Updated nixos config and setup backups

2025-12-06 08:48:34 -05:00 · 2024-10-01 14:22:04 +00:00 · 2024-10-01 14:22:04 +00:00 · 9fee8ef0e6
commit 9fee8ef0e6
parent 12e8363bdb
3 changed files with 37 additions and 30 deletions
--- a/dot_config/home-manager/nixos/mal/configuration.nix
+++ b/dot_config/home-manager/nixos/mal/configuration.nix
@ -4,11 +4,13 @@
 {
  inputs,
  outputs,
-  config,
+  # config,
  lib,
  pkgs,
  ...
-}: {
+}: let
+  secrets = builtins.readFile ./secrets.sh;
+in {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
@ -43,13 +45,12 @@
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

-services.pcscd.enable = true;
-programs.gnupg.agent = {
-   enable = true;
-   pinentryPackage = pkgs.pinentry-curses;
-   enableSSHSupport = true;
-};
-
+  services.pcscd.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-curses;
+    enableSSHSupport = true;
+  };

  networking.hostName = "mal"; # Define your hostname.
  # Pick only one of the below networking options.
@ -120,7 +121,7 @@ programs.gnupg.agent = {
  #   enableSSHSupport = true;
  # };

-  systemd.timers."backup-serenity"= {
+  systemd.timers."backup-serenity" = {
    timerConfig = {
      OnCalendar = "monthly";
      Persistent = true;
@ -128,20 +129,23 @@ programs.gnupg.agent = {
    };
  };

-  systemd.services."backup-serenity"= {
+  systemd.services."backup-serenity" = {
    script = ''
      # Remove keys
+
+      ${secrets}
+
      printf "\nBacking up nextcloud \n"
-      ${pkgs.restic} -r "$RESTIC_REPOSITORY/NextCloud" backup --verbose --no-scan /mnt/user/NextCloud
-      ${pkgs.restic} -r "$RESTIC_REPOSITORY/NextCloud" check --verbose
+      ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/NextCloud" backup --verbose --no-scan /mnt/user/NextCloud
+      ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/NextCloud" check --verbose

      printf "\nBacking up Backups \n"
-      ${pkgs.restic} -r "$RESTIC_REPOSITORY/Backups" backup --verbose --no-scan /mnt/user/Backups
-      ${pkgs.restic} -r "$RESTIC_REPOSITORY/Backups" check --verbose
+      ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/Backups" backup --verbose --no-scan /mnt/user/Backups
+      ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/Backups" check --verbose

      printf "\nBacking up appdata \n"
-      ${pkgs.restic} -r "$RESTIC_REPOSITORY/Appdata" backup --verbose --no-scan /mnt/user/appdata
-      ${pkgs.restic} -r "$RESTIC_REPOSITORY/Appdata" check --verbose
+      ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/Appdata" backup --verbose --no-scan /mnt/user/appdata
+      ${pkgs.restic}/bin/restic -r "$RESTIC_REPOSITORY/Appdata" check --verbose
    '';
    serviceConfig = {
      Type = "oneshot";
@ -149,8 +153,6 @@ programs.gnupg.agent = {
    };
  };

-  
-
  programs.fish.enable = true;

  # List services that you want to enable:
--- a/dot_config/home-manager/nixos/mal/encrypted_private_secrets.sh.age
+++ b/dot_config/home-manager/nixos/mal/encrypted_private_secrets.sh.age
@ -1,13 +1,13 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQm1wWWlOVlMraTFMSURL
-cE9DRVRpS2pDYzF1bUFLTHR4YTZTeTg2aFYwClhOeEoyVVlPMjBudTdESHlPL1hW
-TDBhVTR1VjAwNEVTelFQWk5vQ05hRFkKLS0tIFpjMWE5N1pSbWpSclN2SDJUVTY4
-clYxcEhiSG83MmZnQWZzZnlOeElCRVkKkSJT9akYclj0GXWaNQMsC0dGpql6Iejl
-o2d16fbtgpv7NpE83yUXUYCoPT5PK5y5Y0OMTkIEcCANHvb4sNvQgfabkrI1SR3X
-StGS7Mvaw7H/gUxevIjPRntxZake8TOknOTBUvccLafLKWrKH27IHDgEoksLet5u
-l1n1iIoT6N+LYb9eN/Ob6P5uXMhx8L/hFFbwZm2A4KroiCYxbnr+zsspAxWjTs97
-BL+Bi6xBXPDg4a7XGZ7/TJXiK3p21Bw2S94gMQ3ZZKvCLYmmRZCSpWQcTQuGrP3a
-B46xp8ftBHf/3IYvQ2xxmFZaX62xs6nRPVBuIBIeCQioaA7TjssLz3HfU2sVL89j
-KMsnAc0bYFpjwl6tkKQu73BCJBPITE3YZpwvoRM9A1gtCjzm0X0FIixFPAk3c9vn
-G4S9XHgDM9k=
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQW1XRFcwWUlUR0dDUkdl
+WXFiamhsc0FGU3R6NDhMTTRjYllRTlR4MGxrCnpjbzQzSXJ2VU9oWGFiTTNlMGZY
+Y3ZQSUdpUVh4bWFCZVAxNTR2V2VWd28KLS0tIFlHck11dEVyVFdxcVdsY2tVT1hs
+Q1pWNWtZOGhZTTJBSGd2VlZmeTNBZTQK9bx0M1AecvHhyWDvwkh0ngY7Wvzx3XvY
+LLG4avljxdm80KmwdWyNQquCI9iYrwwVp+vM/O4kPHul1gBGNXw3BlsihaLrqzGO
+0NtiXEf8t/HNwFxaLCYO1SbcOkId44iXFDUnNlzf+Xvx+XPVM2l0KehZz38OCcIu
+8Q0MVdADp3VOIaUtIqn0JUVPQlJUPnsJTmDpIZ8wvRHn4+9n4goPacVZuxUy/EQ2
+XtDRqbdP2grheQR6i5ICqu4uhpPMlPbde5BpkDTm8Zk53wonrZyYkqRxeupFkkeb
+5VO+fo7r6s3HN2xI5vSAA0/PLFswd2KBQdSWmck6gvLJtikeDr6eyBEAcCIeDpPD
+fFQ+ejr3xMGUmwwR/kR4OIHuHlAS02Ja1VIOuDp7Nd95eI85wbuxJ3F4Gc56eg9h
+CbScScf4iLc=
 -----END AGE ENCRYPTED FILE-----
--- a/dot_config/home-manager/nixos/mal/hardware-configuration.nix
+++ b/dot_config/home-manager/nixos/mal/hardware-configuration.nix
@ -28,6 +28,11 @@
    options = ["fmask=0022" "dmask=0022"];
  };

+  fileSystems."/mnt/user" = {
+    device = "array";
+    fsType = "9p";
+  };
+
  swapDevices = [];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking