path = "/backup/restic/.htpasswd";
owner = "restic";
};
secrets.restic-url = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
owner = config.host.details.user;
};
secrets.restic-password = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
owner = config.host.details.user;
};
};
environment.systemPackages = with pkgs; [
restic
];
services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
local = {
repositoryFile = "/backup/restic/";
passwordFile = config.sops.secrets.restic-password.path;
initialize = true;
backupPrepareCommand = "${preBackup}/bin/mc-docker-pre-backup";
backupCleanupCommand = "${postBackup}/bin/mc-docker-post-backup";
paths = [
"/storage/syncthing"
"/storage/factorio"
"/storage/minecraft"
];
pruneOpts = [
"--keep-within 14d"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
"--keep-yearly 10"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
};
host.restic = {
enable = true;
repository = "/backup/restic/";
passwordFile = config.sops.secrets.restic-password.path;
server = {
enable = true;
htpasswdPath = config.sops.secrets.restic-server-credentials.path;
domain = "restic.venberg.xyz";
port = port;
repositoryPath = "/backup/restic";
};
};
host.restic.backups.syncthing = {
paths = ["/storage/syncthing"];
};
}

13
hosts/cirrus/default.nix
View file

@ -1,12 +1,12 @@
{
inputs,
configLib,
myLib,
...
}:
# Hetzner cloud multipurpouse server
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -25,11 +25,10 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
lib,
...
}: {
host = {
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
gui.enable = false;
@ -61,17 +60,17 @@ inputs.nixpkgs.lib.nixosSystem {
};
};
};
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
lib,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

35
hosts/cirrus/restic.nix
View file

@ -5,43 +5,20 @@
lib,
...
}: {
environment.systemPackages = with pkgs; [
restic
];
sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-url = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
owner = config.host.details.user;
};
secrets.restic-password = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
owner = config.host.details.user;
};
};
services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
remote = {
repositoryFile = config.sops.secrets.restic-url.path;
passwordFile = config.sops.secrets.restic-password.path;
initialize = true;
backupPrepareCommand = ''
systemctl stop forgejo.service
'';
backupCleanupCommand = ''
systemctl start forgejo.service
'';
paths = [
"/var/lib/radicale"
"/var/lib/forgejo/custom"
"/var/lib/forgejo/data"
"/var/lib/forgejo/repositories"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
};
};
host.restic = {
enable = true;
passwordFile = config.sops.secrets.restic-password.path;
repositoryFile = config.sops.secrets.restic-url.path;
};
}

7
hosts/home-laptop.nix
View file

@ -1,17 +1,16 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;};
extraSpecialArgs = {inherit inputs myLib;};
modules = [
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options
@ -25,7 +24,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
workProfile.enable = false;
};
};
host.isLaptop = true;
host.details.isLaptop = true;
targets.genericLinux.enable = true;
home.username = "gabe";

5
hosts/home-personal.nix
View file

@ -1,17 +1,16 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;};
extraSpecialArgs = {inherit inputs myLib;};
modules = [
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options

1
hosts/rockhole64/adguard.nix
View file

@ -2,7 +2,6 @@
config,
pkgs,
inputs,
configLib,
lib,
...
}: {

13
hosts/rockhole64/default.nix
View file

@ -1,11 +1,11 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
@ -19,7 +19,6 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
...
}: {
boot.initrd.kernelModules = [
@ -33,7 +32,7 @@ inputs.nixpkgs.lib.nixosSystem {
"phy_rockchip_pcie"
];
hardware.enableRedistributableFirmware = true;
host = {
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
};
@ -53,17 +52,17 @@ inputs.nixpkgs.lib.nixosSystem {
# home-manager.sharedModules = [
# inputs.sops-nix.homeManagerModules.sops
# ];
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
lib,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

7
hosts/work-laptop.nix
View file

@ -1,17 +1,16 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;};
extraSpecialArgs = {inherit inputs myLib;};
modules = [
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options
@ -28,7 +27,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
};
};
};
host.isLaptop = true;
host.details.isLaptop = true;
targets.genericLinux.enable = true;
home.username = "gabe";

13
lib/default.nix
View file

@ -1,6 +1,4 @@
{lib}: let
net = import ./net.nix {inherit lib;};
in {
{lib}: {
dirToStrings = dir: (map (v: builtins.readFile "${dir}/${v}")
(builtins.filter (v:
(builtins.readFileType "${dir}/${v}") == "regular") (
@ -11,13 +9,4 @@ in {
)
else []
)));
calcSystemdDhcpPoolOffset = {
base,
start,
end,
}: {
offset = net.lib.net.ip.diff start base;
size = net.lib.net.ip.diff end start;
};
}

1269
lib/net.nix
View file

File diff suppressed because it is too large Load diff

1
modules/nixos/default.nix
View file

@ -1,5 +1,6 @@
{
imports = [
./hostopts.nix
./restic.nix
];
}

2
modules/nixos/hostopts.nix
View file

@ -5,7 +5,7 @@
...
}: {
options = {
host = {
host.details = {
user = lib.mkOption {
type = lib.types.str;
description = "Primary human user";

