lots of stuff:

Moved syncthing to system service Restic actually works now removed some old system configs. formatting.
2024-09-30 16:06:17 +02:00 · 2024-09-30 16:06:17 +02:00 · f9632c8fc3
commit f9632c8fc3
parent c42e33770e
18 changed files with 99 additions and 291 deletions
--- a/configs/home-manager/mpd.nix
+++ b/configs/home-manager/mpd.nix
@ -12,7 +12,7 @@ in {
    network.startWhenNeeded = true;
    playlistDirectory = "${config.services.mpd.musicDirectory}/.mpd/playlists";
    extraConfig =
-      (''
+      ''
        restore_paused "yes"
        auto_update "yes"
        replaygain "auto"
@ -32,7 +32,7 @@ in {
            path "/tmp/mpd.fifo"
            format "44100:16:2"
        }
-      ''); 
+      '';
  };

  services.mpd-mpris.enable = true;
--- a/configs/home-manager/syncthing.nix
+++ b/configs/home-manager/syncthing.nix
@ -1,8 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  services.syncthing.enable = true;
-}
--- a/configs/nixos/common.nix
+++ b/configs/nixos/common.nix
@ -39,7 +39,10 @@ in {
  };

  # packages that should be on every system.
-  environment.systemPackages = [pkgs.neovim];
+  environment.systemPackages = with pkgs; [
+    neovim
+    rsync
+  ];

  programs.zsh.enable = lib.mkDefault true;
  environment.shells = lib.mkDefault [pkgs.zsh];
--- a/configs/nixos/radicale.nix
+++ b/configs/nixos/radicale.nix
@ -5,7 +5,7 @@
  lib,
  ...
 }: {
-  services.radicale = {
+  services.radicale = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "radicale-users"] config) {
    enable = true;
    settings = {
      auth = {
--- a/configs/nixos/syncthing.nix
+++ b/configs/nixos/syncthing.nix
@ -0,0 +1,20 @@
+{
+  config,
+  pkgs,
+  inputs,
+  configLib,
+  lib,
+  ...
+}: {
+  services.syncthing = {
+    enable = true;
+    user = config.host.user;
+    group = "users";
+    overrideDevices = false;
+    overrideFolders = false;
+    openDefaultPorts = true;
+    systemService = true;
+    dataDir="/home/${config.host.user}/Sync";
+    configDir="/home/${config.host.user}/.local/state/syncthing";
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -235,10 +235,10 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1727549679,
-        "narHash": "sha256-DT1lzefcvuD1uTsOXx8FEv9WPvzsBLvGii3qfOXDPYc=",
+        "lastModified": 1727698496,
+        "narHash": "sha256-b16uaykEPD6EtF+wrOqQs90/fx3hiyzw/HqeN/4dxh8=",
        "ref": "refs/heads/main",
-        "rev": "c9a8f91ea772be050f4e7442bf1b0e25a3b5c61b",
+        "rev": "1f3617effd383934816dfe132f83579738be92a6",
        "shallow": true,
        "type": "git",
        "url": "ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git"
@ -251,11 +251,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1727540359,
-        "narHash": "sha256-U+225h1kJZpWb23+RaX1sBkqC4fA7aa7eBbgiQ5HcO4=",
+        "lastModified": 1727665282,
+        "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "fb08bde00c20252b892a3e57fb094eb62b65ba61",
+        "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5",
        "type": "github"
      },
      "original": {
@ -278,11 +278,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1727464323,
-        "narHash": "sha256-XhiLvnM95aNpRm3qJ9hsVV/prin4GVapn4snMN4Ol6k=",
+        "lastModified": 1727693804,
+        "narHash": "sha256-Qwd+BzauhSXdtiL172wkp8JYJhe2BXyXkyWqPexytME=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "4aef94d5afb4a791e5e9a3ee844c68ad01f54a14",
+        "rev": "acb21a72156c5b6e1aa607b9adcbac592bd60862",
        "type": "github"
      },
      "original": {
@ -343,11 +343,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1727545920,
