Compare commits
3 commits
main
...
update-inp
Author | SHA1 | Date | |
---|---|---|---|
|
92ebed3b2e | ||
af12d13e25 | |||
12c66d1be7 |
3 changed files with 65 additions and 57 deletions
|
@ -1,4 +1,4 @@
|
||||||
{ lib, ... }: {
|
{ lib, config, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../common
|
../../common
|
||||||
../../profiles/headless.nix
|
../../profiles/headless.nix
|
||||||
|
@ -13,7 +13,9 @@
|
||||||
};
|
};
|
||||||
kyouma.nginx.defaultForbidden = "florp.social";
|
kyouma.nginx.defaultForbidden = "florp.social";
|
||||||
|
|
||||||
kyouma.restic = {
|
kyouma.restic = let
|
||||||
|
pgBackup = "/var/cache/postgresql.sql";
|
||||||
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
remoteUser = "zh3485s1";
|
remoteUser = "zh3485s1";
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
|
@ -22,9 +24,20 @@
|
||||||
};
|
};
|
||||||
paths = [
|
paths = [
|
||||||
"/var/lib/akkoma"
|
"/var/lib/akkoma"
|
||||||
"/var/lib/postgresql"
|
|
||||||
"/var/lib/secrets"
|
"/var/lib/secrets"
|
||||||
|
pgBackup
|
||||||
];
|
];
|
||||||
|
|
||||||
|
backupPrepareCommand = ''
|
||||||
|
umask 0077
|
||||||
|
rm -f -- ${pgBackup}
|
||||||
|
su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \
|
||||||
|
${config.services.postgresql.superUser} >${pgBackup}
|
||||||
|
'';
|
||||||
|
|
||||||
|
backupCleanupCommand = ''
|
||||||
|
rm -f -- ${pgBackup}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
systemd.network.networks."98-eth-default" = {
|
systemd.network.networks."98-eth-default" = {
|
||||||
address = [
|
address = [
|
||||||
|
|
89
flake.lock
89
flake.lock
|
@ -12,11 +12,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730257295,
|
"lastModified": 1731270564,
|
||||||
"narHash": "sha256-OQl+aAsKiyygvpzck1u0sZf/R4T9zM903CgNDFmmzA8=",
|
"narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
|
||||||
"owner": "zhaofengli",
|
"owner": "zhaofengli",
|
||||||
"repo": "attic",
|
"repo": "attic",
|
||||||
"rev": "48c8b395bfbc6b76c7eae74df6c74351255a095c",
|
"rev": "47752427561f1c34debb16728a210d378f0ece36",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -156,11 +156,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730675461,
|
"lastModified": 1731060864,
|
||||||
"narHash": "sha256-Mhqz3p/HEiI/zxBJWO57LYQf6gGlJB0tci6fiVXLjd8=",
|
"narHash": "sha256-aYE7oAYZ+gPU1mPNhM0JwLAQNgjf0/JK1BF1ln2KBgk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "380847d94ff0fedee8b50ee4baddb162c06678df",
|
"rev": "5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -437,11 +437,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731185407,
|
"lastModified": 1731187545,
|
||||||
"narHash": "sha256-4LdV+ZK7slyONezfW3aZmBuTt4lnxBTmREemBW7VBtk=",
|
"narHash": "sha256-n/BOlXvOcX5yn2mbjazfCcbojzczCdmcjQNaH7Dcdd4=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "1d3098ad7775426c092a5bd13498d98a8b02b116",
|
"rev": "1845276697adca236be3e7a983238d2a2d0d57b5",
|
||||||
"revCount": 6,
|
"revCount": 7,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://woof.rip/florp/about.git"
|
"url": "https://woof.rip/florp/about.git"
|
||||||
},
|
},
|
||||||
|
@ -503,11 +503,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730302582,
|
"lastModified": 1730814269,
|
||||||
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
|
"narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "git-hooks.nix",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
|
"rev": "d70155fdc00df4628446352fc58adc640cd705c2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -562,11 +562,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730633670,
|
"lastModified": 1731235328,
|
||||||
"narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=",
|
"narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661",
|
"rev": "60bb110917844d354f3c18e05450606a435d2d10",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -613,16 +613,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729544999,
|
"lastModified": 1729958008,
|
||||||
"narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=",
|
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "ixx",
|
"repo": "ixx",
|
||||||
"rev": "65c207c92befec93e22086da9456d3906a4e999c",
|
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"ref": "v0.0.5",
|
"ref": "v0.0.6",
|
||||||
"repo": "ixx",
|
"repo": "ixx",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -713,11 +713,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730448474,
|
"lastModified": 1731153869,
|
||||||
"narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=",
|
"narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e",
|
"rev": "5c74ab862c8070cbf6400128a1b56abb213656da",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -815,11 +815,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730537918,
|
"lastModified": 1730919458,
|
||||||
"narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=",
|
"narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "f6e0cd5c47d150c4718199084e5764f968f1b560",
