lots of stuff:

Moved syncthing to system service
Restic actually works now
removed some old system configs.
formatting.

configs/home-manager/mpd.nix

@@ -12,7 +12,7 @@ in {
     network.startWhenNeeded = true;
     playlistDirectory = "${config.services.mpd.musicDirectory}/.mpd/playlists";
     extraConfig =
-      (''
+      ''
         restore_paused "yes"
         auto_update "yes"
         replaygain "auto"
@@ -32,7 +32,7 @@ in {
             path "/tmp/mpd.fifo"
             format "44100:16:2"
         }
-      ''); 
+      '';
   };
 
   services.mpd-mpris.enable = true;

configs/home-manager/syncthing.nix

@@ -1,8 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  services.syncthing.enable = true;
-}

configs/nixos/common.nix

@@ -39,7 +39,10 @@ in {
   };
 
   # packages that should be on every system.
-  environment.systemPackages = [pkgs.neovim];
+  environment.systemPackages = with pkgs; [
+    neovim
+    rsync
+  ];
 
   programs.zsh.enable = lib.mkDefault true;
   environment.shells = lib.mkDefault [pkgs.zsh];

configs/nixos/radicale.nix

@@ -5,7 +5,7 @@
   lib,
   ...
 }: {
-  services.radicale = {
+  services.radicale = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "radicale-users"] config) {
     enable = true;
     settings = {
       auth = {

configs/nixos/syncthing.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  pkgs,
+  inputs,
+  configLib,
+  lib,
+  ...
+}: {
+  services.syncthing = {
+    enable = true;
+    user = config.host.user;
+    group = "users";
+    overrideDevices = false;
+    overrideFolders = false;
+    openDefaultPorts = true;
+    systemService = true;
+    dataDir="/home/${config.host.user}/Sync";
+    configDir="/home/${config.host.user}/.local/state/syncthing";
+  };
+}

flake.lock

@@ -235,10 +235,10 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1727549679,
+        "lastModified": 1727698496,
-        "narHash": "sha256-DT1lzefcvuD1uTsOXx8FEv9WPvzsBLvGii3qfOXDPYc=",
+        "narHash": "sha256-b16uaykEPD6EtF+wrOqQs90/fx3hiyzw/HqeN/4dxh8=",
         "ref": "refs/heads/main",
-        "rev": "c9a8f91ea772be050f4e7442bf1b0e25a3b5c61b",
+        "rev": "1f3617effd383934816dfe132f83579738be92a6",
         "shallow": true,
         "type": "git",
         "url": "ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git"
@@ -251,11 +251,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1727540359,
+        "lastModified": 1727665282,
-        "narHash": "sha256-U+225h1kJZpWb23+RaX1sBkqC4fA7aa7eBbgiQ5HcO4=",
+        "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "fb08bde00c20252b892a3e57fb094eb62b65ba61",
+        "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5",
         "type": "github"
       },
       "original": {
@@ -278,11 +278,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1727464323,
+        "lastModified": 1727693804,
-        "narHash": "sha256-XhiLvnM95aNpRm3qJ9hsVV/prin4GVapn4snMN4Ol6k=",
+        "narHash": "sha256-Qwd+BzauhSXdtiL172wkp8JYJhe2BXyXkyWqPexytME=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "4aef94d5afb4a791e5e9a3ee844c68ad01f54a14",
+        "rev": "acb21a72156c5b6e1aa607b9adcbac592bd60862",
         "type": "github"
       },
       "original": {
@@ -343,11 +343,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1727545920,
+        "lastModified": 1727645871,
-        "narHash": "sha256-iaKcVyyH2F0f8PY7s5jARS1v+vvO5aHVV9rlJEK+/WQ=",
+        "narHash": "sha256-Os3PAThU5XliKkKa+SHsFyV/EsCHogHcYONmpzb6500=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "c06d598315a2f90e59f10a27350b8d1475aa93ee",
+        "rev": "5f4a4b47597d3b9ac26c41ff4e8da28fa662f200",
         "type": "github"
       },
       "original": {

hosts/cirrostratus/default.nix

@@ -14,11 +14,13 @@ inputs.nixpkgs.lib.nixosSystem {
     ./disk-config.nix
     ./hardware-configuration.nix
     ./nginx.nix
+    ./restic.nix
     ../../configs/nixos/common.nix
     ../../configs/nixos/tailscale.nix
     ../../configs/nixos/sshd.nix
     ../../configs/nixos/secrets.nix
     ../../configs/nixos/jellyfin.nix
+    ../../configs/nixos/syncthing.nix
     ({
       config,
       pkgs,
@@ -60,10 +62,6 @@ inputs.nixpkgs.lib.nixosSystem {
             format = "binary";
             owner = config.services.nginx.user;
           };
-          restic-server-credentials = {
-            sopsFile = "${inputs.nix-secrets}/restic-server";
-            format = "binary";
-          };
         };
       };
 

