Compare commits
4 commits
ebb81d337d
...
b8a24dfc2f
Author | SHA1 | Date | |
---|---|---|---|
|
b8a24dfc2f | ||
30665c65aa | |||
6eb2393d7e | |||
4c2f141db5 |
4 changed files with 86 additions and 66 deletions
|
@ -1,4 +1,4 @@
|
||||||
{ lib, ... }: {
|
{ lib, config, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../common
|
../../common
|
||||||
../../profiles/headless.nix
|
../../profiles/headless.nix
|
||||||
|
@ -13,7 +13,9 @@
|
||||||
};
|
};
|
||||||
kyouma.nginx.defaultForbidden = "florp.social";
|
kyouma.nginx.defaultForbidden = "florp.social";
|
||||||
|
|
||||||
kyouma.restic = {
|
kyouma.restic = let
|
||||||
|
pgBackup = "/var/cache/postgresql.sql";
|
||||||
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
remoteUser = "zh3485s1";
|
remoteUser = "zh3485s1";
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
|
@ -22,9 +24,20 @@
|
||||||
};
|
};
|
||||||
paths = [
|
paths = [
|
||||||
"/var/lib/akkoma"
|
"/var/lib/akkoma"
|
||||||
"/var/lib/postgresql"
|
|
||||||
"/var/lib/secrets"
|
"/var/lib/secrets"
|
||||||
|
pgBackup
|
||||||
];
|
];
|
||||||
|
|
||||||
|
backupPrepareCommand = ''
|
||||||
|
umask 0077
|
||||||
|
rm -f -- ${pgBackup}
|
||||||
|
${pkgs.su}/bin/su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \
|
||||||
|
${config.services.postgresql.superUser} >${pgBackup}
|
||||||
|
'';
|
||||||
|
|
||||||
|
backupCleanupCommand = ''
|
||||||
|
rm -f -- ${pgBackup}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
systemd.network.networks."98-eth-default" = {
|
systemd.network.networks."98-eth-default" = {
|
||||||
address = [
|
address = [
|
||||||
|
|
89
flake.lock
89
flake.lock
|
@ -12,11 +12,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730257295,
|
"lastModified": 1731270564,
|
||||||
"narHash": "sha256-OQl+aAsKiyygvpzck1u0sZf/R4T9zM903CgNDFmmzA8=",
|
"narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
|
||||||
"owner": "zhaofengli",
|
"owner": "zhaofengli",
|
||||||
"repo": "attic",
|
"repo": "attic",
|
||||||
"rev": "48c8b395bfbc6b76c7eae74df6c74351255a095c",
|
"rev": "47752427561f1c34debb16728a210d378f0ece36",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -156,11 +156,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730675461,
|
"lastModified": 1731274291,
|
||||||
"narHash": "sha256-Mhqz3p/HEiI/zxBJWO57LYQf6gGlJB0tci6fiVXLjd8=",
|
"narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "380847d94ff0fedee8b50ee4baddb162c06678df",
|
"rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -437,11 +437,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731185407,
|
"lastModified": 1731279732,
|
||||||
"narHash": "sha256-4LdV+ZK7slyONezfW3aZmBuTt4lnxBTmREemBW7VBtk=",
|
"narHash": "sha256-eZllHPzbjvTNrzImqtDrs0k1LsIIeTlp8MMN9SxMvvE=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "1d3098ad7775426c092a5bd13498d98a8b02b116",
|
"rev": "2f1130b23576a403b9b1d70d6431649bfa044621",
|
||||||
"revCount": 6,
|
"revCount": 8,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://woof.rip/florp/about.git"
|
"url": "https://woof.rip/florp/about.git"
|
||||||
},
|
},
|
||||||
|
@ -503,11 +503,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730302582,
|
"lastModified": 1730814269,
|
||||||
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
|
"narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "git-hooks.nix",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
|
"rev": "d70155fdc00df4628446352fc58adc640cd705c2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -562,11 +562,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730633670,
|
"lastModified": 1731235328,
|
||||||
"narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=",
|
"narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661",
|
"rev": "60bb110917844d354f3c18e05450606a435d2d10",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -613,16 +613,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729544999,
|
"lastModified": 1729958008,
|
||||||
"narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=",
|
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "ixx",
|
"repo": "ixx",
|
||||||
"rev": "65c207c92befec93e22086da9456d3906a4e999c",
|
