From 9fee8ef0e69a0d8800c8e2d29b95f7ae176c0340 Mon Sep 17 00:00:00 2001 From: Tyler Mayoff Date: Tue, 1 Oct 2024 14:22:04 +0000 Subject: [PATCH] Updated nixos config and setup backups --- .../home-manager/nixos/mal/configuration.nix | 40 ++++++++++--------- .../mal/encrypted_private_secrets.sh.age | 22 +++++----- .../nixos/mal/hardware-configuration.nix | 5 +++ 3 files changed, 37 insertions(+), 30 deletions(-) diff --git a/dot_config/home-manager/nixos/mal/configuration.nix b/dot_config/home-manager/nixos/mal/configuration.nix index 21f0b8d..433a752 100644 --- a/dot_config/home-manager/nixos/mal/configuration.nix +++ b/dot_config/home-manager/nixos/mal/configuration.nix @@ -4,11 +4,13 @@ { inputs, outputs, - config, + # config, lib, pkgs, ... -}: { +}: let + secrets = builtins.readFile ./secrets.sh; +in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -43,13 +45,12 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; -services.pcscd.enable = true; -programs.gnupg.agent = { - enable = true; - pinentryPackage = pkgs.pinentry-curses; - enableSSHSupport = true; -}; - + services.pcscd.enable = true; + programs.gnupg.agent = { + enable = true; + pinentryPackage = pkgs.pinentry-curses; + enableSSHSupport = true; + }; networking.hostName = "mal"; # Define your hostname. # Pick only one of the below networking options. @@ -120,7 +121,7 @@ programs.gnupg.agent = { # enableSSHSupport = true; # }; - systemd.timers."backup-serenity"= { + systemd.timers."backup-serenity" = { timerConfig = { OnCalendar = "monthly"; Persistent = true; @@ -128,20 +129,23 @@ programs.gnupg.agent = { }; }; - systemd.services."backup-serenity"= { + systemd.services."backup-serenity" = { script = '' # Remove keys + + ${secrets} + printf "\nBacking up nextcloud \n" - ${pkgs.restic} -r "$RESTIC_REPOSITORY/NextCloud" backup --verbose --no-scan /mnt/user/NextCloud - ${pkgs.restic} -r "$RESTIC_REPOSITORY/NextCloud" check --verbose + ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/NextCloud" backup --verbose --no-scan /mnt/user/NextCloud + ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/NextCloud" check --verbose printf "\nBacking up Backups \n" - ${pkgs.restic} -r "$RESTIC_REPOSITORY/Backups" backup --verbose --no-scan /mnt/user/Backups - ${pkgs.restic} -r "$RESTIC_REPOSITORY/Backups" check --verbose + ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/Backups" backup --verbose --no-scan /mnt/user/Backups + ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/Backups" check --verbose printf "\nBacking up appdata \n" - ${pkgs.restic} -r "$RESTIC_REPOSITORY/Appdata" backup --verbose --no-scan /mnt/user/appdata - ${pkgs.restic} -r "$RESTIC_REPOSITORY/Appdata" check --verbose + ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/Appdata" backup --verbose --no-scan /mnt/user/appdata + ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/Appdata" check --verbose ''; serviceConfig = { Type = "oneshot"; @@ -149,8 +153,6 @@ programs.gnupg.agent = { }; }; - - programs.fish.enable = true; # List services that you want to enable: diff --git a/dot_config/home-manager/nixos/mal/encrypted_private_secrets.sh.age b/dot_config/home-manager/nixos/mal/encrypted_private_secrets.sh.age index 094b448..432dc22 100644 --- a/dot_config/home-manager/nixos/mal/encrypted_private_secrets.sh.age +++ b/dot_config/home-manager/nixos/mal/encrypted_private_secrets.sh.age @@ -1,13 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQm1wWWlOVlMraTFMSURL -cE9DRVRpS2pDYzF1bUFLTHR4YTZTeTg2aFYwClhOeEoyVVlPMjBudTdESHlPL1hW -TDBhVTR1VjAwNEVTelFQWk5vQ05hRFkKLS0tIFpjMWE5N1pSbWpSclN2SDJUVTY4 -clYxcEhiSG83MmZnQWZzZnlOeElCRVkKkSJT9akYclj0GXWaNQMsC0dGpql6Iejl -o2d16fbtgpv7NpE83yUXUYCoPT5PK5y5Y0OMTkIEcCANHvb4sNvQgfabkrI1SR3X -StGS7Mvaw7H/gUxevIjPRntxZake8TOknOTBUvccLafLKWrKH27IHDgEoksLet5u -l1n1iIoT6N+LYb9eN/Ob6P5uXMhx8L/hFFbwZm2A4KroiCYxbnr+zsspAxWjTs97 -BL+Bi6xBXPDg4a7XGZ7/TJXiK3p21Bw2S94gMQ3ZZKvCLYmmRZCSpWQcTQuGrP3a -B46xp8ftBHf/3IYvQ2xxmFZaX62xs6nRPVBuIBIeCQioaA7TjssLz3HfU2sVL89j -KMsnAc0bYFpjwl6tkKQu73BCJBPITE3YZpwvoRM9A1gtCjzm0X0FIixFPAk3c9vn -G4S9XHgDM9k= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQW1XRFcwWUlUR0dDUkdl +WXFiamhsc0FGU3R6NDhMTTRjYllRTlR4MGxrCnpjbzQzSXJ2VU9oWGFiTTNlMGZY +Y3ZQSUdpUVh4bWFCZVAxNTR2V2VWd28KLS0tIFlHck11dEVyVFdxcVdsY2tVT1hs +Q1pWNWtZOGhZTTJBSGd2VlZmeTNBZTQK9bx0M1AecvHhyWDvwkh0ngY7Wvzx3XvY +LLG4avljxdm80KmwdWyNQquCI9iYrwwVp+vM/O4kPHul1gBGNXw3BlsihaLrqzGO +0NtiXEf8t/HNwFxaLCYO1SbcOkId44iXFDUnNlzf+Xvx+XPVM2l0KehZz38OCcIu +8Q0MVdADp3VOIaUtIqn0JUVPQlJUPnsJTmDpIZ8wvRHn4+9n4goPacVZuxUy/EQ2 +XtDRqbdP2grheQR6i5ICqu4uhpPMlPbde5BpkDTm8Zk53wonrZyYkqRxeupFkkeb +5VO+fo7r6s3HN2xI5vSAA0/PLFswd2KBQdSWmck6gvLJtikeDr6eyBEAcCIeDpPD +fFQ+ejr3xMGUmwwR/kR4OIHuHlAS02Ja1VIOuDp7Nd95eI85wbuxJ3F4Gc56eg9h +CbScScf4iLc= -----END AGE ENCRYPTED FILE----- diff --git a/dot_config/home-manager/nixos/mal/hardware-configuration.nix b/dot_config/home-manager/nixos/mal/hardware-configuration.nix index 823f79b..36e5ad2 100644 --- a/dot_config/home-manager/nixos/mal/hardware-configuration.nix +++ b/dot_config/home-manager/nixos/mal/hardware-configuration.nix @@ -28,6 +28,11 @@ options = ["fmask=0022" "dmask=0022"]; }; + fileSystems."/mnt/user" = { + device = "array"; + fsType = "9p"; + }; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking