5 files changed, 113 insertions, 2 deletions

diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index c5cb1cae..4a88582a 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -157,7 +157,8 @@ let
     # of the deepest directory:
     # shellcheck disable=SC2174
     ${local.rsync} >&2 \
-        -aAXF --delete \
+        -aAX --delete \
+        --filter='dir-merge /.backup-filter' \
         --rsh=${shell.escape ssh} \
         --rsync-path=${shell.escape remote.rsync} \
         --link-dest=${shell.escape plan.dst.path}/current \
@@ -191,7 +192,8 @@ let
           echo >&2 "create snapshot: $ns/$name"
           mkdir -m 0700 -p "$dst_path/$ns"
           rsync >&2 \
-              -aAXF --delete \
+              -aAX --delete \
+              --filter='dir-merge /.backup-filter' \
               --link-dest="$dst_path/current" \
               "$dst_path/current/" \
               "$dst_path/$ns/.partial.$name"
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 8d48c2a4..4e40561c 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -82,6 +82,32 @@ in {
       ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au";
     };
+    bu = {
+      ci = true;
+      cores = 4;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.13.36";
+          aliases = [
+            "bu.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAxjAvT1sfHPWExhWRoXG+NJbYUmf5q4yfpfBRvb232LC9sLn4Z2wb
+            hxKreR5/j9a/2hRIlCz4IwKftl5vroG9Vy4e7zZIz6QvN4TqED8dUjJ1ubhtj47l
+            jjHW4cHLUWsaqqu6TAuPH26qPSxm9VrD6rZIX9RmQ1bWIaonVB3Q+XnDfPlISw6M
+            gbQXz4tOsOnC+y/6C3VPUo0nqC+PuA/kyRq/ivVutKd0dTSY8LmCDNla6AEVD5dG
+            sIqPWX5h8fjqU7G3oOMvMsBrCkvRRB0F0dQzGo8EXwCDJxa+xOuk5n1GYJ2lqeM/
+            st7KIxmLvO5AE7cUxdLlDj4EzVLSDoAqOwIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+          tinc.pubkey_ed25519 = "/MXEuv96HlrpHBto8KP2S6Ztiahhi3H7AevmbYS+xqE";
+        };
+      };
+      secure = true;
+      ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa";
+      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Y13PvTn+9VjQbgy2ZmpAEFXyYaroYP/5nK9o7B8cidf01Sh39184mG8KN8VuEzCj7b37KnLH8qUDcsukvkxOVSoVHmXH+/Pgbmsxp4c9sxLQLHBfCazhT0S3Zs+BkR6LNQ8GOCS1qsgy05L6fMXoQgds3Zx/X4ZYjLnYVnJo8k+6aP4pU/rB6GFzGG9UrLDvSvk/PoswpEr7S6uFa4bF8JWD5VPkQTPTNwm1LWH4va+ABcw9KOgL2tsAk/jJlkLD4qgXowqgbwcpfe+QCukJb7uIQjRtOgxSAhHqT1nxjS6gROhGt0ojuwALaZaFPr9YtGlqxPhUzAXWKvvbVcr6kkR17HrtXZeLdFqwrUPlkIDFV6yLbYzQGKPFwxtpoJaH/irv6cgeXnHaa9XQJk+XJ5pE0X9uNljGr3B8LMKymdlvvBiWOOLpYsHg5aVOR+K7HvydLSuaah8hpCLjjVyIYIl/pIDL4F/FUSxcFBB4fgdXB77LXm5UizmI7+dqZaOQSm8qXbLZ8P+13ele2JyV1pmvJbLFlhCksDMOXx9jvSJQ6DOjPd+2vtABWh9XGo2Fiy+ekB9LTzlW+xON4FRZDoTPrPmhg40v+s7lySHx3miwCIJfNfLJpf0dxm3pQYWZPIra1RA9hbgstXBJ3+2VA5JEuVRt0SEygN5Kgk1Y5w== root@bu";
+    };
     hu = {
       nets = {
         retiolum = {
diff --git a/tv/1systems/bu/config.nix b/tv/1systems/bu/config.nix
new file mode 100644
index 00000000..69c5848f
--- /dev/null
+++ b/tv/1systems/bu/config.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }: let