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"ref": "v0.0.5",
|
"ref": "v0.0.6",
|
||||||
"repo": "ixx",
|
"repo": "ixx",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -713,11 +713,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730448474,
|
"lastModified": 1731153869,
|
||||||
"narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=",
|
"narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e",
|
"rev": "5c74ab862c8070cbf6400128a1b56abb213656da",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -815,11 +815,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730537918,
|
"lastModified": 1730919458,
|
||||||
"narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=",
|
"narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "f6e0cd5c47d150c4718199084e5764f968f1b560",
|
"rev": "e1cc1f6483393634aee94514186d21a4871e78d7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -946,11 +946,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730531603,
|
"lastModified": 1731139594,
|
||||||
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
|
"narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
|
"rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -977,11 +977,11 @@
|
||||||
"treefmt-nix": "treefmt-nix_2"
|
"treefmt-nix": "treefmt-nix_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730569492,
|
"lastModified": 1731281996,
|
||||||
"narHash": "sha256-NByr7l7JetL9kIrdCOcRqBu+lAkruYXETp1DMiDHNQs=",
|
"narHash": "sha256-xdNFY/wcs8i9qluVbTAVh5JLlhI/r4JJfXb0yfEj1Ks=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "6f210158b03b01a1fd44bf3968165e6da80635ce",
|
"rev": "57068f532d5d42601fd74e2b531204fe1cd3a8f2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1000,11 +1000,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730515563,
|
"lastModified": 1731060242,
|
||||||
"narHash": "sha256-8lklUZRV7nwkPLF3roxzi4C2oyLydDXyAzAnDvjkOms=",
|
"narHash": "sha256-43yLsOm/wxBbfYSNDWVJeVv5Ij+23X3BIjFUfsdx/6M=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "search",
|
"repo": "search",
|
||||||
"rev": "9e22bd742480916ff5d0ab20ca2522eaa3fa061e",
|
"rev": "ef493352f9e1f051e01a55c062731503a6b36b4e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1059,11 +1059,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730605784,
|
"lastModified": 1731213149,
|
||||||
"narHash": "sha256-1NveNAMLHbxOg0BpBMSVuZ2yW2PpDnZLbZ25wV50PMc=",
|
"narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "e9b5eef9b51cdf966c76143e13a9476725b2f760",
|
"rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1093,11 +1093,11 @@
|
||||||
"tinted-tmux": "tinted-tmux"
|
"tinted-tmux": "tinted-tmux"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729963473,
|
"lastModified": 1731090365,
|
||||||
"narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=",
|
"narHash": "sha256-ti3gXhgVpIUL/7w6zDJuH+hOnyTZqxrIX/yYqALmiEI=",
|
||||||
"owner": "danth",
|
"owner": "danth",
|
||||||
"repo": "stylix",
|
"repo": "stylix",
|
||||||
"rev": "04afcfc0684d9bbb24bb1dc77afda7c1843ec93b",
|
"rev": "6863412636c8f2cb3b7360f747fbd020fbfddf68",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1169,16 +1169,17 @@
|
||||||
"tinted-foot": {
|
"tinted-foot": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696725948,
|
"lastModified": 1726913040,
|
||||||
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
|
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
|
||||||
"owner": "tinted-theming",
|
"owner": "tinted-theming",
|
||||||
"repo": "tinted-foot",
|
"repo": "tinted-foot",
|
||||||
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
|
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "tinted-theming",
|
"owner": "tinted-theming",
|
||||||
"repo": "tinted-foot",
|
"repo": "tinted-foot",
|
||||||
|
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
{ config, lib, pkgs, utils, ... }: let
|
{ config, lib, options, pkgs, ... }: let
|
||||||
cfg = config.kyouma.restic;
|
cfg = config.kyouma.restic;
|
||||||
in {
|
in {
|
||||||
options.kyouma.restic = let
|
options.kyouma.restic = let
|
||||||
inherit (lib) mkOption types;
|
inherit (lib) mkOption types;
|
||||||
in {
|
in {
|
||||||
|
inherit (options.services.restic.backups.type.getSubOptions [])
