From c36c756862e8069f439a4b7aa0ddfa5cd1e5bf65 Mon Sep 17 00:00:00 2001 From: Gabe Venberg Date: Mon, 30 Sep 2024 16:06:17 +0200 Subject: [PATCH] lots of stuff: Moved syncthing to system service Restic actually works now removed some old system configs. formatting. --- configs/home-manager/mpd.nix | 6 +- configs/home-manager/syncthing.nix | 8 -- configs/nixos/common.nix | 5 +- configs/nixos/radicale.nix | 2 +- configs/nixos/syncthing.nix | 20 +++++ flake.lock | 24 +++--- hosts/cirrostratus/default.nix | 6 +- hosts/cirrostratus/disk-config.nix | 9 +- hosts/cirrostratus/restic.nix | 19 ++++- hosts/cirrus/default.nix | 1 + hosts/cirrus/restic.nix | 38 +++++++++ hosts/home-laptop.nix | 1 - hosts/home-personal.nix | 1 - hosts/home-workstation.nix | 56 ------------- hosts/workstation-vm/default.nix | 84 ------------------- .../workstation-vm/hardware-configuration.nix | 45 ---------- hosts/wsl-workstation.nix | 63 -------------- modules/home-manager/nvim/lualine.nix | 2 +- 18 files changed, 101 insertions(+), 289 deletions(-) delete mode 100644 configs/home-manager/syncthing.nix create mode 100644 configs/nixos/syncthing.nix create mode 100644 hosts/cirrus/restic.nix delete mode 100644 hosts/home-workstation.nix delete mode 100644 hosts/workstation-vm/default.nix delete mode 100644 hosts/workstation-vm/hardware-configuration.nix delete mode 100644 hosts/wsl-workstation.nix diff --git a/configs/home-manager/mpd.nix b/configs/home-manager/mpd.nix index 3630cc4..ce00db1 100644 --- a/configs/home-manager/mpd.nix +++ b/configs/home-manager/mpd.nix @@ -12,7 +12,7 @@ in { network.startWhenNeeded = true; playlistDirectory = "${config.services.mpd.musicDirectory}/.mpd/playlists"; extraConfig = - ('' + '' restore_paused "yes" auto_update "yes" replaygain "auto" @@ -23,7 +23,7 @@ in { name "PipeWire Sound Server" } '' - + lib.optionalString visualizer + + lib.optionalString visualizer '' #for ncmpcpp visualizer audio_output { @@ -32,7 +32,7 @@ in { path "/tmp/mpd.fifo" format "44100:16:2" } - ''); + ''; }; services.mpd-mpris.enable = true; diff --git a/configs/home-manager/syncthing.nix b/configs/home-manager/syncthing.nix deleted file mode 100644 index ce7b461..0000000 --- a/configs/home-manager/syncthing.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - services.syncthing.enable = true; -} diff --git a/configs/nixos/common.nix b/configs/nixos/common.nix index 211f049..dfdf61a 100644 --- a/configs/nixos/common.nix +++ b/configs/nixos/common.nix @@ -39,7 +39,10 @@ in { }; # packages that should be on every system. - environment.systemPackages = [pkgs.neovim]; + environment.systemPackages = with pkgs; [ + neovim + rsync + ]; programs.zsh.enable = lib.mkDefault true; environment.shells = lib.mkDefault [pkgs.zsh]; diff --git a/configs/nixos/radicale.nix b/configs/nixos/radicale.nix index a965d54..78db55d 100644 --- a/configs/nixos/radicale.nix +++ b/configs/nixos/radicale.nix @@ -5,7 +5,7 @@ lib, ... }: { - services.radicale = { + services.radicale = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "radicale-users"] config) { enable = true; settings = { auth = { diff --git a/configs/nixos/syncthing.nix b/configs/nixos/syncthing.nix new file mode 100644 index 0000000..0e8a001 --- /dev/null +++ b/configs/nixos/syncthing.nix @@ -0,0 +1,20 @@ +{ + config, + pkgs, + inputs, + configLib, + lib, + ... +}: { + services.syncthing = { + enable = true; + user = config.host.user; + group = "users"; + overrideDevices = false; + overrideFolders = false; + openDefaultPorts = true; + systemService = true; + dataDir="/home/${config.host.user}/Sync"; + configDir="/home/${config.host.user}/.local/state/syncthing"; + }; +} diff --git a/flake.lock b/flake.lock index 2dea245..841f85c 100644 --- a/flake.lock +++ b/flake.lock @@ -235,10 +235,10 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1727549679, - "narHash": "sha256-DT1lzefcvuD1uTsOXx8FEv9WPvzsBLvGii3qfOXDPYc=", + "lastModified": 1727698496, + "narHash": "sha256-b16uaykEPD6EtF+wrOqQs90/fx3hiyzw/HqeN/4dxh8=", "ref": "refs/heads/main", - "rev": "c9a8f91ea772be050f4e7442bf1b0e25a3b5c61b", + "rev": "1f3617effd383934816dfe132f83579738be92a6", "shallow": true, "type": "git", "url": "ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git" @@ -251,11 +251,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1727540359, - "narHash": "sha256-U+225h1kJZpWb23+RaX1sBkqC4fA7aa7eBbgiQ5HcO4=", + "lastModified": 1727665282, + "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "fb08bde00c20252b892a3e57fb094eb62b65ba61", + "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5", "type": "github" }, "original": { @@ -278,11 +278,11 @@ ] }, "locked": { - "lastModified": 1727464323, - "narHash": "sha256-XhiLvnM95aNpRm3qJ9hsVV/prin4GVapn4snMN4Ol6k=", + "lastModified": 1727693804, + "narHash": "sha256-Qwd+BzauhSXdtiL172wkp8JYJhe2BXyXkyWqPexytME=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "4aef94d5afb4a791e5e9a3ee844c68ad01f54a14", + "rev": "acb21a72156c5b6e1aa607b9adcbac592bd60862", "type": "github" }, "original": { @@ -343,11 +343,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1727545920, - "narHash": "sha256-iaKcVyyH2F0f8PY7s5jARS1v+vvO5aHVV9rlJEK+/WQ=", + "lastModified": 1727645871, + "narHash": "sha256-Os3PAThU5XliKkKa+SHsFyV/EsCHogHcYONmpzb6500=", "owner": "nix-community", "repo": "nixvim", - "rev": "c06d598315a2f90e59f10a27350b8d1475aa93ee", + "rev": "5f4a4b47597d3b9ac26c41ff4e8da28fa662f200", "type": "github" }, "original": { diff --git a/hosts/cirrostratus/default.nix b/hosts/cirrostratus/default.nix index 491fae0..6c11165 100644 --- a/hosts/cirrostratus/default.nix +++ b/hosts/cirrostratus/default.nix @@ -14,11 +14,13 @@ inputs.nixpkgs.lib.nixosSystem { ./disk-config.nix ./hardware-configuration.nix ./nginx.nix + ./restic.nix ../../configs/nixos/common.nix ../../configs/nixos/tailscale.nix ../../configs/nixos/sshd.nix ../../configs/nixos/secrets.nix ../../configs/nixos/jellyfin.nix + ../../configs/nixos/syncthing.nix ({ config, pkgs, @@ -60,10 +62,6 @@ inputs.nixpkgs.lib.nixosSystem { format = "binary"; owner = config.services.nginx.user; }; - restic-server-credentials = { - sopsFile = "${inputs.nix-secrets}/restic-server"; - format = "binary"; - }; }; }; diff --git a/hosts/cirrostratus/disk-config.nix b/hosts/cirrostratus/disk-config.nix index 675d149..a244546 100644 --- a/hosts/cirrostratus/disk-config.nix +++ b/hosts/cirrostratus/disk-config.nix @@ -70,11 +70,10 @@ }; datasets = { backup = { - type="zfs_fs"; - options={ - mountpoint="/backup"; - compression="zstd"; - quota="6T"; + type = "zfs_fs"; + options = { + mountpoint = "/backup"; + quota = "6T"; }; }; }; diff --git a/hosts/cirrostratus/restic.nix b/hosts/cirrostratus/restic.nix index 6d6cdc9..55bc9b2 100644 --- a/hosts/cirrostratus/restic.nix +++ b/hosts/cirrostratus/restic.nix @@ -7,21 +7,32 @@ }: let port = "8090"; in { - services.restic.server = { + services.restic.server = lib.mkIf (inputs ? nix-secrets) { enable = true; appendOnly = true; dataDir = "/backup/restic"; extraFlags = [ - "--htpasswd-file ${config.sops.secrets.gabevenberg-draft-credentials.path}" - "--private-repos" + # "--htpasswd-file ${config.sops.secrets.restic-server-credentials.path}" + # "--private-repos" ]; listenAddress = "127.0.0.1:${port}"; }; - services.nginx.virtualHosts."restic.gabevenberg.com" = { + services.nginx.virtualHosts."restic.venberg.xyz" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://localhost:${port}"; }; }; + sops = lib.mkIf (inputs ? nix-secrets) { + secrets.restic-server-credentials = { + sopsFile = "${inputs.nix-secrets}/restic-server"; + format = "binary"; + path = "/backup/restic/.htpasswd"; + owner="restic"; + }; + }; + environment.systemPackages = with pkgs; [ + restic + ]; } diff --git a/hosts/cirrus/default.nix b/hosts/cirrus/default.nix index 88195c5..91d4057 100644 --- a/hosts/cirrus/default.nix +++ b/hosts/cirrus/default.nix @@ -12,6 +12,7 @@ inputs.nixpkgs.lib.nixosSystem { inputs.home-manager.nixosModules.home-manager inputs.disko.nixosModules.disko ./disk-config.nix + ./restic.nix ../../roles/nixos/vm.nix ../../configs/nixos/common.nix ../../configs/nixos/tailscale.nix diff --git a/hosts/cirrus/restic.nix b/hosts/cirrus/restic.nix new file mode 100644 index 0000000..ce3df4f --- /dev/null +++ b/hosts/cirrus/restic.nix @@ -0,0 +1,38 @@ +{ + inputs, + config, + pkgs, + lib, + ... +}: { + environment.systemPackages = with pkgs; [ + restic + ]; + + sops = lib.mkIf (inputs ? nix-secrets) { + secrets.restic-url = { + sopsFile = "${inputs.nix-secrets}/restic-client.yaml"; + owner = config.host.user; + }; + secrets.restic-password = { + sopsFile = "${inputs.nix-secrets}/restic-client.yaml"; + owner = config.host.user; + }; + }; + + services.restic.backups = lib.mkIf (inputs ? nix-secrets) { + remote = { + repositoryFile = config.sops.secrets.restic-url.path; + passwordFile = config.sops.secrets.restic-password.path; + initialize = true; + paths = [ + "/var/lib/radicale" + ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + RandomizedDelaySec = "4h"; + }; + }; + }; +} diff --git a/hosts/home-laptop.nix b/hosts/home-laptop.nix index 1e1496e..5a6035a 100644 --- a/hosts/home-laptop.nix +++ b/hosts/home-laptop.nix @@ -34,7 +34,6 @@ inputs.home-manager.lib.homeManagerConfiguration { ../roles/home-manager/terminal.nix ../roles/home-manager/music.nix ../configs/home-manager/common.nix - ../configs/home-manager/syncthing.nix ../configs/home-manager/email.nix ../configs/home-manager/tiny-irc.nix ../configs/home-manager/secrets.nix diff --git a/hosts/home-personal.nix b/hosts/home-personal.nix index 868d988..ee67261 100644 --- a/hosts/home-personal.nix +++ b/hosts/home-personal.nix @@ -33,7 +33,6 @@ inputs.home-manager.lib.homeManagerConfiguration { ../roles/home-manager/terminal.nix ../roles/home-manager/music.nix ../configs/home-manager/common.nix - ../configs/home-manager/syncthing.nix ../configs/home-manager/email.nix ../configs/home-manager/tiny-irc.nix ../configs/home-manager/secrets.nix diff --git a/hosts/home-workstation.nix b/hosts/home-workstation.nix deleted file mode 100644 index a2b7a41..0000000 --- a/hosts/home-workstation.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ - inputs, - configLib, - ... -}: -inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance - extraSpecialArgs = {inherit inputs configLib;}; - modules = [ - inputs.nixvim.homeManagerModules.nixvim - ({ - config, - pkgs, - lib, - configLib, - ... - }: { - # machine specific options - user = { - nvim = { - enable-lsp = true; - enable-treesitter = true; - }; - git = { - profile = { - name = "Gabe Venberg"; - email = "gabevenberg@gmail.com"; - }; - workProfile = { - enable = true; - email = "venberggabe@johndeere.com"; - }; - }; - }; - - targets.genericLinux.enable = true; - home.username = "gabe"; - home.homeDirectory = /home/gabe; - imports = [ - ../roles/home-manager/terminal.nix - ../configs/home-manager/common.nix - ../configs/home-manager/syncthing.nix - ../configs/home-manager/tiny-irc.nix - ../roles/home-manager/music.nix - ../configs/home-manager/secrets.nix - inputs.sops-nix.homeManagerModules.sops - ]; - - sops = lib.mkIf (inputs ? nix-secrets) { - secrets = { - irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml"; - }; - }; - }) - ]; -} diff --git a/hosts/workstation-vm/default.nix b/hosts/workstation-vm/default.nix deleted file mode 100644 index ceaa811..0000000 --- a/hosts/workstation-vm/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - inputs, - configLib, - ... -}: -inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = {inherit inputs configLib;}; - # > Our main nixos configuration file < - modules = [ - inputs.home-manager.nixosModules.home-manager - ./hardware-configuration.nix - ../../roles/nixos/graphical-vm.nix - ../../configs/nixos/printing.nix - ../../configs/nixos/sound.nix - ../../configs/nixos/interactive-networking.nix - ../../configs/nixos/nfsv2.nix - ../../configs/nixos/i3 - ../../configs/nixos/common.nix - ../../configs/nixos/sshd.nix - ({ - config, - pkgs, - lib, - inputs, - configLib, - ... - }: { - host = { - user = "gabe"; - fullName = "Gabe Venberg"; - gui.enable = true; - isVm = true; - }; - networking.hostName = "workstation-vm"; # Define your hostname. - - users.users.${config.host.user} = { - packages = with pkgs; [ - firefox - ]; - }; - - home-manager.users.${config.host.user} = { - inputs, - osConfig, - ... - }: { - host = osConfig.host; - user = { - git = { - profile = { - name = "Gabe Venberg"; - email = "gabevenberg@gmail.com"; - }; - workProfile.enable = false; - }; - }; - imports = [ - ../../roles/home-manager/terminal.nix - ../../configs/home-manager/common.nix - inputs.nixvim.homeManagerModules.nixvim - ]; - }; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? - }) - ]; -} diff --git a/hosts/workstation-vm/hardware-configuration.nix b/hosts/workstation-vm/hardware-configuration.nix deleted file mode 100644 index c8eeb35..0000000 --- a/hosts/workstation-vm/hardware-configuration.nix +++ /dev/null @@ -1,45 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/1127e866-28dc-4c07-92ec-07be4908880c"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/CBA2-8A1E"; - fsType = "vfat"; - }; - - fileSystems."/home/gabe/nix-config-host" = { - device = "nix-config-host"; - fsType = "virtiofs"; - }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/wsl-workstation.nix b/hosts/wsl-workstation.nix deleted file mode 100644 index 4bc20e6..0000000 --- a/hosts/wsl-workstation.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - inputs, - configLib, -}: -inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = {inherit inputs configLib;}; - # > Our main nixos configuration file < - modules = [ - inputs.home-manager.nixosModules.home-manager - inputs.nixos-wsl.nixosModules.default - ../configs/nixos/common.nix - ({ - config, - pkgs, - configLib, - ... - }: { - wsl.enable = true; - wsl.wslConf.network.generateResolvConf = false; - networking.nameservers = ["1.1.1.1" "8.8.8.8"]; - host = { - user = "nixos"; - fullName = "Gabe Venberg"; - }; - networking.hostName = "gv-wsl"; # Define your hostname. - - home-manager.users.${config.host.user} = { - inputs, - osConfig, - ... - }: { - host = osConfig.host; - user = { - nvim = { - enable-lsp = true; - enable-treesitter = true; - }; - git = { - profile = { - name = config.host.fullName; - email = "gabevenberg@gmail.com"; - }; - workProfile.enable = false; - }; - }; - imports = [ - ../roles/home-manager/terminal.nix - ../configs/home-manager/common.nix - inputs.nixvim.homeManagerModules.nixvim - ]; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? - }) - ]; -} diff --git a/modules/home-manager/nvim/lualine.nix b/modules/home-manager/nvim/lualine.nix index 1f629e6..9e6ad64 100644 --- a/modules/home-manager/nvim/lualine.nix +++ b/modules/home-manager/nvim/lualine.nix @@ -63,7 +63,7 @@ lualine_y = []; lualine_z = [ { - __unkeyed="tabs"; + __unkeyed = "tabs"; mode = 2; } ];