2022-01-18 09:32:55 +01:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
2022-03-05 18:52:59 +01:00
|
|
|
|
{ config, pkgs, stablePkgs, impermanence, ... }:
|
2022-02-23 12:40:21 +01:00
|
|
|
|
|
2023-03-26 17:00:32 +02:00
|
|
|
|
let
|
|
|
|
|
home = "/home/rilla";
|
2023-04-26 11:30:08 +02:00
|
|
|
|
offline-backups = pkgs.writeScriptBin "offline-backups" ''
|
2023-03-26 17:00:32 +02:00
|
|
|
|
#!${pkgs.dash}/bin/dash
|
|
|
|
|
|
|
|
|
|
set -xe
|
|
|
|
|
|
|
|
|
|
for x in 0 1 2; do
|
|
|
|
|
${pkgs.systemd}/bin/systemctl start "mnt-backups-''${x}.mount"
|
|
|
|
|
done && \
|
|
|
|
|
/run/wrappers/bin/doas -u btrbk \
|
|
|
|
|
${pkgs.btrbk}/bin/btrbk \
|
2023-04-26 11:30:08 +02:00
|
|
|
|
--config /etc/btrbk/offline-backups.conf \
|
2023-03-26 17:00:32 +02:00
|
|
|
|
--progress \
|
|
|
|
|
--verbose \
|
2023-04-26 11:30:08 +02:00
|
|
|
|
"$@"
|
2023-03-26 17:00:32 +02:00
|
|
|
|
'';
|
2022-05-12 11:00:26 +02:00
|
|
|
|
|
2023-07-23 16:53:16 +02:00
|
|
|
|
in
|
|
|
|
|
{
|
2023-07-30 16:06:59 +02:00
|
|
|
|
imports = [
|
2023-08-02 13:13:19 +02:00
|
|
|
|
../../hardware-configuration/capibara.nix
|
|
|
|
|
../../common
|
|
|
|
|
../../common/desktop.nix
|
2023-07-30 16:06:59 +02:00
|
|
|
|
];
|
2022-02-23 12:40:21 +01:00
|
|
|
|
|
2022-03-05 18:52:59 +01:00
|
|
|
|
home-manager = {
|
2023-07-30 16:06:59 +02:00
|
|
|
|
users.rilla.imports = [
|
2023-08-02 13:13:19 +02:00
|
|
|
|
../../home/capibara.nix
|
2023-07-30 16:06:59 +02:00
|
|
|
|
"${impermanence}/home-manager.nix"
|
|
|
|
|
];
|
2022-03-05 18:52:59 +01:00
|
|
|
|
};
|
2022-01-25 12:27:52 +01:00
|
|
|
|
|
2022-05-12 11:00:26 +02:00
|
|
|
|
fileSystems = {
|
2023-07-30 16:06:59 +02:00
|
|
|
|
"/" = {
|
|
|
|
|
device = "tmpfs";
|
|
|
|
|
fsType = "tmpfs";
|
|
|
|
|
options = [ "defaults" "size=2G" "mode=755" ];
|
|
|
|
|
};
|
2022-11-06 13:00:02 +01:00
|
|
|
|
|
|
|
|
|
"/mnt/btr_root" = {
|
|
|
|
|
device = "/dev/mapper/root";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvolid=5" "compress=zstd" ];
|
|
|
|
|
};
|
|
|
|
|
|
2023-04-27 14:59:47 +02:00
|
|
|
|
"/mnt/btr_data" = {
|
|
|
|
|
device = "/dev/mapper/data";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvolid=5" "compress=zstd" ];
|
|
|
|
|
};
|
|
|
|
|
|
2022-11-13 15:59:57 +01:00
|
|
|
|
"/mnt/persist" = {
|
2023-04-27 14:59:47 +02:00
|
|
|
|
device = "/dev/mapper/data";
|
2022-05-12 11:00:26 +02:00
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=persist" "compress=zstd" ];
|
|
|
|
|
neededForBoot = true;
|
|
|
|
|
};
|
|
|
|
|
|
2022-11-13 15:59:57 +01:00
|
|
|
|
"/mnt/logs" = {
|
2022-05-25 09:58:20 +02:00
|
|
|
|
device = "/dev/mapper/root";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=logs" "compress=zstd" ];
|
|
|
|
|
neededForBoot = true;
|
|
|
|
|
};
|
|
|
|
|
|
2022-11-13 15:59:57 +01:00
|
|
|
|
"/mnt/data" = {
|
2023-04-27 14:59:47 +02:00
|
|
|
|
device = "/dev/mapper/data";
|
2022-05-25 09:58:20 +02:00
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=data" "compress=zstd" ];
|
|
|
|
|
neededForBoot = true;
|
|
|
|
|
};
|
|
|
|
|
|
2023-08-01 12:10:35 +02:00
|
|
|
|
"/mnt/secrets" = {
|
|
|
|
|
device = "narwhal:/secrets";
|
|
|
|
|
fsType = "nfs";
|
|
|
|
|
options = [ "noauto" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"/mnt/secrets/gnupg" = {
|
|
|
|
|
device = "/dev/mapper/gnupg_secrets";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "noauto" ];
|
|
|
|
|
};
|
|
|
|
|
|
2022-05-12 11:00:26 +02:00
|
|
|
|
"/nix" = {
|
|
|
|
|
device = "/dev/mapper/root";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=nix" "compress=zstd" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"/boot" = {
|
2023-04-27 14:59:47 +02:00
|
|
|
|
device = "/dev/disk/by-uuid/c99d1f1b-45a4-4a25-b5b8-bc76464c6825";
|
|
|
|
|
fsType = "ext4";
|
2022-05-12 11:00:26 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"/swap" = {
|
|
|
|
|
device = "/dev/mapper/root";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=swap" ];
|
|
|
|
|
};
|
2022-11-13 15:46:24 +01:00
|
|
|
|
|
|
|
|
|
"/mnt/vfs_share" = {
|
2023-04-27 14:59:47 +02:00
|
|
|
|
device = "/dev/mapper/data";
|
2022-11-13 15:46:24 +01:00
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=vfs_share" "compress=zstd" ];
|
2023-06-25 11:26:04 +02:00
|
|
|
|
neededForBoot = true;
|
2022-11-13 15:46:24 +01:00
|
|
|
|
};
|
|
|
|
|
|
2023-03-26 15:29:18 +02:00
|
|
|
|
"/mnt/backups/0" = {
|
|
|
|
|
device = "/dev/mapper/backups0";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "noauto" "subvolid=5" "compress=zstd" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"/mnt/backups/1" = {
|
|
|
|
|
device = "/dev/mapper/backups1";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "noauto" "subvolid=5" "compress=zstd" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"/mnt/backups/2" = {
|
|
|
|
|
device = "/dev/mapper/backups2";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "noauto" "subvolid=5" "compress=zstd" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
2023-07-30 16:06:59 +02:00
|
|
|
|
swapDevices = [{ device = "/swap/swapfile"; }];
|
|
|
|
|
|
2023-03-26 15:29:18 +02:00
|
|
|
|
environment.etc = {
|
|
|
|
|
crypttab = {
|
|
|
|
|
text = ''
|
|
|
|
|
backups0 UUID="e45232d5-f46f-46f3-a150-be26374b3357" /etc/luks-keys/backups.bin noauto
|
|
|
|
|
backups1 UUID="5b3da928-4862-4451-89cd-5bd6a95466d0" /etc/luks-keys/backups.bin noauto
|
|
|
|
|
backups2 UUID="cbfa9cba-dee2-4d0b-8cde-2f1d1849b22c" /etc/luks-keys/backups.bin noauto
|
2023-08-01 12:10:35 +02:00
|
|
|
|
gnupg_secrets /mnt/secrets/gnupg.img none noauto
|
2023-03-26 15:29:18 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
2022-05-12 11:00:26 +02:00
|
|
|
|
};
|
2022-01-18 09:32:55 +01:00
|
|
|
|
|
2022-04-24 16:53:55 +02:00
|
|
|
|
environment.variables = {
|
|
|
|
|
NIXOS_CONFIG = "${home}/configs/nix-config/capibara.nix";
|
|
|
|
|
LV2_PATH =
|
|
|
|
|
"${home}/.nix-profile/lib/lv2:${home}/Audio/plugins/lv2:/run/current-system/sw/lib/lv2";
|
|
|
|
|
LXVST_PATH =
|
|
|
|
|
"${home}/.nix-profile/lib/lxvst:${home}/Audio/plugins/lxvst:/run/current-system/sw/lib/lxvst";
|
|
|
|
|
LADSPA_PATH =
|
|
|
|
|
"${home}/.nix-profile/lib/ladspa:${home}/Audio/plugins/ladspa:/run/current-system/sw/lib/ladspa";
|
|
|
|
|
};
|
2022-01-19 16:34:20 +01:00
|
|
|
|
|
2022-01-18 09:32:55 +01:00
|
|
|
|
networking.networkmanager.wifi.macAddress = "CC:AF:78:75:29:32";
|
|
|
|
|
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
programs.steam.enable = true;
|
|
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
|
|
|
|
|
|
loader = {
|
|
|
|
|
grub = {
|
|
|
|
|
efiSupport = false;
|
|
|
|
|
efiInstallAsRemovable = false;
|
|
|
|
|
enable = true;
|
2023-04-27 14:59:47 +02:00
|
|
|
|
device = "/dev/disk/by-id/ata-KINGSTON_SKC600MS512G_50026B7783FC3D2F";
|
2022-01-18 09:32:55 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
initrd = {
|
2023-04-27 14:59:47 +02:00
|
|
|
|
luks = {
|
|
|
|
|
devices = {
|
|
|
|
|
root = {
|
|
|
|
|
device = "/dev/disk/by-uuid/869b4b9e-5004-4625-877f-6b1c9489ac8f";
|
|
|
|
|
allowDiscards = true;
|
|
|
|
|
};
|
|
|
|
|
data = {
|
2023-04-27 17:25:08 +02:00
|
|
|
|
device = "/dev/disk/by-uuid/6a9246a0-984b-471c-9950-be16db3060f5";
|
2023-04-27 14:59:47 +02:00
|
|
|
|
allowDiscards = true;
|
|
|
|
|
};
|
2022-01-18 09:32:55 +01:00
|
|
|
|
};
|
2023-04-27 14:59:47 +02:00
|
|
|
|
reusePassphrases = true;
|
2022-01-18 09:32:55 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2022-02-25 18:19:13 +01:00
|
|
|
|
services.earlyoom.enable = true;
|
|
|
|
|
|
|
|
|
|
# Power management
|
|
|
|
|
powerManagement.enable = true;
|
|
|
|
|
services.upower.enable = true;
|
2022-03-05 18:52:59 +01:00
|
|
|
|
# services.thermald.enable = true;
|
2022-02-25 18:19:13 +01:00
|
|
|
|
services.tlp.enable = true;
|
|
|
|
|
services.power-profiles-daemon.enable = false;
|
2023-04-26 11:30:08 +02:00
|
|
|
|
environment.systemPackages = with pkgs; [ powertop acpi offline-backups ];
|
2022-02-25 18:19:13 +01:00
|
|
|
|
|
2022-09-26 16:54:54 +02:00
|
|
|
|
#services.beesd.filesystems = {
|
|
|
|
|
# root = {
|
|
|
|
|
# spec = "/dev/mapper/root";
|
|
|
|
|
# hashTableSizeMB = 256;
|
|
|
|
|
# verbosity = "info";
|
|
|
|
|
# extraOptions = [ "--loadavg-target" "2.0" ];
|
|
|
|
|
# };
|
|
|
|
|
#};
|
2022-08-17 12:07:27 +02:00
|
|
|
|
|
2022-11-06 13:31:43 +01:00
|
|
|
|
# todo: target and/or archive
|
2023-03-26 17:00:32 +02:00
|
|
|
|
services.btrbk.instances = {
|
|
|
|
|
btrbk = {
|
|
|
|
|
onCalendar = "*:0/30"; # every 30 minutes
|
|
|
|
|
settings = {
|
|
|
|
|
snapshot_preserve = "2d";
|
|
|
|
|
snapshot_preserve_min = "latest";
|
|
|
|
|
snapshot_create = "onchange";
|
2023-04-27 17:25:08 +02:00
|
|
|
|
volume."/mnt/btr_data" = {
|
2023-03-26 17:00:32 +02:00
|
|
|
|
snapshot_dir = "btrbk_snapshots";
|
|
|
|
|
subvolume = {
|
|
|
|
|
data = { };
|
|
|
|
|
persist = { };
|
|
|
|
|
};
|
2022-11-06 13:31:43 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-03-26 17:00:32 +02:00
|
|
|
|
|
|
|
|
|
# doas -u btrbk btrbk -c /etc/btrbk/offline-backups.conf --dry-run --progress --verbose run
|
|
|
|
|
offline-backups = {
|
|
|
|
|
onCalendar = null;
|
|
|
|
|
settings = {
|
|
|
|
|
ssh_user = "btrbk";
|
|
|
|
|
ssh_identity = "/etc/btrbk/id_ed25519";
|
|
|
|
|
backend_remote = "btrfs-progs-doas";
|
2023-04-26 11:30:08 +02:00
|
|
|
|
snapshot_create = "onchange";
|
|
|
|
|
snapshot_preserve_min = "latest";
|
|
|
|
|
target_preserve_min = "all";
|