-        "narHash": "sha256-iaKcVyyH2F0f8PY7s5jARS1v+vvO5aHVV9rlJEK+/WQ=",
+        "lastModified": 1727645871,
+        "narHash": "sha256-Os3PAThU5XliKkKa+SHsFyV/EsCHogHcYONmpzb6500=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "c06d598315a2f90e59f10a27350b8d1475aa93ee",
+        "rev": "5f4a4b47597d3b9ac26c41ff4e8da28fa662f200",
        "type": "github"
      },
      "original": {
--- a/hosts/cirrostratus/default.nix
+++ b/hosts/cirrostratus/default.nix
@ -14,11 +14,13 @@ inputs.nixpkgs.lib.nixosSystem {
    ./disk-config.nix
    ./hardware-configuration.nix
    ./nginx.nix
+    ./restic.nix
    ../../configs/nixos/common.nix
    ../../configs/nixos/tailscale.nix
    ../../configs/nixos/sshd.nix
    ../../configs/nixos/secrets.nix
    ../../configs/nixos/jellyfin.nix
+    ../../configs/nixos/syncthing.nix
    ({
      config,
      pkgs,
@ -60,10 +62,6 @@ inputs.nixpkgs.lib.nixosSystem {
            format = "binary";
            owner = config.services.nginx.user;
          };
-          restic-server-credentials = {
-            sopsFile = "${inputs.nix-secrets}/restic-server";
-            format = "binary";
-          };
        };
      };

--- a/hosts/cirrostratus/disk-config.nix
+++ b/hosts/cirrostratus/disk-config.nix
@ -70,11 +70,10 @@
        };
        datasets = {
          backup = {
-            type="zfs_fs";
-            options={
-              mountpoint="/backup";
-              compression="zstd";
-              quota="6T";
+            type = "zfs_fs";
+            options = {
+              mountpoint = "/backup";
+              quota = "6T";
            };
          };
        };
--- a/hosts/cirrostratus/restic.nix
+++ b/hosts/cirrostratus/restic.nix
@ -7,21 +7,28 @@
 }: let
  port = "8090";
 in {
-  services.restic.server = {
+  services.restic.server = lib.mkIf (inputs ? nix-secrets) {
    enable = true;
    appendOnly = true;
    dataDir = "/backup/restic";
-    extraFlags = [
-      "--htpasswd-file ${config.sops.secrets.gabevenberg-draft-credentials.path}"
-      "--private-repos"
-    ];
    listenAddress = "127.0.0.1:${port}";
  };
-  services.nginx.virtualHosts."restic.gabevenberg.com" = {
+  services.nginx.virtualHosts."restic.venberg.xyz" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://localhost:${port}";
    };
  };
+  sops = lib.mkIf (inputs ? nix-secrets) {
+    secrets.restic-server-credentials = {
+      sopsFile = "${inputs.nix-secrets}/restic-server";
+      format = "binary";
+      path = "/backup/restic/.htpasswd";
+      owner="restic";
+    };
+  };
+  environment.systemPackages = with pkgs; [
+    restic
+  ];
 }
--- a/hosts/cirrus/default.nix
+++ b/hosts/cirrus/default.nix
@ -12,6 +12,7 @@ inputs.nixpkgs.lib.nixosSystem {
    inputs.home-manager.nixosModules.home-manager
    inputs.disko.nixosModules.disko
    ./disk-config.nix
+    ./restic.nix
    ../../roles/nixos/vm.nix
    ../../configs/nixos/common.nix
    ../../configs/nixos/tailscale.nix
--- a/hosts/cirrus/restic.nix
+++ b/hosts/cirrus/restic.nix
@ -0,0 +1,38 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    restic
+  ];
+
+  sops = lib.mkIf (inputs ? nix-secrets) {
+    secrets.restic-url = {
+      sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
+      owner = config.host.user;
+    };
+    secrets.restic-password = {
+      sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
+      owner = config.host.user;
+    };
+  };
+
+  services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
+    remote = {
+      repositoryFile = config.sops.secrets.restic-url.path;
+      passwordFile = config.sops.secrets.restic-password.path;
+      initialize = true;
+      paths = [
+        "/var/lib/radicale"
+      ];
+      timerConfig = {
+        OnCalendar = "daily";
+        Persistent = true;
+        RandomizedDelaySec = "4h";
+      };
+    };
+  };
+}
--- a/hosts/home-laptop.nix
+++ b/hosts/home-laptop.nix
@ -34,7 +34,6 @@ inputs.home-manager.lib.homeManagerConfiguration {
        ../roles/home-manager/terminal.nix
        ../roles/home-manager/music.nix
        ../configs/home-manager/common.nix
-        ../configs/home-manager/syncthing.nix
        ../configs/home-manager/email.nix
        ../configs/home-manager/tiny-irc.nix
        ../configs/home-manager/secrets.nix
--- a/hosts/home-personal.nix
+++ b/hosts/home-personal.nix
@ -33,7 +33,6 @@ inputs.home-manager.lib.homeManagerConfiguration {
        ../roles/home-manager/terminal.nix
        ../roles/home-manager/music.nix
        ../configs/home-manager/common.nix
-        ../configs/home-manager/syncthing.nix
        ../configs/home-manager/email.nix
        ../configs/home-manager/tiny-irc.nix
        ../configs/home-manager/secrets.nix
--- a/hosts/home-workstation.nix
+++ b/hosts/home-workstation.nix
@ -1,56 +0,0 @@
-{
-  inputs,
-  configLib,
-  ...
-}:
-inputs.home-manager.lib.homeManagerConfiguration {
-  pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
-  extraSpecialArgs = {inherit inputs configLib;};
-  modules = [
-    inputs.nixvim.homeManagerModules.nixvim
-    ({
-      config,
-      pkgs,
-      lib,
-      configLib,
-      ...
-    }: {
-      # machine specific options
-      user = {
-        nvim = {
-          enable-lsp = true;
-          enable-treesitter = true;
-        };
-        git = {
-          profile = {
-            name = "Gabe Venberg";
-            email = "gabevenberg@gmail.com";
-          };
-          workProfile = {
-            enable = true;
-            email = "venberggabe@johndeere.com";
-          };
-        };
-      };
-
-      targets.genericLinux.enable = true;
-      home.username = "gabe";
-      home.homeDirectory = /home/gabe;
-      imports = [
-        ../roles/home-manager/terminal.nix
-        ../configs/home-manager/common.nix
-        ../configs/home-manager/syncthing.nix
-        ../configs/home-manager/tiny-irc.nix
-        ../roles/home-manager/music.nix
-        ../configs/home-manager/secrets.nix
-        inputs.sops-nix.homeManagerModules.sops
-      ];
-
-      sops = lib.mkIf (inputs ? nix-secrets) {
-        secrets = {
-          irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
-        };
-      };
-    })
-  ];
-}
--- a/hosts/workstation-vm/default.nix
+++ b/hosts/workstation-vm/default.nix
@ -1,84 +0,0 @@
-{
-  inputs,
-  configLib,
-  ...
-}:
-inputs.nixpkgs.lib.nixosSystem {
-  system = "x86_64-linux";
-  specialArgs = {inherit inputs configLib;};
-  # > Our main nixos configuration file <
-  modules = [
-    inputs.home-manager.nixosModules.home-manager
-    ./hardware-configuration.nix
-    ../../roles/nixos/graphical-vm.nix
-    ../../configs/nixos/printing.nix
-    ../../configs/nixos/sound.nix
-    ../../configs/nixos/interactive-networking.nix
-    ../../configs/nixos/nfsv2.nix
-    ../../configs/nixos/i3
-    ../../configs/nixos/common.nix
-    ../../configs/nixos/sshd.nix
-    ({
-      config,
-      pkgs,
-      lib,
-      inputs,
-      configLib,
-      ...
-    }: {
-      host = {
-        user = "gabe";
-        fullName = "Gabe Venberg";
-        gui.enable = true;
-        isVm = true;
-      };
-      networking.hostName = "workstation-vm"; # Define your hostname.