|
"rev": "e1cc1f6483393634aee94514186d21a4871e78d7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -946,11 +946,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730531603,
|
"lastModified": 1731139594,
|
||||||
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
|
"narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
|
"rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -977,11 +977,11 @@
|
||||||
"treefmt-nix": "treefmt-nix_2"
|
"treefmt-nix": "treefmt-nix_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730569492,
|
"lastModified": 1731155487,
|
||||||
"narHash": "sha256-NByr7l7JetL9kIrdCOcRqBu+lAkruYXETp1DMiDHNQs=",
|
"narHash": "sha256-+D57j7BcV5O3XH9za3c3XXVLHr+F+enThAN2EeF6H/M=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "6f210158b03b01a1fd44bf3968165e6da80635ce",
|
"rev": "31364af1990067d5529846a2ebf17a42c5ab22ff",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1000,11 +1000,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730515563,
|
"lastModified": 1731060242,
|
||||||
"narHash": "sha256-8lklUZRV7nwkPLF3roxzi4C2oyLydDXyAzAnDvjkOms=",
|
"narHash": "sha256-43yLsOm/wxBbfYSNDWVJeVv5Ij+23X3BIjFUfsdx/6M=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "search",
|
"repo": "search",
|
||||||
"rev": "9e22bd742480916ff5d0ab20ca2522eaa3fa061e",
|
"rev": "ef493352f9e1f051e01a55c062731503a6b36b4e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1059,11 +1059,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730605784,
|
"lastModified": 1731213149,
|
||||||
"narHash": "sha256-1NveNAMLHbxOg0BpBMSVuZ2yW2PpDnZLbZ25wV50PMc=",
|
"narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "e9b5eef9b51cdf966c76143e13a9476725b2f760",
|
"rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1093,11 +1093,11 @@
|
||||||
"tinted-tmux": "tinted-tmux"
|
"tinted-tmux": "tinted-tmux"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729963473,
|
"lastModified": 1731090365,
|
||||||
"narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=",
|
"narHash": "sha256-ti3gXhgVpIUL/7w6zDJuH+hOnyTZqxrIX/yYqALmiEI=",
|
||||||
"owner": "danth",
|
"owner": "danth",
|
||||||
"repo": "stylix",
|
"repo": "stylix",
|
||||||
"rev": "04afcfc0684d9bbb24bb1dc77afda7c1843ec93b",
|
"rev": "6863412636c8f2cb3b7360f747fbd020fbfddf68",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1169,16 +1169,17 @@
|
||||||
"tinted-foot": {
|
"tinted-foot": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696725948,
|
"lastModified": 1726913040,
|
||||||
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
|
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
|
||||||
"owner": "tinted-theming",
|
"owner": "tinted-theming",
|
||||||
"repo": "tinted-foot",
|
"repo": "tinted-foot",
|
||||||
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
|
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "tinted-theming",
|
"owner": "tinted-theming",
|
||||||
"repo": "tinted-foot",
|
"repo": "tinted-foot",
|
||||||
|
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
{ config, lib, pkgs, utils, ... }: let
|
{ config, lib, options, pkgs, ... }: let
|
||||||
cfg = config.kyouma.restic;
|
cfg = config.kyouma.restic;
|
||||||
in {
|
in {
|
||||||
options.kyouma.restic = let
|
options.kyouma.restic = let
|
||||||
inherit (lib) mkOption types;
|
inherit (lib) mkOption types;
|
||||||
in {
|
in {
|
||||||
|
inherit (options.services.restic.backups.type.getSubOptions [])
|
||||||
|
timerConfig backupPrepareCommand backupCleanupCommand;
|
||||||
enable = lib.mkEnableOption "Enable restic backup";
|
enable = lib.mkEnableOption "Enable restic backup";
|
||||||
paths = mkOption {
|
paths = mkOption {
|
||||||
description = "paths to backup";
|
description = "paths to backup";
|
||||||
|
@ -40,14 +42,6 @@ in {
|
||||||
type = types.nonEmptyStr;
|
type = types.nonEmptyStr;
|
||||||
default = "${config.networking.hostName}-backup";
|
default = "${config.networking.hostName}-backup";
|
||||||
};
|
};
|
||||||
timerConfig = mkOption {
|
|
||||||
description = "timer config";
|
|
||||||
type = with types; nullOr (attrsOf utils.systemdUtils.unitOptions.unitOption);
|
|
||||||
default = {
|
|
||||||
OnCalendar = "daily";
|
|
||||||
Persistent = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
sops.secrets."restic/${cfg.remoteUser}/password" = {
|
sops.secrets."restic/${cfg.remoteUser}/password" = {
|
||||||
|
@ -58,7 +52,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
|
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
|
||||||
inherit (cfg) paths user pruneOpts timerConfig;
|
inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand;
|
||||||
initialize = true;
|
initialize = true;
|
||||||
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
|
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
|
||||||
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
|
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
|
||||||
|
|
Loading…
Reference in a new issue