Gabe/nix-config
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity

Restic: made modular backup declerations.

Browse source 
Required tree-wide re-wiring of the host option.
Now, rather than each host having a monolithic restic.nix file,
the hosts restic.nix file just specifies the password and url of the
restic repository. Eatch module then definies specific paths to backup
and any pre and post commands that need to be performed.
Each backed up service gets an independent systemd backup service and
timer.
This commit is contained in:
Gabe Venberg 2025-04-13 15:27:25 +02:00
parent cf33c036dd
commit 48c60629ab
36 changed files with 307 additions and 1476 deletions
Download patch file Download diff file Expand all files Collapse all files

4
configs/nixos/common.nix
View file

@ -48,13 +48,13 @@ in {
environment.shells = lib.mkDefault [pkgs.zsh]; environment.shells = lib.mkDefault [pkgs.zsh];
# if we arent setting our password from nix secrets, we need to allow changing it. # if we arent setting our password from nix secrets, we need to allow changing it.
users.mutableUsers = !inputs ? nix-secrets; users.mutableUsers = !inputs ? nix-secrets;
users.users.${config.host.user} = { users.users.${config.host.details.user} = {
isNormalUser = true; isNormalUser = true;
hashedPassword = hashedPassword =
if inputs ? nix-secrets if inputs ? nix-secrets
then (lib.removeSuffix "\n" (builtins.readFile "${inputs.nix-secrets}/password-hash")) then (lib.removeSuffix "\n" (builtins.readFile "${inputs.nix-secrets}/password-hash"))
else defaultPasswordHash; else defaultPasswordHash;
description = config.host.fullName; description = config.host.details.fullName;
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = ["wheel"]; extraGroups = ["wheel"];
}; };

2
configs/nixos/docker.nix
View file

@ -9,5 +9,5 @@
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
}; };
users.users.${config.host.user}.extraGroups = ["docker"]; users.users.${config.host.details.user}.extraGroups = ["docker"];
} }

5
configs/nixos/factorio-docker.nix
View file

@ -17,6 +17,11 @@
environment = {UPDATE_MODS_ON_START = "true";}; environment = {UPDATE_MODS_ON_START = "true";};
}; };
}; };
host.restic.backups.factorio = {
paths = ["/storage/factorio"];
};
imports = [ imports = [
./docker.nix ./docker.nix
]; ];

10
configs/nixos/forgejo.nix
View file

@ -39,5 +39,15 @@ in {
}; };
}; };
host.restic.backups.forgejo = {
paths = [
"/var/lib/forgejo/custom"
"/var/lib/forgejo/data"
"/var/lib/forgejo/repositories"
];
preBackupCommands = "systemctl stop forgejo.service";
postBackupCommands = "systemctl start forgejo.service";
};
imports = [./nginx.nix]; imports = [./nginx.nix];
} }

4
configs/nixos/i3/default.nix
View file

@ -8,7 +8,7 @@
services.displayManager = { services.displayManager = {
defaultSession = "none+i3"; defaultSession = "none+i3";
autoLogin = { autoLogin = {
user = config.host.user; user = config.host.details.user;
enable = true; enable = true;
}; };
}; };
@ -22,7 +22,7 @@
}; };
xkb.options = "ctrl:nocaps,compose:rctrl"; xkb.options = "ctrl:nocaps,compose:rctrl";
}; };
home-manager.users.${config.host.user} = {config, ...}: { home-manager.users.${config.host.details.user} = {config, ...}: {
home.packages = with pkgs; [ home.packages = with pkgs; [
maim maim
brightnessctl brightnessctl

6
configs/nixos/i3/i3status-rust.nix
View file

@ -4,7 +4,7 @@
lib, lib,
... ...
}: { }: {
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
config, config,
osConfig, osConfig,
lib, lib,
@ -46,14 +46,14 @@
} }
( (
lib.mkIf lib.mkIf
(!osConfig.host.isVm) (!osConfig.host.details.isVm)
{ {
block = "backlight"; block = "backlight";
missing_format = ""; missing_format = "";
} }
) )
( (
lib.mkIf (osConfig.host.isLaptop) lib.mkIf (osConfig.host.details.isLaptop)
{ {
block = "battery"; block = "battery";
driver = "upower"; driver = "upower";