|
||||||
|
timerConfig backupPrepareCommand backupCleanupCommand;
|
||||||
enable = lib.mkEnableOption "Enable restic backup";
|
enable = lib.mkEnableOption "Enable restic backup";
|
||||||
paths = mkOption {
|
paths = mkOption {
|
||||||
description = "paths to backup";
|
description = "paths to backup";
|
||||||
|
@ -40,14 +42,6 @@ in {
|
||||||
type = types.nonEmptyStr;
|
type = types.nonEmptyStr;
|
||||||
default = "${config.networking.hostName}-backup";
|
default = "${config.networking.hostName}-backup";
|
||||||
};
|
};
|
||||||
timerConfig = mkOption {
|
|
||||||
description = "timer config";
|
|
||||||
type = with types; nullOr (attrsOf utils.systemdUtils.unitOptions.unitOption);
|
|
||||||
default = {
|
|
||||||
OnCalendar = "daily";
|
|
||||||
Persistent = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
sops.secrets."restic/${cfg.remoteUser}/password" = {
|
sops.secrets."restic/${cfg.remoteUser}/password" = {
|
||||||
|
@ -58,10 +52,15 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
|
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
|
||||||
inherit (cfg) paths user pruneOpts timerConfig;
|
inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand;
|
||||||
initialize = true;
|
initialize = true;
|
||||||
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
|
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
|
||||||
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
|
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
|
||||||
|
extraBackupArgs = [
|
||||||
|
"--compression=max"
|
||||||
|
"--pack-size=128"
|
||||||
|
"--read-concurrency=8"
|
||||||
|
];
|
||||||
extraOptions = let
|
extraOptions = let
|
||||||
knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub);
|
knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub);
|
||||||
sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path;
|
sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path;
|
||||||
|
|
|
@ -21,7 +21,6 @@ merge_theirs () {
|
||||||
}
|
}
|
||||||
|
|
||||||
test_build () {
|
test_build () {
|
||||||
local last_error
|
|
||||||
local build_jobs
|
local build_jobs
|
||||||
|
|
||||||
build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")"
|
build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")"
|
||||||
|
@ -42,10 +41,16 @@ test_build () {
|
||||||
echo "Build ${build} was successful"
|
echo "Build ${build} was successful"
|
||||||
done
|
done
|
||||||
|
|
||||||
last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")"
|
# Idk why this is broken someone should fix me
|
||||||
[[ $last_error -gt $(date +%s) ]] &&
|
# local last_error
|
||||||
echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" &&
|
# local now
|
||||||
exit 1
|
#
|
||||||
|
# last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")"
|
||||||
|
# now="$(date +%s)"
|
||||||
|
#
|
||||||
|
# [[ $last_error -gt $now ]] &&
|
||||||
|
# echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" &&
|
||||||
|
# exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
wait_for_hydra () {
|
wait_for_hydra () {
|
||||||
|
@ -54,15 +59,17 @@ wait_for_hydra () {
|
||||||
local counter
|
local counter
|
||||||
counter=0
|
counter=0
|
||||||
git_rev="$(git -C "${1}/nixfiles" rev-parse update-inputs)"
|
git_rev="$(git -C "${1}/nixfiles" rev-parse update-inputs)"
|
||||||
while true; do
|
while [[ $counter -lt 180 ]]; do
|
||||||
hydra_rev="$(curl -s -L -H "Accept: application/json" "${2}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")"
|
counter=$((counter +1))
|
||||||
|
hydra_rev="$(curl -s -L -H "Accept: application/json" "${2}/evals" | jq -r '.evals | max_by(.id) | .flake' | sed -E "s/.+&rev=(.*)/\1/g")"
|
||||||
if [[ "${git_rev}" == "${hydra_rev}" ]]; then
|
if [[ "${git_rev}" == "${hydra_rev}" ]]; then
|
||||||
echo "Hydra got new commit"
|
echo "Hydra got new commit"
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
sleep 30
|
sleep 5
|
||||||
done
|
done
|
||||||
if [[ $counter -ge 30 ]]; then
|
|
||||||
|
if [[ $counter -ge 180 ]]; then
|
||||||
echo "Hydra no workey"
|
echo "Hydra no workey"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in a new issue