148
modules/nixos/restic.nix Normal file
View file

@ -0,0 +1,148 @@
{
config,
pkgs,
lib,
...
}: {
options = {
host.restic = {
enable = lib.mkEnableOption "enable restic";
passwordFile = lib.mkOption {
type = lib.types.path;
description = "path to the file containing the restic repository password.";
};
repositoryFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = "path to the file containing the restic repository url/path";
default = null;
};
repository = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "restic repository url/path";
};
server = {
enable = lib.mkEnableOption "enable restic server (must have nginx enabled and setup, and host.restic.passwordFile populated.)";
repositoryPath = lib.mkOption {
type = lib.types.path;
description = "path of repository";
};
htpasswdPath = lib.mkOption {
type = lib.types.path;
description = "path to the repositories .htpasswd file";
};
domain = lib.mkOption {
type = lib.types.str;
description = "domain name to serve the restic server under. (for nginx virtualHosts)";
};
port = lib.mkOption {
type = lib.types.str;
description = "(internal) port to use between nginx and restic-server";
};
};
backups = lib.mkOption {
description = "backups to create";
default = {};
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
paths = lib.mkOption {
type = lib.types.listOf lib.types.path;
description = "paths to back up.";
};
preBackupCommands = lib.mkOption {
type = lib.types.nullOr lib.types.lines;
description = "commands to run before the start of the backup.";
default = null;
};
postBackupCommands = lib.mkOption {
type = lib.types.nullOr lib.types.lines;
description = "commands to run after the backup is finished.";
default = null;
};
};
}));
};
};
};
config = let
cfg = config.host.restic;
timer = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
};
pruneOpts = [
"--keep-within 14d"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
"--keep-yearly 10"
];
in {
environment.systemPackages =
lib.mkIf
(cfg.server.enable || cfg.enable)
(with pkgs; [
restic
]);
services.restic.server = lib.mkIf cfg.server.enable {
enable = true;
appendOnly = true;
dataDir = cfg.server.repositoryPath;
listenAddress = "127.0.0.1:${cfg.server.port}";
extraFlags = ["--htpasswd-file '${cfg.server.htpasswdPath}'"];
};
services.nginx.virtualHosts =
lib.mkIf (
cfg.server.enable
&& (lib.asserts.assertMsg
(config.services.nginx.enable == true)
"NGINX must be enabled")
)
{
"${cfg.server.domain}" = {
enableACME = lib.asserts.assertMsg (
config.security.acme.acceptTerms
== true
&& config.security.acme.defaults.email != null
) "ACME must be setup";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${cfg.server.port}";
};
};
};
services.restic.backups = lib.mkMerge [
(lib.mkIf cfg.server.enable {
prune = {
repository = cfg.server.repositoryPath;
passwordFile = cfg.passwordFile;
initialize = true;
runCheck = true;
paths = null;
timerConfig = timer;
pruneOpts = pruneOpts;
};
})
(
lib.mkIf cfg.enable (
lib.mapAttrs (
name: backup: {
repositoryFile = cfg.repositoryFile;
repository = cfg.repository;
passwordFile = cfg.passwordFile;
timerConfig = timer;
backupPrepareCommand = backup.preBackupCommands;
backupCleanupCommand = backup.postBackupCommands;
paths = backup.paths;
}
)
cfg.backups
)
)
];
};
}

13
packages/aarch64-iso.nix
View file

@ -1,12 +1,12 @@
# this ISO works best with tow-boot or another way of UEFI booting.
{
inputs,
configLib,
myLib,
...
}:
(inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -19,7 +19,6 @@
pkgs,
lib,
inputs,
configLib,
modulesPath,
options,
...
@ -38,26 +37,26 @@
"${modulesPath}/installer/scan/detected.nix"
"${modulesPath}/installer/scan/not-detected.nix"
];
host = {
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
gui.enable = true;
};
networking.hostName = "nixos-installer"; # Define your hostname.
users.users.${config.host.user} = {
users.users.${config.host.details.user} = {
packages = with pkgs; [
neovim
gptfdisk
];
};
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
nvim.enable-lsp = false;
git = {

13
packages/iso.nix
View file

@ -1,11 +1,11 @@
{
inputs,
configLib,
myLib,
...
}:
(inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -22,7 +22,6 @@
pkgs,
lib,
inputs,
configLib,
modulesPath,
options,
...
@ -36,26 +35,26 @@
"${modulesPath}/installer/scan/detected.nix"
"${modulesPath}/installer/scan/not-detected.nix"
];
host = {
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
gui.enable = true;
};
networking.hostName = "nixos-installer"; # Define your hostname.
users.users.${config.host.user} = {
users.users.${config.host.details.user} = {
packages = with pkgs; [
firefox
gptfdisk
];
};
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
nvim.enable-lsp = false;
git = {

17
packages/proxmox.nix
View file

@ -1,11 +1,11 @@
{
inputs,
configLib,
myLib,
...
}:
(inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
modules = [
inputs.home-manager.nixosModules.home-manager
../configs/nixos/sshd.nix
@ -13,7 +13,6 @@
({
config,
pkgs,
configLib,
modulesPath,
lib,
...
@ -22,19 +21,21 @@
proxmoxLXC.manageHostName = false;
boot.loader.grub.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = lib.mkForce false;
host.user = "gabe";
host.fullName = "Gabe Venberg";
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
};
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

13
packages/rpi3-sd-image.nix
View file

@ -1,11 +1,11 @@
{
inputs,
configLib,
myLib,
...
}:
(inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
@ -20,13 +20,12 @@
config,
pkgs,
lib,
configLib,
modulesPath,
...
}: {
imports = ["${modulesPath}/installer/sd-card/sd-image-aarch64.nix"];
hardware.enableRedistributableFirmware = true;
host = {
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
};
@ -55,17 +54,17 @@
# home-manager.sharedModules = [
# inputs.sops-nix.homeManagerModules.sops
# ];
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
lib,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

2
roles/nixos/graphical-vm.nix
View file

@ -10,5 +10,5 @@
imports = [
./vm.nix
];
host.gui.enable = true;
host.details.gui.enable = true;
}

2
roles/nixos/vm.nix
View file

@ -6,5 +6,5 @@
...
}: {
services.qemuGuest.enable = true;
host.isVm = true;
host.details.isVm = true;
}