2
configs/nixos/i3/lockscreen.nix
View file

@ -7,7 +7,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
betterlockscreen betterlockscreen
]; ];
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
config, config,
osConfig, osConfig,
lib, lib,

2
configs/nixos/interactive-networking.nix
View file

@ -5,5 +5,5 @@
}: { }: {
# Enable networking # Enable networking
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
users.users.${config.host.user}.extraGroups = ["networkmanager"]; users.users.${config.host.details.user}.extraGroups = ["networkmanager"];
} }

25
configs/nixos/minecraft-docker.nix
View file

@ -4,7 +4,23 @@
pkgs, pkgs,
lib, lib,
... ...
}: { }: let
preBackup = pkgs.writeShellScriptBin "mc-docker-pre-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "say server backing up, expect minor lag"
sleep 10
docker exec minecraft rcon-cli "save-all flush"
docker exec minecraft rcon-cli "save-off"
sleep 10
'';
postBackup = pkgs.writeShellScriptBin "mc-docker-post-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "save-on"
docker exec minecraft rcon-cli "say server backup succsessful!"
'';
in {
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "docker"; backend = "docker";
containers.minecraft = { containers.minecraft = {
@ -42,6 +58,13 @@
extraOptions = ["--stop-timeout=60"]; extraOptions = ["--stop-timeout=60"];
}; };
}; };
host.restic.backups.minecraft = {
preBackupCommands = "${preBackup}/bin/mc-docker-pre-backup";
postBackupCommands = "${postBackup}/bin/mc-docker-post-backup";
paths = ["/storage/minecraft"];
};
imports = [ imports = [
./docker.nix ./docker.nix
]; ];

6
configs/nixos/radicale.nix
View file

@ -25,5 +25,11 @@
}; };
}; };
host.restic.backups.radicale = {
paths = [
"/var/lib/radicale"
];
};
imports = [./nginx.nix]; imports = [./nginx.nix];
} }

2
configs/nixos/sound.nix
View file

@ -13,7 +13,7 @@
pulse.enable = true; pulse.enable = true;
}; };
home-manager.users.${config.host.user} = {config, ...}: { home-manager.users.${config.host.details.user} = {config, ...}: {
home.packages = with pkgs; [ home.packages = with pkgs; [
pwvucontrol pwvucontrol
helvum helvum

6
configs/nixos/sshd.nix
View file

@ -2,8 +2,8 @@
config, config,
pkgs, pkgs,
inputs, inputs,
configLib,
lib, lib,
myLib,
... ...
}: { }: {
services.openssh = { services.openssh = {
@ -18,10 +18,10 @@
users.users.root.openssh.authorizedKeys.keys = lib.mkDefault ( users.users.root.openssh.authorizedKeys.keys = lib.mkDefault (
if inputs ? nix-secrets if inputs ? nix-secrets
then (configLib.dirToStrings "${inputs.nix-secrets}/public-keys") then (myLib.dirToStrings "${inputs.nix-secrets}/public-keys")
else [] else []
); );
# if it can log into root, it should also be able to log in to the main user. # if it can log into root, it should also be able to log in to the main user.
users.users.${config.host.user}.openssh.authorizedKeys.keys = users.users.${config.host.details.user}.openssh.authorizedKeys.keys =
config.users.users.root.openssh.authorizedKeys.keys; config.users.users.root.openssh.authorizedKeys.keys;
} }

7
configs/nixos/syncthing.nix
View file

@ -2,19 +2,18 @@
config, config,
pkgs, pkgs,
inputs, inputs,
configLib,
lib, lib,
... ...
}: { }: {
services.syncthing = { services.syncthing = {
enable = true; enable = true;
user = config.host.user; user = config.host.details.user;
group = "users"; group = "users";
overrideDevices = false; overrideDevices = false;
overrideFolders = false; overrideFolders = false;
openDefaultPorts = true; openDefaultPorts = true;
systemService = true; systemService = true;
dataDir = "/home/${config.host.user}/Sync"; dataDir = "/home/${config.host.details.user}/Sync";
configDir = "/home/${config.host.user}/.local/state/syncthing"; configDir = "/home/${config.host.details.user}/.local/state/syncthing";
}; };
} }

1
configs/nixos/tailscale.nix
View file

@ -2,7 +2,6 @@
config, config,
pkgs, pkgs,
inputs, inputs,
configLib,
lib, lib,
... ...
}: { }: {

24
flake.nix
View file

@ -63,7 +63,7 @@
"aarch64-linux" "aarch64-linux"
]; ];
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
configLib = import ./lib {inherit lib;}; myLib = import ./lib {inherit lib;};
in { in {
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
@ -80,24 +80,22 @@
} }
); );
lib = configLib;
homeManagerModules = import ./modules/home-manager; homeManagerModules = import ./modules/home-manager;
# NixOS configuration entrypoint # NixOS configuration entrypoint
# Available through 'nixos-rebuild --flake .#your-hostname' # Available through 'nixos-rebuild --flake .#your-hostname'
nixosConfigurations = { nixosConfigurations = {
rockhole = import ./hosts/rockhole64 {inherit inputs configLib;}; rockhole = import ./hosts/rockhole64 {inherit inputs myLib;};
cirrus = import ./hosts/cirrus {inherit inputs configLib;}; cirrus = import ./hosts/cirrus {inherit inputs myLib;};
cirrostratus = import ./hosts/cirrostratus {inherit inputs configLib;}; cirrostratus = import ./hosts/cirrostratus {inherit inputs myLib;};
}; };
# Standalone home-manager configuration entrypoint # Standalone home-manager configuration entrypoint
# Available through 'home-manager --flake .#your-username@your-hostname' # Available through 'home-manager --flake .#your-username@your-hostname'
homeConfigurations = { homeConfigurations = {
"gabe@archlaptop" = import ./hosts/home-laptop.nix {inherit inputs configLib;}; "gabe@archlaptop" = import ./hosts/home-laptop.nix {inherit inputs myLib;};
"gabe@linuxgamingrig" = import ./hosts/home-personal.nix {inherit inputs configLib;}; "gabe@linuxgamingrig" = import ./hosts/home-personal.nix {inherit inputs myLib;};
"gabe@gvworklaptop" = import ./hosts/work-laptop.nix {inherit inputs configLib;}; "gabe@gvworklaptop" = import ./hosts/work-laptop.nix {inherit inputs myLib;};
}; };
deploy = { deploy = {
@ -121,10 +119,10 @@
}; };
packages.x86_64-linux = { packages.x86_64-linux = {
proxmox = import ./packages/proxmox.nix {inherit inputs configLib;}; proxmox = import ./packages/proxmox.nix {inherit inputs myLib;};
iso = import ./packages/iso.nix {inherit inputs configLib;}; iso = import ./packages/iso.nix {inherit inputs myLib;};
aarch-64-iso = import ./packages/aarch64-iso.nix {inherit inputs configLib;}; aarch-64-iso = import ./packages/aarch64-iso.nix {inherit inputs myLib;};
rpi3-sd-image = import ./packages/rpi3-sd-image.nix {inherit inputs configLib;}; rpi3-sd-image = import ./packages/rpi3-sd-image.nix {inherit inputs myLib;};
}; };
templates = import ./templates; templates = import ./templates;

11
hosts/archlaptop-vm/default.nix
View file

@ -1,11 +1,11 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs configLib;}; specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file < # > Our main nixos configuration file <
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -21,7 +21,6 @@ inputs.nixpkgs.lib.nixosSystem {
({ ({
config, config,
pkgs, pkgs,
configLib,
... ...
}: { }: {
host = { host = {
@ -33,14 +32,14 @@ inputs.nixpkgs.lib.nixosSystem {
networking.hostName = "archlaptop-vm"; # Define your hostname. networking.hostName = "archlaptop-vm"; # Define your hostname.
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.${config.host.user} = { users.users.${config.host.details.user} = {
packages = with pkgs; [firefox]; packages = with pkgs; [firefox];
}; };
home-manager.sharedModules = [ home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
]; ];
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
inputs, inputs,
osConfig, osConfig,
lib, lib,
@ -50,7 +49,7 @@ inputs.nixpkgs.lib.nixosSystem {
user = { user = {
git = { git = {
profile = { profile = {
name = config.host.fullName; name = config.host.details.fullName;
email = "gabevenberg@gmail.com"; email = "gabevenberg@gmail.com";
}; };
workProfile.enable = false; workProfile.enable = false;

13
hosts/cirrostratus/default.nix
View file

@ -1,12 +1,12 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
# Kapr site server. # Kapr site server.
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs configLib;}; specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file < # > Our main nixos configuration file <
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -31,11 +31,10 @@ inputs.nixpkgs.lib.nixosSystem {
({ ({
config, config,
pkgs, pkgs,
configLib,
lib, lib,
... ...
}: { }: {
host = { host.details = {
user = "gabe"; user = "gabe";
fullName = "Gabe Venberg"; fullName = "Gabe Venberg";
gui.enable = false; gui.enable = false;
@ -72,18 +71,18 @@ inputs.nixpkgs.lib.nixosSystem {
# virtualisation.docker.daemon.settings.data-root="/storage/docker"; # virtualisation.docker.daemon.settings.data-root="/storage/docker";
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
inputs, inputs,
osConfig, osConfig,
lib, lib,
... ...
}: { }: {
host = osConfig.host; host.details = osConfig.host.details;
user = { user = {
nvim.enable-lsp = false; nvim.enable-lsp = false;
git = { git = {
profile = { profile = {
name = config.host.fullName; name = config.host.details.fullName;
email = "gabevenberg@gmail.com"; email = "gabevenberg@gmail.com";
}; };
workProfile.enable = false; workProfile.enable = false;

73
hosts/cirrostratus/restic.nix
View file

@ -6,82 +6,37 @@
... ...
}: let }: let
port = "8090"; port = "8090";
# TODO: I should really make restic a custom module at this point, with an enable option, a option for being the host,
# and the ability to add paths and pre/post commands from multiple places.
preBackup = pkgs.writeShellScriptBin "mc-docker-pre-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "say server backing up, expect minor lag"
sleep 10
docker exec minecraft rcon-cli "save-all flush"
docker exec minecraft rcon-cli "save-off"
sleep 10
'';
postBackup = pkgs.writeShellScriptBin "mc-docker-post-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "save-on"
docker exec minecraft rcon-cli "say server backup succsessful!"
'';
in { in {
services.restic.server = lib.mkIf (inputs ? nix-secrets) {
enable = true;
appendOnly = true;
dataDir = "/backup/restic";
listenAddress = "127.0.0.1:${port}";
};
services.nginx.virtualHosts."restic.venberg.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${port}";
};
};
sops = lib.mkIf (inputs ? nix-secrets) { sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-server-credentials = { secrets.restic-server-credentials = {
sopsFile = "${inputs.nix-secrets}/restic-server"; sopsFile = "${inputs.nix-secrets}/restic-server";
format = "binary"; format = "binary";
path = "/backup/restic/.htpasswd";
owner = "restic"; owner = "restic";
}; };
secrets.restic-url = { secrets.restic-url = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml"; sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user; owner = config.host.details.user;
}; };
secrets.restic-password = { secrets.restic-password = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml"; sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user; owner = config.host.details.user;
}; };
}; };
environment.systemPackages = with pkgs; [ host.restic = {
restic enable = true;
]; repository = "/backup/restic/";
services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
local = {
repositoryFile = "/backup/restic/";
passwordFile = config.sops.secrets.restic-password.path; passwordFile = config.sops.secrets.restic-password.path;
initialize = true; server = {
backupPrepareCommand = "${preBackup}/bin/mc-docker-pre-backup"; enable = true;
backupCleanupCommand = "${postBackup}/bin/mc-docker-post-backup"; htpasswdPath = config.sops.secrets.restic-server-credentials.path;
paths = [ domain = "restic.venberg.xyz";
"/storage/syncthing" port = port;
"/storage/factorio" repositoryPath = "/backup/restic";
"/storage/minecraft"
];
pruneOpts = [
"--keep-within 14d"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
"--keep-yearly 10"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
}; };
}; };
host.restic.backups.syncthing = {
paths = ["/storage/syncthing"];
}; };
} }

