nix-config/hosts/capibara/default.nix

# capibara

{ inputs, outputs, config, pkgs, ... }:

{
  nixpkgs.hostPlatform = "x86_64-linux";

  imports = [
    ./hardware-configuration.nix
    ./file-systems.nix
    ./home-manager.nix
    outputs.nixosModules.common
    outputs.nixosModules.desktop
  ];

  networking.networkmanager.wifi.macAddress = "CC:AF:78:75:29:32";

  programs.steam.enable = true;
  services.earlyoom.enable = true;

  # Power management
  powerManagement.enable = true;
  services.upower.enable = true;
  # services.thermald.enable = true;
  services.tlp.enable = true;
  services.power-profiles-daemon.enable = false;
  environment.systemPackages = with pkgs; [ powertop acpi ];

  environment.etc = {
    ssh-pub-key = {
      target = "ssh/ssh_host_ed25519_key.pub";
      source = ./ssh_host_ed25519_key.pub;
    };
    ssh-pub-key-cert = {
      target = "ssh/ssh_host_ed25519_key-cert.pub";
      source = ./ssh_host_ed25519_key-cert.pub;
    };
  };

  age.secrets.ssh-key = {
    file = outputs.secrets.capibara.ssh_host_ed25519_key;
    mode = "400";
    owner = "root";
    group = "root";
    symlink = false;
    path = "/mnt/persist/etc/ssh/ssh_host_ed25519_key";
  };

  # todo: target and/or archive
  services.btrbk.instances = {
    btrbk = {
      onCalendar = "*:0/30"; # every 30 minutes
      settings = {
        snapshot_preserve = "2d";
        snapshot_preserve_min = "latest";
        snapshot_create = "onchange";
        volume."/mnt/btr_data" = {
          snapshot_dir = "btrbk_snapshots";
          subvolume = {
            data = { };
            persist = { };
          };
        };
      };
    };

    # doas -u btrbk btrbk -c /etc/btrbk/offline-backups.conf --dry-run --progress --verbose run
    offline-backups = {
      onCalendar = null;
      settings = {
        ssh_user = "btrbk";
        ssh_identity = "/etc/btrbk/id_ed25519";
        backend_remote = "btrfs-progs-doas";
        snapshot_create = "onchange";
        snapshot_preserve_min = "latest";
        target_preserve_min = "all";
        volume = {

          "ssh://narwhal:22/mnt/btr_pool" = {
            stream_buffer = "50%";
            stream_compress = "zstd";
            snapshot_dir = "btrbk_snapshots_offline";
            subvolume = {
              backups = { };
              books = { };
              certs = { };
              data = { };
              docker_volumes = { };
              home = { };
              http = { };
              music = { };
              secrets = { };
              transmission = { };
              videos = { };
            };
            target = {
              "/mnt/backups/0/btr_backup/narwhal" = { };
              "/mnt/backups/1/btr_backup/narwhal" = { };
              "/mnt/backups/2/btr_backup/narwhal" = { };
            };
          };

          "ssh://suricata:22/mnt/btr_pool" = {
            stream_buffer = "50%";
            snapshot_dir = "btrbk_snapshots_offline";
            compat_remote = "busybox";
            subvolume = {
              home = { };
              rancher_config = { };
              backups = { };
              configs = { };
            };
            target = {
              "/mnt/backups/0/btr_backup/suricata" = { };
              "/mnt/backups/1/btr_backup/suricata" = { };
              "/mnt/backups/2/btr_backup/suricata" = { };
            };
          };

          "ssh://caladan/mnt/btr_pool" = {
            stream_buffer = "50%";
            snapshot_dir = "btrbk_snapshots_offline";
            compat_remote = "busybox";
            subvolume = {
              certs = { };
              volumes = { };
            };
            target = {
              "/mnt/backups/0/btr_backup/caladan" = { };
              "/mnt/backups/1/btr_backup/caladan" = { };
              "/mnt/backups/2/btr_backup/caladan" = { };
            };
          };

          "/mnt/btr_data" = {
            snapshot_dir = "btrbk_snapshots_offline";
            subvolume = {
              data = { };
              persist = { };
            };
            target = {
              "/mnt/backups/0/btr_backup/capibara" = { };
              "/mnt/backups/1/btr_backup/capibara" = { };
              "/mnt/backups/2/btr_backup/capibara" = { };
            };
          };
        };
      };
    };
  };

  xdg.portal = {
    enable = true;
    wlr.enable = true;
    extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
  };

  networking = {
    hostName = "capibara";
    interfaces = {
      eno0.useDHCP = true;
      wlp2s0.useDHCP = true;
    };
  };

  system.stateVersion = "23.05";
}