lots of stuff:

Moved syncthing to system service
Restic actually works now
removed some old system configs.
formatting.
This commit is contained in:
Gabe Venberg 2024-09-30 16:06:17 +02:00
parent c42e33770e
commit f9632c8fc3
18 changed files with 99 additions and 291 deletions

View file

@ -12,7 +12,7 @@ in {
network.startWhenNeeded = true; network.startWhenNeeded = true;
playlistDirectory = "${config.services.mpd.musicDirectory}/.mpd/playlists"; playlistDirectory = "${config.services.mpd.musicDirectory}/.mpd/playlists";
extraConfig = extraConfig =
('' ''
restore_paused "yes" restore_paused "yes"
auto_update "yes" auto_update "yes"
replaygain "auto" replaygain "auto"
@ -23,7 +23,7 @@ in {
name "PipeWire Sound Server" name "PipeWire Sound Server"
} }
'' ''
+ lib.optionalString visualizer + lib.optionalString visualizer
'' ''
#for ncmpcpp visualizer #for ncmpcpp visualizer
audio_output { audio_output {
@ -32,7 +32,7 @@ in {
path "/tmp/mpd.fifo" path "/tmp/mpd.fifo"
format "44100:16:2" format "44100:16:2"
} }
''); '';
}; };
services.mpd-mpris.enable = true; services.mpd-mpris.enable = true;

View file

@ -1,8 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
services.syncthing.enable = true;
}

View file

@ -39,7 +39,10 @@ in {
}; };
# packages that should be on every system. # packages that should be on every system.
environment.systemPackages = [pkgs.neovim]; environment.systemPackages = with pkgs; [
neovim
rsync
];
programs.zsh.enable = lib.mkDefault true; programs.zsh.enable = lib.mkDefault true;
environment.shells = lib.mkDefault [pkgs.zsh]; environment.shells = lib.mkDefault [pkgs.zsh];

View file

@ -5,7 +5,7 @@
lib, lib,
... ...
}: { }: {
services.radicale = { services.radicale = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "radicale-users"] config) {
enable = true; enable = true;
settings = { settings = {
auth = { auth = {

View file

@ -0,0 +1,20 @@
{
config,
pkgs,
inputs,
configLib,
lib,
...
}: {
services.syncthing = {
enable = true;
user = config.host.user;
group = "users";
overrideDevices = false;
overrideFolders = false;
openDefaultPorts = true;
systemService = true;
dataDir="/home/${config.host.user}/Sync";
configDir="/home/${config.host.user}/.local/state/syncthing";
};
}

View file

@ -235,10 +235,10 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1727549679, "lastModified": 1727698496,
"narHash": "sha256-DT1lzefcvuD1uTsOXx8FEv9WPvzsBLvGii3qfOXDPYc=", "narHash": "sha256-b16uaykEPD6EtF+wrOqQs90/fx3hiyzw/HqeN/4dxh8=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "c9a8f91ea772be050f4e7442bf1b0e25a3b5c61b", "rev": "1f3617effd383934816dfe132f83579738be92a6",
"shallow": true, "shallow": true,
"type": "git", "type": "git",
"url": "ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git" "url": "ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git"
@ -251,11 +251,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1727540359, "lastModified": 1727665282,
"narHash": "sha256-U+225h1kJZpWb23+RaX1sBkqC4fA7aa7eBbgiQ5HcO4=", "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "fb08bde00c20252b892a3e57fb094eb62b65ba61", "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -278,11 +278,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727464323, "lastModified": 1727693804,
"narHash": "sha256-XhiLvnM95aNpRm3qJ9hsVV/prin4GVapn4snMN4Ol6k=", "narHash": "sha256-Qwd+BzauhSXdtiL172wkp8JYJhe2BXyXkyWqPexytME=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "4aef94d5afb4a791e5e9a3ee844c68ad01f54a14", "rev": "acb21a72156c5b6e1aa607b9adcbac592bd60862",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -343,11 +343,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1727545920, "lastModified": 1727645871,
"narHash": "sha256-iaKcVyyH2F0f8PY7s5jARS1v+vvO5aHVV9rlJEK+/WQ=", "narHash": "sha256-Os3PAThU5XliKkKa+SHsFyV/EsCHogHcYONmpzb6500=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "c06d598315a2f90e59f10a27350b8d1475aa93ee", "rev": "5f4a4b47597d3b9ac26c41ff4e8da28fa662f200",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -14,11 +14,13 @@ inputs.nixpkgs.lib.nixosSystem {
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
./nginx.nix ./nginx.nix
./restic.nix
../../configs/nixos/common.nix ../../configs/nixos/common.nix
../../configs/nixos/tailscale.nix ../../configs/nixos/tailscale.nix
../../configs/nixos/sshd.nix ../../configs/nixos/sshd.nix
../../configs/nixos/secrets.nix ../../configs/nixos/secrets.nix
../../configs/nixos/jellyfin.nix ../../configs/nixos/jellyfin.nix
../../configs/nixos/syncthing.nix
({ ({
config, config,
pkgs, pkgs,
@ -60,10 +62,6 @@ inputs.nixpkgs.lib.nixosSystem {
format = "binary"; format = "binary";
owner = config.services.nginx.user; owner = config.services.nginx.user;
}; };
restic-server-credentials = {
sopsFile = "${inputs.nix-secrets}/restic-server";
format = "binary";
};
}; };
}; };

View file

@ -70,11 +70,10 @@
}; };
datasets = { datasets = {
backup = { backup = {
type="zfs_fs"; type = "zfs_fs";
options={ options = {
mountpoint="/backup"; mountpoint = "/backup";
compression="zstd"; quota = "6T";
quota="6T";
}; };
}; };
}; };

View file

@ -7,21 +7,28 @@
}: let }: let
port = "8090"; port = "8090";
in { in {
services.restic.server = { services.restic.server = lib.mkIf (inputs ? nix-secrets) {
enable = true; enable = true;
appendOnly = true; appendOnly = true;
dataDir = "/backup/restic"; dataDir = "/backup/restic";
extraFlags = [
"--htpasswd-file ${config.sops.secrets.gabevenberg-draft-credentials.path}"
"--private-repos"
];
listenAddress = "127.0.0.1:${port}"; listenAddress = "127.0.0.1:${port}";
}; };
services.nginx.virtualHosts."restic.gabevenberg.com" = { services.nginx.virtualHosts."restic.venberg.xyz" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${port}"; proxyPass = "http://localhost:${port}";
}; };
}; };
sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-server-credentials = {
sopsFile = "${inputs.nix-secrets}/restic-server";
format = "binary";
path = "/backup/restic/.htpasswd";
owner="restic";
};
};
environment.systemPackages = with pkgs; [
restic
];
} }

View file

@ -12,6 +12,7 @@ inputs.nixpkgs.lib.nixosSystem {
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
./disk-config.nix ./disk-config.nix
./restic.nix
../../roles/nixos/vm.nix ../../roles/nixos/vm.nix
../../configs/nixos/common.nix ../../configs/nixos/common.nix
../../configs/nixos/tailscale.nix ../../configs/nixos/tailscale.nix

38
hosts/cirrus/restic.nix Normal file
View file

@ -0,0 +1,38 @@
{
inputs,
config,
pkgs,
lib,
...
}: {
environment.systemPackages = with pkgs; [
restic
];
sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-url = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
};
secrets.restic-password = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
};
};
services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
remote = {
repositoryFile = config.sops.secrets.restic-url.path;
passwordFile = config.sops.secrets.restic-password.path;
initialize = true;
paths = [
"/var/lib/radicale"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
};
};
};
}

View file

@ -34,7 +34,6 @@ inputs.home-manager.lib.homeManagerConfiguration {
../roles/home-manager/terminal.nix ../roles/home-manager/terminal.nix
../roles/home-manager/music.nix ../roles/home-manager/music.nix
../configs/home-manager/common.nix ../configs/home-manager/common.nix
../configs/home-manager/syncthing.nix
../configs/home-manager/email.nix ../configs/home-manager/email.nix
../configs/home-manager/tiny-irc.nix ../configs/home-manager/tiny-irc.nix
../configs/home-manager/secrets.nix ../configs/home-manager/secrets.nix