13
hosts/cirrus/default.nix
View file

@ -1,12 +1,12 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
# Hetzner cloud multipurpouse server # Hetzner cloud multipurpouse server
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs configLib;}; specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file < # > Our main nixos configuration file <
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -25,11 +25,10 @@ inputs.nixpkgs.lib.nixosSystem {
({ ({
config, config,
pkgs, pkgs,
configLib,
lib, lib,
... ...
}: { }: {
host = { host.details = {
user = "gabe"; user = "gabe";
fullName = "Gabe Venberg"; fullName = "Gabe Venberg";
gui.enable = false; gui.enable = false;
@ -61,17 +60,17 @@ inputs.nixpkgs.lib.nixosSystem {
}; };
}; };
}; };
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
inputs, inputs,
osConfig, osConfig,
lib, lib,
... ...
}: { }: {
host = osConfig.host; host.details = osConfig.host.details;
user = { user = {
git = { git = {
profile = { profile = {
name = config.host.fullName; name = config.host.details.fullName;
email = "gabevenberg@gmail.com"; email = "gabevenberg@gmail.com";
}; };
workProfile.enable = false; workProfile.enable = false;

33
hosts/cirrus/restic.nix
View file

@ -5,43 +5,20 @@
lib, lib,
... ...
}: { }: {
environment.systemPackages = with pkgs; [
restic
];
sops = lib.mkIf (inputs ? nix-secrets) { sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-url = { secrets.restic-url = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml"; sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user; owner = config.host.details.user;
}; };
secrets.restic-password = { secrets.restic-password = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml"; sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user; owner = config.host.details.user;
}; };
}; };
services.restic.backups = lib.mkIf (inputs ? nix-secrets) { host.restic = {
remote = { enable = true;
repositoryFile = config.sops.secrets.restic-url.path;
passwordFile = config.sops.secrets.restic-password.path; passwordFile = config.sops.secrets.restic-password.path;
initialize = true; repositoryFile = config.sops.secrets.restic-url.path;
backupPrepareCommand = ''
systemctl stop forgejo.service
'';
backupCleanupCommand = ''
systemctl start forgejo.service
'';
paths = [
"/var/lib/radicale"
"/var/lib/forgejo/custom"
"/var/lib/forgejo/data"
"/var/lib/forgejo/repositories"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
};
};
}; };
} }

7
hosts/home-laptop.nix
View file

@ -1,17 +1,16 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
inputs.home-manager.lib.homeManagerConfiguration { inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;}; extraSpecialArgs = {inherit inputs myLib;};
modules = [ modules = [
({ ({
config, config,
pkgs, pkgs,
lib, lib,
configLib,
... ...
}: { }: {
# machine specific options # machine specific options
@ -25,7 +24,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
workProfile.enable = false; workProfile.enable = false;
}; };
}; };
host.isLaptop = true; host.details.isLaptop = true;
targets.genericLinux.enable = true; targets.genericLinux.enable = true;
home.username = "gabe"; home.username = "gabe";

5
hosts/home-personal.nix
View file

@ -1,17 +1,16 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
inputs.home-manager.lib.homeManagerConfiguration { inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;}; extraSpecialArgs = {inherit inputs myLib;};
modules = [ modules = [
({ ({
config, config,
pkgs, pkgs,
lib, lib,
configLib,
... ...
}: { }: {
# machine specific options # machine specific options

1
hosts/rockhole64/adguard.nix
View file

@ -2,7 +2,6 @@
config, config,
pkgs, pkgs,
inputs, inputs,
configLib,
lib, lib,
... ...
}: { }: {