hosts/cirrostratus/disk-config.nix

@@ -73,7 +73,6 @@
             type = "zfs_fs";
             options = {
               mountpoint = "/backup";
-              compression="zstd";
               quota = "6T";
             };
           };

hosts/cirrostratus/restic.nix

@@ -7,21 +7,32 @@
 }: let
   port = "8090";
 in {
-  services.restic.server = {
+  services.restic.server = lib.mkIf (inputs ? nix-secrets) {
     enable = true;
     appendOnly = true;
     dataDir = "/backup/restic";
     extraFlags = [
-      "--htpasswd-file ${config.sops.secrets.gabevenberg-draft-credentials.path}"
+      # "--htpasswd-file ${config.sops.secrets.restic-server-credentials.path}"
-      "--private-repos"
+      # "--private-repos"
     ];
     listenAddress = "127.0.0.1:${port}";
   };
-  services.nginx.virtualHosts."restic.gabevenberg.com" = {
+  services.nginx.virtualHosts."restic.venberg.xyz" = {
     enableACME = true;
     forceSSL = true;
     locations."/" = {
       proxyPass = "http://localhost:${port}";
     };
   };
+  sops = lib.mkIf (inputs ? nix-secrets) {
+    secrets.restic-server-credentials = {
+      sopsFile = "${inputs.nix-secrets}/restic-server";
+      format = "binary";
+      path = "/backup/restic/.htpasswd";
+      owner="restic";
+    };
+  };
+  environment.systemPackages = with pkgs; [
+    restic
+  ];
 }

hosts/cirrus/default.nix

@@ -12,6 +12,7 @@ inputs.nixpkgs.lib.nixosSystem {
     inputs.home-manager.nixosModules.home-manager
     inputs.disko.nixosModules.disko
     ./disk-config.nix
+    ./restic.nix
     ../../roles/nixos/vm.nix
     ../../configs/nixos/common.nix
     ../../configs/nixos/tailscale.nix

hosts/cirrus/restic.nix

@@ -0,0 +1,38 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    restic
+  ];
+
+  sops = lib.mkIf (inputs ? nix-secrets) {
+    secrets.restic-url = {
+      sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
+      owner = config.host.user;
+    };
+    secrets.restic-password = {
+      sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
+      owner = config.host.user;
+    };
+  };
+
+  services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
+    remote = {
+      repositoryFile = config.sops.secrets.restic-url.path;
+      passwordFile = config.sops.secrets.restic-password.path;
+      initialize = true;
+      paths = [
+        "/var/lib/radicale"
+      ];
+      timerConfig = {
+        OnCalendar = "daily";
+        Persistent = true;
+        RandomizedDelaySec = "4h";
+      };
+    };
+  };
+}

hosts/home-laptop.nix

@@ -34,7 +34,6 @@ inputs.home-manager.lib.homeManagerConfiguration {
         ../roles/home-manager/terminal.nix
         ../roles/home-manager/music.nix
         ../configs/home-manager/common.nix
-        ../configs/home-manager/syncthing.nix
         ../configs/home-manager/email.nix
         ../configs/home-manager/tiny-irc.nix
         ../configs/home-manager/secrets.nix

hosts/home-personal.nix

@@ -33,7 +33,6 @@ inputs.home-manager.lib.homeManagerConfiguration {
         ../roles/home-manager/terminal.nix
         ../roles/home-manager/music.nix
         ../configs/home-manager/common.nix
-        ../configs/home-manager/syncthing.nix
         ../configs/home-manager/email.nix
         ../configs/home-manager/tiny-irc.nix
         ../configs/home-manager/secrets.nix

hosts/home-workstation.nix

@@ -1,56 +0,0 @@
-{
-  inputs,
-  configLib,
-  ...
-}:
-inputs.home-manager.lib.homeManagerConfiguration {
-  pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
-  extraSpecialArgs = {inherit inputs configLib;};
-  modules = [
-    inputs.nixvim.homeManagerModules.nixvim
-    ({
-      config,
-      pkgs,
-      lib,
-      configLib,
-      ...
-    }: {
-      # machine specific options
-      user = {
-        nvim = {
-          enable-lsp = true;
-          enable-treesitter = true;
-        };
-        git = {
-          profile = {
-            name = "Gabe Venberg";
-            email = "gabevenberg@gmail.com";
-          };
-          workProfile = {
-            enable = true;
-            email = "venberggabe@johndeere.com";
-          };
-        };
-      };
-
-      targets.genericLinux.enable = true;
-      home.username = "gabe";
-      home.homeDirectory = /home/gabe;
-      imports = [
-        ../roles/home-manager/terminal.nix
-        ../configs/home-manager/common.nix
-        ../configs/home-manager/syncthing.nix
-        ../configs/home-manager/tiny-irc.nix
-        ../roles/home-manager/music.nix
-        ../configs/home-manager/secrets.nix
-        inputs.sops-nix.homeManagerModules.sops
-      ];
-
-      sops = lib.mkIf (inputs ? nix-secrets) {
-        secrets = {
-          irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
-        };
-      };
-    })
-  ];
-}

hosts/workstation-vm/default.nix

@@ -1,84 +0,0 @@
-{
-  inputs,
-  configLib,
-  ...
-}:
-inputs.nixpkgs.lib.nixosSystem {
-  system = "x86_64-linux";
-  specialArgs = {inherit inputs configLib;};
-  # > Our main nixos configuration file <
-  modules = [
-    inputs.home-manager.nixosModules.home-manager
-    ./hardware-configuration.nix
-    ../../roles/nixos/graphical-vm.nix
-    ../../configs/nixos/printing.nix
-    ../../configs/nixos/sound.nix
-    ../../configs/nixos/interactive-networking.nix
-    ../../configs/nixos/nfsv2.nix
-    ../../configs/nixos/i3
-    ../../configs/nixos/common.nix
-    ../../configs/nixos/sshd.nix
-    ({
-      config,
-      pkgs,
-      lib,
-      inputs,
-      configLib,
-      ...
-    }: {
-      host = {
-        user = "gabe";
-        fullName = "Gabe Venberg";
-        gui.enable = true;
-        isVm = true;
-      };
-      networking.hostName = "workstation-vm"; # Define your hostname.
-
-      users.users.${config.host.user} = {
-        packages = with pkgs; [
-          firefox
-        ];
-      };
-
-      home-manager.users.${config.host.user} = {
-        inputs,
-        osConfig,
-        ...
-      }: {
-        host = osConfig.host;
-        user = {
-          git = {
-            profile = {
-              name = "Gabe Venberg";
-              email = "gabevenberg@gmail.com";
-            };
-            workProfile.enable = false;
-          };
-        };
-        imports = [
-          ../../roles/home-manager/terminal.nix
-          ../../configs/home-manager/common.nix
-          inputs.nixvim.homeManagerModules.nixvim
-        ];
-      };
-
-      # Bootloader.
-      boot.loader.systemd-boot.enable = true;
-      boot.loader.efi.canTouchEfiVariables = true;
-
-      # Open ports in the firewall.
-      # networking.firewall.allowedTCPPorts = [ ... ];
-      # networking.firewall.allowedUDPPorts = [ ... ];
-      # Or disable the firewall altogether.
-      # networking.firewall.enable = false;
-
-      # This value determines the NixOS release from which the default
-      # settings for stateful data, like file locations and database versions
-      # on your system were taken. It‘s perfectly fine and recommended to leave
-      # this value at the release version of the first install of this system.
-      # Before changing this value read the documentation for this option
-      # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-      system.stateVersion = "23.11"; # Did you read the comment?
-    })
-  ];
-}

hosts/workstation-vm/hardware-configuration.nix

@@ -1,45 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/1127e866-28dc-4c07-92ec-07be4908880c";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/CBA2-8A1E";
-    fsType = "vfat";
-  };
-
-  fileSystems."/home/gabe/nix-config-host" = {
-    device = "nix-config-host";
-    fsType = "virtiofs";
-  };
-
-  swapDevices = [];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}

hosts/wsl-workstation.nix

@@ -1,63 +0,0 @@
-{
-  inputs,
-  configLib,
-}:
-inputs.nixpkgs.lib.nixosSystem {
-  system = "x86_64-linux";
-  specialArgs = {inherit inputs configLib;};
-  # > Our main nixos configuration file <
-  modules = [
-    inputs.home-manager.nixosModules.home-manager
-    inputs.nixos-wsl.nixosModules.default
-    ../configs/nixos/common.nix
-    ({
-      config,
-      pkgs,
-      configLib,
-      ...
-    }: {
-      wsl.enable = true;
-      wsl.wslConf.network.generateResolvConf = false;
-      networking.nameservers = ["1.1.1.1" "8.8.8.8"];
-      host = {
-        user = "nixos";
-        fullName = "Gabe Venberg";
-      };
-      networking.hostName = "gv-wsl"; # Define your hostname.
-
-      home-manager.users.${config.host.user} = {
-        inputs,
-        osConfig,
-        ...
-      }: {
-        host = osConfig.host;
-        user = {
-          nvim = {
-            enable-lsp = true;
-            enable-treesitter = true;
-          };
-          git = {
-            profile = {
-              name = config.host.fullName;
-              email = "gabevenberg@gmail.com";
-            };
-            workProfile.enable = false;
-          };
-        };
-        imports = [
-          ../roles/home-manager/terminal.nix
-          ../configs/home-manager/common.nix
-          inputs.nixvim.homeManagerModules.nixvim
-        ];
-      };
-
-      # This value determines the NixOS release from which the default
-      # settings for stateful data, like file locations and database versions
-      # on your system were taken. It‘s perfectly fine and recommended to leave
-      # this value at the release version of the first install of this system.
-      # Before changing this value read the documentation for this option
-      # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-      system.stateVersion = "23.11"; # Did you read the comment?
-    })
-  ];
-}