View file

@ -33,7 +33,6 @@ inputs.home-manager.lib.homeManagerConfiguration {
../roles/home-manager/terminal.nix ../roles/home-manager/terminal.nix
../roles/home-manager/music.nix ../roles/home-manager/music.nix
../configs/home-manager/common.nix ../configs/home-manager/common.nix
../configs/home-manager/syncthing.nix
../configs/home-manager/email.nix ../configs/home-manager/email.nix
../configs/home-manager/tiny-irc.nix ../configs/home-manager/tiny-irc.nix
../configs/home-manager/secrets.nix ../configs/home-manager/secrets.nix

View file

@ -1,56 +0,0 @@
{
inputs,
configLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;};
modules = [
inputs.nixvim.homeManagerModules.nixvim
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options
user = {
nvim = {
enable-lsp = true;
enable-treesitter = true;
};
git = {
profile = {
name = "Gabe Venberg";
email = "gabevenberg@gmail.com";
};
workProfile = {
enable = true;
email = "venberggabe@johndeere.com";
};
};
};
targets.genericLinux.enable = true;
home.username = "gabe";
home.homeDirectory = /home/gabe;
imports = [
../roles/home-manager/terminal.nix
../configs/home-manager/common.nix
../configs/home-manager/syncthing.nix
../configs/home-manager/tiny-irc.nix
../roles/home-manager/music.nix
../configs/home-manager/secrets.nix
inputs.sops-nix.homeManagerModules.sops
];
sops = lib.mkIf (inputs ? nix-secrets) {
secrets = {
irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
};
};
})
];
}

View file

@ -1,84 +0,0 @@
{
inputs,
configLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
./hardware-configuration.nix
../../roles/nixos/graphical-vm.nix
../../configs/nixos/printing.nix
../../configs/nixos/sound.nix
../../configs/nixos/interactive-networking.nix
../../configs/nixos/nfsv2.nix
../../configs/nixos/i3
../../configs/nixos/common.nix
../../configs/nixos/sshd.nix
({
config,
pkgs,
lib,
inputs,
configLib,
...
}: {
host = {
user = "gabe";
fullName = "Gabe Venberg";
gui.enable = true;
isVm = true;
};
networking.hostName = "workstation-vm"; # Define your hostname.
users.users.${config.host.user} = {
packages = with pkgs; [
firefox
];
};
home-manager.users.${config.host.user} = {
inputs,
osConfig,
...
}: {
host = osConfig.host;
user = {
git = {
profile = {
name = "Gabe Venberg";
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;
};
};
imports = [
../../roles/home-manager/terminal.nix
../../configs/home-manager/common.nix
inputs.nixvim.homeManagerModules.nixvim
];
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
})
];
}

View file

@ -1,45 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/1127e866-28dc-4c07-92ec-07be4908880c";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/CBA2-8A1E";
fsType = "vfat";
};
fileSystems."/home/gabe/nix-config-host" = {
device = "nix-config-host";
fsType = "virtiofs";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -1,63 +0,0 @@
{
inputs,
configLib,
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.nixos-wsl.nixosModules.default
../configs/nixos/common.nix
({
config,
pkgs,
configLib,
...
}: {
wsl.enable = true;
wsl.wslConf.network.generateResolvConf = false;
networking.nameservers = ["1.1.1.1" "8.8.8.8"];
host = {
user = "nixos";
fullName = "Gabe Venberg";
};
networking.hostName = "gv-wsl"; # Define your hostname.
home-manager.users.${config.host.user} = {
inputs,
osConfig,
...
}: {
host = osConfig.host;
user = {
nvim = {
enable-lsp = true;
enable-treesitter = true;
};
git = {
profile = {
name = config.host.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;
};
};
imports = [
../roles/home-manager/terminal.nix
../configs/home-manager/common.nix
inputs.nixvim.homeManagerModules.nixvim
];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
})
];
}

View file

@ -63,7 +63,7 @@
lualine_y = []; lualine_y = [];
lualine_z = [ lualine_z = [
{ {
__unkeyed="tabs"; __unkeyed = "tabs";
mode = 2; mode = 2;
} }
]; ];