13
hosts/rockhole64/default.nix
View file

@ -1,11 +1,11 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
specialArgs = {inherit inputs configLib;}; specialArgs = {inherit inputs myLib;};
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
@ -19,7 +19,6 @@ inputs.nixpkgs.lib.nixosSystem {
({ ({
config, config,
pkgs, pkgs,
configLib,
... ...
}: { }: {
boot.initrd.kernelModules = [ boot.initrd.kernelModules = [
@ -33,7 +32,7 @@ inputs.nixpkgs.lib.nixosSystem {
"phy_rockchip_pcie" "phy_rockchip_pcie"
]; ];
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
host = { host.details = {
user = "gabe"; user = "gabe";
fullName = "Gabe Venberg"; fullName = "Gabe Venberg";
}; };
@ -53,17 +52,17 @@ inputs.nixpkgs.lib.nixosSystem {
# home-manager.sharedModules = [ # home-manager.sharedModules = [
# inputs.sops-nix.homeManagerModules.sops # inputs.sops-nix.homeManagerModules.sops
# ]; # ];
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
inputs, inputs,
osConfig, osConfig,
lib, lib,
... ...
}: { }: {
host = osConfig.host; host.details = osConfig.host.details;
user = { user = {
git = { git = {
profile = { profile = {
name = config.host.fullName; name = config.host.details.fullName;
email = "gabevenberg@gmail.com"; email = "gabevenberg@gmail.com";
}; };
workProfile.enable = false; workProfile.enable = false;

7
hosts/work-laptop.nix
View file

@ -1,17 +1,16 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
inputs.home-manager.lib.homeManagerConfiguration { inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;}; extraSpecialArgs = {inherit inputs myLib;};
modules = [ modules = [
({ ({
config, config,
pkgs, pkgs,
lib, lib,
configLib,
... ...
}: { }: {
# machine specific options # machine specific options
@ -28,7 +27,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
}; };
}; };
}; };
host.isLaptop = true; host.details.isLaptop = true;
targets.genericLinux.enable = true; targets.genericLinux.enable = true;
home.username = "gabe"; home.username = "gabe";

13
lib/default.nix
View file

@ -1,6 +1,4 @@
{lib}: let {lib}: {
net = import ./net.nix {inherit lib;};
in {
dirToStrings = dir: (map (v: builtins.readFile "${dir}/${v}") dirToStrings = dir: (map (v: builtins.readFile "${dir}/${v}")
(builtins.filter (v: (builtins.filter (v:
(builtins.readFileType "${dir}/${v}") == "regular") ( (builtins.readFileType "${dir}/${v}") == "regular") (
@ -11,13 +9,4 @@ in {
) )
else [] else []
))); )));
calcSystemdDhcpPoolOffset = {
base,
start,
end,
}: {
offset = net.lib.net.ip.diff start base;
size = net.lib.net.ip.diff end start;
};
} }

1269
lib/net.nix
View file

File diff suppressed because it is too large Load diff

1
modules/nixos/default.nix
View file

@ -1,5 +1,6 @@
{ {
imports = [ imports = [
./hostopts.nix ./hostopts.nix
./restic.nix
]; ];
} }

2
modules/nixos/hostopts.nix
View file

@ -5,7 +5,7 @@
... ...
}: { }: {
options = { options = {
host = { host.details = {
user = lib.mkOption { user = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Primary human user"; description = "Primary human user";