+  lib = import ../../../lib;
+in {
+
+  imports = [
+    ./disks.nix
+    <stockholm/tv>
+    <stockholm/tv/2configs/hw/x220.nix>
+    <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/gitconfig.nix>
+    <stockholm/tv/2configs/pulse.nix>
+    <stockholm/tv/2configs/retiolum.nix>
+  ];
+
+  environment.homeBinInPath = true;
+
+  krebs.build.host = config.krebs.hosts.bu;
+
+  networking.hostId = lib.mkDefault "00000000";
+
+  networking.wireless.enable = true;
+  networking.useDHCP = false;
+  networking.interfaces.enp0s25.useDHCP = true;
+  networking.interfaces.wlp3s0.useDHCP = true;
+  networking.interfaces.wwp0s29u1u4i6.useDHCP = true;
+  networking.wireless.interfaces = [
+    "wlp3s0"
+  ];
+
+  programs.gnupg.agent.enable = true;
+  programs.gnupg.agent.pinentryFlavor = "gtk2";
+
+  services.earlyoom.enable = true;
+  services.earlyoom.freeMemThreshold = 5;
+  systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [
+    "--prefer '(^|/)chromium$'"
+  ];
+
+  system.stateVersion = "21.11";
+}
diff --git a/tv/1systems/bu/disks.nix b/tv/1systems/bu/disks.nix
new file mode 100644
index 00000000..deabefa7
--- /dev/null
+++ b/tv/1systems/bu/disks.nix
@@ -0,0 +1,19 @@
+{
+  boot.initrd.luks.devices.buda2.device = "/dev/sda2";
+  fileSystems."/" = {
+    device = "buda2/root";
+    fsType = "zfs";
+  };
+  fileSystems."/bku" = {
+    device = "buda2/bku";
+    fsType = "zfs";
+  };
+  fileSystems."/home" = {
+    device = "buda2/home";
+    fsType = "zfs";
+  };
+  fileSystems."/boot" = {
+    device = "/dev/sda1";
+    fsType = "vfat";
+  };
+}
diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index b8dec8da..a5e0cf4c 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -10,6 +10,24 @@ with import <stockholm/lib>;
       yearly   = { format = "%Y";                    };
     };
   }) {
+    bu-home-wu = {
+      method = "push";
+      src = { host = config.krebs.hosts.bu; path = "/home"; };
+      dst = { host = config.krebs.hosts.wu; path = "/bku/bu-home"; };
+      startAt = "05:15";
+    };
+    bu-home-xu = {
+      method = "push";
+      src = { host = config.krebs.hosts.bu; path = "/home"; };
+      dst = { host = config.krebs.hosts.xu; path = "/bku/bu-home"; };
+      startAt = "05:20";
+    };
+    bu-home-zu = {
+      method = "push";
+      src = { host = config.krebs.hosts.bu; path = "/home"; };
+      dst = { host = config.krebs.hosts.zu; path = "/bku/bu-home"; };
+      startAt = "05:25";
+    };
     nomic-home-xu = {
       method = "push";
       src = { host = config.krebs.hosts.nomic; path = "/home"; };
@@ -40,6 +58,12 @@ with import <stockholm/lib>;
       dst = { host = config.krebs.hosts.zu; path = "/bku/wu-home"; };
       startAt = "05:20";
     };
+    xu-home-bu = {
+      method = "push";
+      src = { host = config.krebs.hosts.xu; path = "/home"; };
+      dst = { host = config.krebs.hosts.bu; path = "/bku/xu-home"; };
+      startAt = "04:50";
+    };
     xu-home-nomic = {
       method = "push";
       src = { host = config.krebs.hosts.xu; path = "/home"; };