2023-08-13 17:08:23 +02:00
|
|
|
# capibara
|
|
|
|
|
|
2023-08-13 12:30:14 +02:00
|
|
|
{ inputs, outputs, config, pkgs, ... }:
|
|
|
|
|
|
2023-07-23 16:53:16 +02:00
|
|
|
{
|
2023-08-13 12:30:14 +02:00
|
|
|
nixpkgs.hostPlatform = "x86_64-linux";
|
|
|
|
|
|
2023-07-30 16:06:59 +02:00
|
|
|
imports = [
|
2023-08-12 15:41:11 +02:00
|
|
|
./hardware-configuration.nix
|
2023-08-12 17:33:27 +02:00
|
|
|
./file-systems.nix
|
2023-08-13 12:30:14 +02:00
|
|
|
./home-manager.nix
|
2023-08-19 18:36:21 +02:00
|
|
|
./snapcast.nix
|
2023-08-13 12:30:14 +02:00
|
|
|
outputs.nixosModules.common
|
|
|
|
|
outputs.nixosModules.desktop
|
2023-07-30 16:06:59 +02:00
|
|
|
];
|
2022-02-23 12:40:21 +01:00
|
|
|
|
2022-01-18 09:32:55 +01:00
|
|
|
networking.networkmanager.wifi.macAddress = "CC:AF:78:75:29:32";
|
|
|
|
|
|
|
|
|
|
programs.steam.enable = true;
|
2022-02-25 18:19:13 +01:00
|
|
|
services.earlyoom.enable = true;
|
|
|
|
|
|
|
|
|
|
# Power management
|
|
|
|
|
powerManagement.enable = true;
|
|
|
|
|
services.upower.enable = true;
|
2022-03-05 18:52:59 +01:00
|
|
|
# services.thermald.enable = true;
|
2022-02-25 18:19:13 +01:00
|
|
|
services.tlp.enable = true;
|
|
|
|
|
services.power-profiles-daemon.enable = false;
|
2023-08-13 12:30:14 +02:00
|
|
|
environment.systemPackages = with pkgs; [ powertop acpi ];
|
2022-02-25 18:19:13 +01:00
|
|
|
|
2023-08-13 17:08:23 +02:00
|
|
|
environment.etc = {
|
|
|
|
|
ssh-pub-key = {
|
|
|
|
|
target = "ssh/ssh_host_ed25519_key.pub";
|
|
|
|
|
source = ./ssh_host_ed25519_key.pub;
|
|
|
|
|
};
|
|
|
|
|
ssh-pub-key-cert = {
|
|
|
|
|
target = "ssh/ssh_host_ed25519_key-cert.pub";
|
|
|
|
|
source = ./ssh_host_ed25519_key-cert.pub;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
age.secrets.ssh-key = {
|
|
|
|
|
file = outputs.secrets.capibara.ssh_host_ed25519_key;
|
|
|
|
|
mode = "400";
|
|
|
|
|
owner = "root";
|
|
|
|
|
group = "root";
|
|
|
|
|
symlink = false;
|
|
|
|
|
path = "/mnt/persist/etc/ssh/ssh_host_ed25519_key";
|
|
|
|
|
};
|
|
|
|
|
|
2022-11-06 13:31:43 +01:00
|
|
|
# todo: target and/or archive
|
2023-03-26 17:00:32 +02:00
|
|
|
services.btrbk.instances = {
|
|
|
|
|
btrbk = {
|
|
|
|
|
onCalendar = "*:0/30"; # every 30 minutes
|
|
|
|
|
settings = {
|
|
|
|
|
snapshot_preserve = "2d";
|
|
|
|
|
snapshot_preserve_min = "latest";
|
|
|
|
|
snapshot_create = "onchange";
|
2023-04-27 17:25:08 +02:00
|
|
|
volume."/mnt/btr_data" = {
|
2023-03-26 17:00:32 +02:00
|
|
|
snapshot_dir = "btrbk_snapshots";
|
|
|
|
|
subvolume = {
|
|
|
|
|
data = { };
|
|
|
|
|
persist = { };
|
|
|
|
|
};
|
2022-11-06 13:31:43 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-03-26 17:00:32 +02:00
|
|
|
|
|
|
|
|
# doas -u btrbk btrbk -c /etc/btrbk/offline-backups.conf --dry-run --progress --verbose run
|
|
|
|
|
offline-backups = {
|
|
|
|
|
onCalendar = null;
|
|
|
|
|
settings = {
|
|
|
|
|
ssh_user = "btrbk";
|
|
|
|
|
ssh_identity = "/etc/btrbk/id_ed25519";
|
|
|
|
|
backend_remote = "btrfs-progs-doas";
|
2023-04-26 11:30:08 +02:00
|
|
|
snapshot_create = "onchange";
|
|
|
|
|
snapshot_preserve_min = "latest";
|
|
|
|
|
target_preserve_min = "all";
|
2023-03-26 17:00:32 +02:00
|
|
|
volume = {
|
|
|
|
|
|
|
|
|
|
"ssh://narwhal:22/mnt/btr_pool" = {
|
2023-04-26 11:30:08 +02:00
|
|
|
stream_buffer = "50%";
|
|
|
|
|
stream_compress = "zstd";
|
|
|
|
|
snapshot_dir = "btrbk_snapshots_offline";
|
2023-03-26 17:00:32 +02:00
|
|
|
subvolume = {
|
|
|
|
|
backups = { };
|
|
|
|
|
books = { };
|
|
|
|
|
certs = { };
|
|
|
|
|
data = { };
|
|
|
|
|
docker_volumes = { };
|
|
|
|
|
home = { };
|
|
|
|
|
http = { };
|
|
|
|
|
music = { };
|
|
|
|
|
secrets = { };
|
|
|
|
|
transmission = { };
|
|
|
|
|
videos = { };
|
|
|
|
|
};
|
|
|
|
|
target = {
|
|
|
|
|
"/mnt/backups/0/btr_backup/narwhal" = { };
|
|
|
|
|
"/mnt/backups/1/btr_backup/narwhal" = { };
|
|
|
|
|
"/mnt/backups/2/btr_backup/narwhal" = { };
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"ssh://suricata:22/mnt/btr_pool" = {
|
2023-04-26 11:30:08 +02:00
|
|
|
stream_buffer = "50%";
|
|
|
|
|
snapshot_dir = "btrbk_snapshots_offline";
|
2023-03-26 17:00:32 +02:00
|
|
|
compat_remote = "busybox";
|
|
|
|
|
subvolume = {
|
|
|
|
|
home = { };
|
|
|
|
|
rancher_config = { };
|
|
|
|
|
backups = { };
|
|
|
|
|
configs = { };
|
|
|
|
|
};
|
|
|
|
|
target = {
|
|
|
|
|
"/mnt/backups/0/btr_backup/suricata" = { };
|
|
|
|
|
"/mnt/backups/1/btr_backup/suricata" = { };
|
|
|
|
|
"/mnt/backups/2/btr_backup/suricata" = { };
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-04-28 14:01:21 +02:00
|
|
|
"ssh://caladan/mnt/btr_pool" = {
|
2023-04-26 11:30:08 +02:00
|
|
|
stream_buffer = "50%";
|
|
|
|
|
snapshot_dir = "btrbk_snapshots_offline";
|
|
|
|
|
compat_remote = "busybox";
|
|
|
|
|
subvolume = {
|
|
|
|
|
certs = { };
|
|
|
|
|
volumes = { };
|
|
|
|
|
};
|
|
|
|
|
target = {
|
|
|
|
|
"/mnt/backups/0/btr_backup/caladan" = { };
|
|
|
|
|
"/mnt/backups/1/btr_backup/caladan" = { };
|
|
|
|
|
"/mnt/backups/2/btr_backup/caladan" = { };
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-04-28 14:01:21 +02:00
|
|
|
"/mnt/btr_data" = {
|
|
|
|
|
snapshot_dir = "btrbk_snapshots_offline";
|
|
|
|
|
subvolume = {
|
|
|
|
|
data = { };
|
|
|
|
|
persist = { };
|
|
|
|
|
};
|
|
|
|
|
target = {
|
|
|
|
|
"/mnt/backups/0/btr_backup/capibara" = { };
|
|
|
|
|
"/mnt/backups/1/btr_backup/capibara" = { };
|
|
|
|
|
"/mnt/backups/2/btr_backup/capibara" = { };
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-04-26 11:30:08 +02:00
|
|
|
};
|
2023-03-26 17:00:32 +02:00
|
|
|
};
|
|
|
|
|
};
|
2022-11-06 13:31:43 +01:00
|
|
|
};
|
|
|
|
|
|
2023-01-07 20:30:41 +01:00
|
|
|
xdg.portal = {
|
|
|
|
|
enable = true;
|
|
|
|
|
wlr.enable = true;
|
2023-08-15 12:31:09 +02:00
|
|
|
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
|
2023-01-07 20:30:41 +01:00
|
|
|
};
|
|
|
|
|
|
2022-01-18 09:32:55 +01:00
|
|
|
networking = {
|
|
|
|
|
hostName = "capibara";
|
|
|
|
|
interfaces = {
|
|
|
|
|
eno0.useDHCP = true;
|
|
|
|
|
wlp2s0.useDHCP = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-08-04 17:45:26 +02:00
|
|
|
system.stateVersion = "23.05";
|
2022-01-18 09:32:55 +01:00
|
|
|
}
|