148
modules/nixos/restic.nix Normal file
View file

@ -0,0 +1,148 @@
{
config,
pkgs,
lib,
...
}: {
options = {
host.restic = {
enable = lib.mkEnableOption "enable restic";
passwordFile = lib.mkOption {
type = lib.types.path;
description = "path to the file containing the restic repository password.";
};
repositoryFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = "path to the file containing the restic repository url/path";
default = null;
};
repository = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "restic repository url/path";
};
server = {
enable = lib.mkEnableOption "enable restic server (must have nginx enabled and setup, and host.restic.passwordFile populated.)";
repositoryPath = lib.mkOption {
type = lib.types.path;
description = "path of repository";
};
htpasswdPath = lib.mkOption {
type = lib.types.path;
description = "path to the repositories .htpasswd file";
};
domain = lib.mkOption {
type = lib.types.str;
description = "domain name to serve the restic server under. (for nginx virtualHosts)";
};
port = lib.mkOption {
type = lib.types.str;
description = "(internal) port to use between nginx and restic-server";
};
};
backups = lib.mkOption {
description = "backups to create";
default = {};
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
paths = lib.mkOption {
type = lib.types.listOf lib.types.path;
description = "paths to back up.";
};
preBackupCommands = lib.mkOption {
type = lib.types.nullOr lib.types.lines;
description = "commands to run before the start of the backup.";
default = null;
};
postBackupCommands = lib.mkOption {
type = lib.types.nullOr lib.types.lines;
description = "commands to run after the backup is finished.";
default = null;
};
};
}));
};
};
};
config = let
cfg = config.host.restic;
timer = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
};
pruneOpts = [
"--keep-within 14d"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
"--keep-yearly 10"
];
in {
environment.systemPackages =
lib.mkIf
(cfg.server.enable || cfg.enable)
(with pkgs; [
restic
]);
services.restic.server = lib.mkIf cfg.server.enable {
enable = true;
appendOnly = true;
dataDir = cfg.server.repositoryPath;
listenAddress = "127.0.0.1:${cfg.server.port}";
extraFlags = ["--htpasswd-file '${cfg.server.htpasswdPath}'"];
};
services.nginx.virtualHosts =
lib.mkIf (
cfg.server.enable
&& (lib.asserts.assertMsg
(config.services.nginx.enable == true)
"NGINX must be enabled")
)
{
"${cfg.server.domain}" = {
enableACME = lib.asserts.assertMsg (
config.security.acme.acceptTerms
== true
&& config.security.acme.defaults.email != null
) "ACME must be setup";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${cfg.server.port}";
};
};
};
services.restic.backups = lib.mkMerge [
(lib.mkIf cfg.server.enable {
prune = {
repository = cfg.server.repositoryPath;
passwordFile = cfg.passwordFile;
initialize = true;
runCheck = true;
paths = null;
timerConfig = timer;
pruneOpts = pruneOpts;
};
})
(
lib.mkIf cfg.enable (
lib.mapAttrs (
name: backup: {
repositoryFile = cfg.repositoryFile;
repository = cfg.repository;
passwordFile = cfg.passwordFile;
timerConfig = timer;
backupPrepareCommand = backup.preBackupCommands;
backupCleanupCommand = backup.postBackupCommands;
paths = backup.paths;
}
)
cfg.backups
)
)
];
};
}

13
packages/aarch64-iso.nix
View file

@ -1,12 +1,12 @@
# this ISO works best with tow-boot or another way of UEFI booting. # this ISO works best with tow-boot or another way of UEFI booting.
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
(inputs.nixpkgs.lib.nixosSystem { (inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
specialArgs = {inherit inputs configLib;}; specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file < # > Our main nixos configuration file <
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -19,7 +19,6 @@
pkgs, pkgs,
lib, lib,
inputs, inputs,
configLib,
modulesPath, modulesPath,
options, options,
... ...
@ -38,26 +37,26 @@
"${modulesPath}/installer/scan/detected.nix" "${modulesPath}/installer/scan/detected.nix"
"${modulesPath}/installer/scan/not-detected.nix" "${modulesPath}/installer/scan/not-detected.nix"
]; ];
host = { host.details = {
user = "gabe"; user = "gabe";
fullName = "Gabe Venberg"; fullName = "Gabe Venberg";
gui.enable = true; gui.enable = true;
}; };
networking.hostName = "nixos-installer"; # Define your hostname. networking.hostName = "nixos-installer"; # Define your hostname.
users.users.${config.host.user} = { users.users.${config.host.details.user} = {
packages = with pkgs; [ packages = with pkgs; [
neovim neovim
gptfdisk gptfdisk
]; ];
}; };
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
inputs, inputs,
osConfig, osConfig,
... ...
}: { }: {
host = osConfig.host; host.details = osConfig.host.details;
user = { user = {
nvim.enable-lsp = false; nvim.enable-lsp = false;
git = { git = {

13
packages/iso.nix
View file

@ -1,11 +1,11 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
(inputs.nixpkgs.lib.nixosSystem { (inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs configLib;}; specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file < # > Our main nixos configuration file <
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -22,7 +22,6 @@
pkgs, pkgs,
lib, lib,
inputs, inputs,
configLib,
modulesPath, modulesPath,
options, options,
... ...
@ -36,26 +35,26 @@
"${modulesPath}/installer/scan/detected.nix" "${modulesPath}/installer/scan/detected.nix"
"${modulesPath}/installer/scan/not-detected.nix" "${modulesPath}/installer/scan/not-detected.nix"
]; ];
host = { host.details = {
user = "gabe"; user = "gabe";
fullName = "Gabe Venberg"; fullName = "Gabe Venberg";
gui.enable = true; gui.enable = true;
}; };
networking.hostName = "nixos-installer"; # Define your hostname. networking.hostName = "nixos-installer"; # Define your hostname.
users.users.${config.host.user} = { users.users.${config.host.details.user} = {
packages = with pkgs; [ packages = with pkgs; [
firefox firefox
gptfdisk gptfdisk
]; ];
}; };
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
inputs, inputs,
osConfig, osConfig,
... ...
}: { }: {
host = osConfig.host; host.details = osConfig.host.details;
user = { user = {
nvim.enable-lsp = false; nvim.enable-lsp = false;
git = { git = {

17
packages/proxmox.nix
View file

@ -1,11 +1,11 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
(inputs.nixpkgs.lib.nixosSystem { (inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs configLib;}; specialArgs = {inherit inputs myLib;};
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
../configs/nixos/sshd.nix ../configs/nixos/sshd.nix
@ -13,7 +13,6 @@
({ ({
config, config,
pkgs, pkgs,
configLib,
modulesPath, modulesPath,
lib, lib,
... ...
@ -22,19 +21,21 @@
proxmoxLXC.manageHostName = false; proxmoxLXC.manageHostName = false;
boot.loader.grub.enable = lib.mkForce false; boot.loader.grub.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.systemd-boot.enable = lib.mkForce false;
host.user = "gabe"; host.details = {
host.fullName = "Gabe Venberg"; user = "gabe";
fullName = "Gabe Venberg";
};
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
inputs, inputs,
osConfig, osConfig,
... ...
}: { }: {
host = osConfig.host; host.details = osConfig.host.details;
user = { user = {
git = { git = {
profile = { profile = {
name = config.host.fullName; name = config.host.details.fullName;
email = "gabevenberg@gmail.com"; email = "gabevenberg@gmail.com";
}; };
workProfile.enable = false; workProfile.enable = false;

13
packages/rpi3-sd-image.nix
View file

@ -1,11 +1,11 @@
{ {
inputs, inputs,
configLib, myLib,
... ...
}: }:
(inputs.nixpkgs.lib.nixosSystem { (inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
specialArgs = {inherit inputs configLib;}; specialArgs = {inherit inputs myLib;};
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
@ -20,13 +20,12 @@
config, config,
pkgs, pkgs,
lib, lib,
configLib,
modulesPath, modulesPath,
... ...
}: { }: {
imports = ["${modulesPath}/installer/sd-card/sd-image-aarch64.nix"]; imports = ["${modulesPath}/installer/sd-card/sd-image-aarch64.nix"];
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
host = { host.details = {
user = "gabe"; user = "gabe";
fullName = "Gabe Venberg"; fullName = "Gabe Venberg";
}; };
@ -55,17 +54,17 @@
# home-manager.sharedModules = [ # home-manager.sharedModules = [
# inputs.sops-nix.homeManagerModules.sops # inputs.sops-nix.homeManagerModules.sops
# ]; # ];
home-manager.users.${config.host.user} = { home-manager.users.${config.host.details.user} = {
inputs, inputs,
osConfig, osConfig,
lib, lib,
... ...
}: { }: {
host = osConfig.host; host.details = osConfig.host.details;
user = { user = {
git = { git = {
profile = { profile = {
name = config.host.fullName; name = config.host.details.fullName;
email = "gabevenberg@gmail.com"; email = "gabevenberg@gmail.com";
}; };
workProfile.enable = false; workProfile.enable = false;

2
roles/nixos/graphical-vm.nix
View file

@ -10,5 +10,5 @@
imports = [ imports = [
./vm.nix ./vm.nix
]; ];
host.gui.enable = true; host.details.gui.enable = true;
} }

2
roles/nixos/vm.nix
View file

@ -6,5 +6,5 @@
... ...
}: { }: {
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
host.isVm = true; host.details.isVm = true;
} }