2023-03-26 17:00:32 +02:00
|
|
|
|
volume = {
|
|
|
|
|
|
|
|
|
|
"ssh://narwhal:22/mnt/btr_pool" = {
|
2023-04-26 11:30:08 +02:00
|
|
|
|
stream_buffer = "50%";
|
|
|
|
|
stream_compress = "zstd";
|
|
|
|
|
snapshot_dir = "btrbk_snapshots_offline";
|
2023-03-26 17:00:32 +02:00
|
|
|
|
subvolume = {
|
|
|
|
|
backups = { };
|
|
|
|
|
books = { };
|
|
|
|
|
certs = { };
|
|
|
|
|
data = { };
|
|
|
|
|
docker_volumes = { };
|
|
|
|
|
home = { };
|
|
|
|
|
http = { };
|
|
|
|
|
music = { };
|
|
|
|
|
secrets = { };
|
|
|
|
|
transmission = { };
|
|
|
|
|
videos = { };
|
|
|
|
|
};
|
|
|
|
|
target = {
|
|
|
|
|
"/mnt/backups/0/btr_backup/narwhal" = { };
|
|
|
|
|
"/mnt/backups/1/btr_backup/narwhal" = { };
|
|
|
|
|
"/mnt/backups/2/btr_backup/narwhal" = { };
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"ssh://suricata:22/mnt/btr_pool" = {
|
2023-04-26 11:30:08 +02:00
|
|
|
|
stream_buffer = "50%";
|
|
|
|
|
snapshot_dir = "btrbk_snapshots_offline";
|
2023-03-26 17:00:32 +02:00
|
|
|
|
compat_remote = "busybox";
|
|
|
|
|
subvolume = {
|
|
|
|
|
home = { };
|
|
|
|
|
rancher_config = { };
|
|
|
|
|
backups = { };
|
|
|
|
|
configs = { };
|
|
|
|
|
};
|
|
|
|
|
target = {
|
|
|
|
|
"/mnt/backups/0/btr_backup/suricata" = { };
|
|
|
|
|
"/mnt/backups/1/btr_backup/suricata" = { };
|
|
|
|
|
"/mnt/backups/2/btr_backup/suricata" = { };
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-04-28 14:01:21 +02:00
|
|
|
|
"ssh://caladan/mnt/btr_pool" = {
|
2023-04-26 11:30:08 +02:00
|
|
|
|
stream_buffer = "50%";
|
|
|
|
|
snapshot_dir = "btrbk_snapshots_offline";
|
|
|
|
|
compat_remote = "busybox";
|
|
|
|
|
subvolume = {
|
|
|
|
|
certs = { };
|
|
|
|
|
volumes = { };
|
|
|
|
|
};
|
|
|
|
|
target = {
|
|
|
|
|
"/mnt/backups/0/btr_backup/caladan" = { };
|
|
|
|
|
"/mnt/backups/1/btr_backup/caladan" = { };
|
|
|
|
|
"/mnt/backups/2/btr_backup/caladan" = { };
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-04-28 14:01:21 +02:00
|
|
|
|
"/mnt/btr_data" = {
|
|
|
|
|
snapshot_dir = "btrbk_snapshots_offline";
|
|
|
|
|
subvolume = {
|
|
|
|
|
data = { };
|
|
|
|
|
persist = { };
|
|
|
|
|
};
|
|
|
|
|
target = {
|
|
|
|
|
"/mnt/backups/0/btr_backup/capibara" = { };
|
|
|
|
|
"/mnt/backups/1/btr_backup/capibara" = { };
|
|
|
|
|
"/mnt/backups/2/btr_backup/capibara" = { };
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-04-26 11:30:08 +02:00
|
|
|
|
};
|
2023-03-26 17:00:32 +02:00
|
|
|
|
};
|
|
|
|
|
};
|
2022-11-06 13:31:43 +01:00
|
|
|
|
};
|
|
|
|
|
|
2022-09-11 11:14:01 +02:00
|
|
|
|
services.xserver.deviceSection = ''
|
|
|
|
|
Option "TearFree" "true"
|
|
|
|
|
'';
|
|
|
|
|
|
2023-01-07 20:30:41 +01:00
|
|
|
|
xdg.portal = {
|
|
|
|
|
enable = true;
|
|
|
|
|
wlr.enable = true;
|
|
|
|
|
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
|
|
|
|
|
};
|
|
|
|
|
|
2022-01-18 09:32:55 +01:00
|
|
|
|
networking = {
|
|
|
|
|
hostName = "capibara";
|
|
|
|
|
interfaces = {
|
|
|
|
|
eno0.useDHCP = true;
|
|
|
|
|
wlp2s0.useDHCP = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-08-04 17:45:26 +02:00
|
|
|
|
system.stateVersion = "23.05";
|
2022-01-18 09:32:55 +01:00
|
|
|
|
}
|