-
-      users.users.${config.host.user} = {
-        packages = with pkgs; [
-          firefox
-        ];
-      };
-
-      home-manager.users.${config.host.user} = {
-        inputs,
-        osConfig,
-        ...
-      }: {
-        host = osConfig.host;
-        user = {
-          git = {
-            profile = {
-              name = "Gabe Venberg";
-              email = "gabevenberg@gmail.com";
-            };
-            workProfile.enable = false;
-          };
-        };
-        imports = [
-          ../../roles/home-manager/terminal.nix
-          ../../configs/home-manager/common.nix
-          inputs.nixvim.homeManagerModules.nixvim
-        ];
-      };
-
-      # Bootloader.
-      boot.loader.systemd-boot.enable = true;
-      boot.loader.efi.canTouchEfiVariables = true;
-
-      # Open ports in the firewall.
-      # networking.firewall.allowedTCPPorts = [ ... ];
-      # networking.firewall.allowedUDPPorts = [ ... ];
-      # Or disable the firewall altogether.
-      # networking.firewall.enable = false;
-
-      # This value determines the NixOS release from which the default
-      # settings for stateful data, like file locations and database versions
-      # on your system were taken. It‘s perfectly fine and recommended to leave
-      # this value at the release version of the first install of this system.
-      # Before changing this value read the documentation for this option
-      # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-      system.stateVersion = "23.11"; # Did you read the comment?
-    })
-  ];
-}
--- a/hosts/workstation-vm/hardware-configuration.nix
+++ b/hosts/workstation-vm/hardware-configuration.nix
@ -1,45 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/1127e866-28dc-4c07-92ec-07be4908880c";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/CBA2-8A1E";
-    fsType = "vfat";
-  };
-
-  fileSystems."/home/gabe/nix-config-host" = {
-    device = "nix-config-host";
-    fsType = "virtiofs";
-  };
-
-  swapDevices = [];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
--- a/hosts/wsl-workstation.nix
+++ b/hosts/wsl-workstation.nix
@ -1,63 +0,0 @@
-{
-  inputs,
-  configLib,
-}:
-inputs.nixpkgs.lib.nixosSystem {
-  system = "x86_64-linux";
-  specialArgs = {inherit inputs configLib;};
-  # > Our main nixos configuration file <
-  modules = [
-    inputs.home-manager.nixosModules.home-manager
-    inputs.nixos-wsl.nixosModules.default
-    ../configs/nixos/common.nix
-    ({
-      config,
-      pkgs,
-      configLib,
-      ...
-    }: {
-      wsl.enable = true;
-      wsl.wslConf.network.generateResolvConf = false;
-      networking.nameservers = ["1.1.1.1" "8.8.8.8"];
-      host = {
-        user = "nixos";
-        fullName = "Gabe Venberg";
-      };
-      networking.hostName = "gv-wsl"; # Define your hostname.
-
-      home-manager.users.${config.host.user} = {
-        inputs,
-        osConfig,
-        ...
-      }: {
-        host = osConfig.host;
-        user = {
-          nvim = {
-            enable-lsp = true;
-            enable-treesitter = true;
-          };
-          git = {
-            profile = {
-              name = config.host.fullName;
-              email = "gabevenberg@gmail.com";
-            };
-            workProfile.enable = false;
-          };
-        };
-        imports = [
-          ../roles/home-manager/terminal.nix
-          ../configs/home-manager/common.nix
-          inputs.nixvim.homeManagerModules.nixvim
-        ];
-      };
-
-      # This value determines the NixOS release from which the default
-      # settings for stateful data, like file locations and database versions
-      # on your system were taken. It‘s perfectly fine and recommended to leave
-      # this value at the release version of the first install of this system.
-      # Before changing this value read the documentation for this option
-      # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-      system.stateVersion = "23.11"; # Did you read the comment?
-    })
-  ];
-}
--- a/modules/home-manager/nvim/lualine.nix
+++ b/modules/home-manager/nvim/lualine.nix
@ -63,7 +63,7 @@
            lualine_y = [];
            lualine_z = [
              {
-                __unkeyed="tabs";
+                __unkeyed = "tabs";
                mode = 2;
              }
            ];