diff options
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/dishfire/config.nix | 10 | ||||
-rw-r--r-- | lass/1systems/dishfire/physical.nix | 21 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 29 | ||||
-rw-r--r-- | lass/2configs/default.nix | 2 | ||||
-rw-r--r-- | lass/3modules/default.nix | 1 | ||||
-rw-r--r-- | lass/3modules/restic.nix | 119 | ||||
-rw-r--r-- | lass/3modules/xjail.nix | 1 |
7 files changed, 34 insertions, 149 deletions
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix new file mode 100644 index 000000000..b814d7188 --- /dev/null +++ b/lass/1systems/dishfire/config.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix new file mode 100644 index 000000000..ca013132f --- /dev/null +++ b/lass/1systems/dishfire/physical.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + ./config.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.loader.grub.devices = [ "/dev/sda" ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd"; + fsType = "ext4"; + }; + + swapDevices = [ ]; +} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 95b688590..88ac90de4 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -183,35 +183,6 @@ with import <stockholm/lib>; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/lass/src" - "/home/lass/work" - "/home/lass/.gnupg" - "/home/lass/Maildir" - "/home/lass/stockholm" - "/home/lass/.password-store" - "/home/bitcoin" - "/home/bch" - ]; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/mors"; - #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); virtualisation.libvirtd.enable = true; services.earlyoom = { diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 91922e5c9..c3fbc2093 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -215,6 +215,8 @@ with import <stockholm/lib>; noipv4ll ''; + documentation.nixos.includeAllModules = true; + # use 24:00 time format, the default got sneakily changed around 20.03 i18n.defaultLocale = mkDefault "C.UTF-8"; time.timeZone = mkDefault"Europe/Berlin"; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 1ce88b238..570bb45be 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,7 +9,6 @@ _: ./news.nix ./nichtparasoup.nix ./pyload.nix - ./restic.nix ./screenlock.nix ./usershadow.nix ./xjail.nix diff --git a/lass/3modules/restic.nix b/lass/3modules/restic.nix deleted file mode 100644 index c720793b1..000000000 --- a/lass/3modules/restic.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ - options.lass.restic = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - passwordFile = mkOption { - type = types.str; - default = toString <secrets/restic-password>; - description = '' - read the repository password from a file. - ''; - example = "/etc/nixos/restic-password"; - - }; - repo = mkOption { - type = types.str; - default = "sftp:backup@prism.r:/backups/${config.name}"; - description = '' - repository to backup to. - ''; - example = "sftp:backup@192.168.1.100:/backups/${config.name}"; - }; - dirs = mkOption { - type = types.listOf types.str; - default = []; - description = '' - which directories to backup. - ''; - example = [ - "/var/lib/postgresql" - "/home/user/backup" - ]; - }; - timerConfig = mkOption { - type = types.attrsOf types.str; - default = { - OnCalendar = "daily"; - }; - description = '' - When to run the backup. See man systemd.timer for details. - ''; - example = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }; - user = mkOption { - type = types.str; - default = "root"; - description = '' - As which user the backup should run. - ''; - example = "postgresql"; - }; - extraArguments = mkOption { - type = types.listOf types.str; - default = []; - description = '' - Extra arguments to append to the restic command. - ''; - example = [ - "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp" - ]; - }; - initialize = mkOption { - type = types.bool; - default = false; - description = '' - Create the repository if it doesn't exist. - ''; - }; - }; - })); - default = {}; - }; - - config = { - systemd.services = - mapAttrs' (_: plan: - let - extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments; - connectTo = elemAt (splitString ":" plan.repo) 1; - resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}"; - in nameValuePair "backup.${plan.name}" { - environment = { - RESTIC_PASSWORD_FILE = plan.passwordFile; - RESTIC_REPOSITORY = plan.repo; - }; - path = with pkgs; [ - openssh - ]; - restartIfChanged = false; - serviceConfig = { - ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" '' - #! ${pkgs.bash}/bin/bash - ${resticCmd} snapshots || ${resticCmd} init - ''); - ExecStart = pkgs.writeDash "rustic-${plan.name}" ( - "#! ${pkgs.bash}/bin/bash\n" + - concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs - ); - User = plan.user; - }; - } - ) config.lass.restic; - systemd.timers = - mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" { - wantedBy = [ "timers.target" ]; - timerConfig = plan.timerConfig; - }) config.lass.restic; - }; -} diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 526e12db7..f94e7ebbf 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -48,6 +48,7 @@ with import <stockholm/lib>; wm = mkOption { #TODO find type type = types.str; + defaultText = "‹script›"; default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ |