Compare commits
5 commits
594e9524e6
...
6f927ad62f
Author | SHA1 | Date | |
---|---|---|---|
6f927ad62f | |||
31e1c335e8 | |||
b04ec25a57 | |||
dc87ea1eea | |||
bc89904efa |
7 changed files with 189 additions and 19 deletions
30
flake.lock
generated
30
flake.lock
generated
|
@ -193,11 +193,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727856734,
|
"lastModified": 1727872461,
|
||||||
"narHash": "sha256-YGKkZJGZiopMia83mf04zbK2p2OHdtbyJq05jkmGGis=",
|
"narHash": "sha256-4Pw3fVhN6xey5+2gUBm9nQJAjBqivffr+a5ZsXYjzJ8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "da8f49246ce226b70feaf132d9b73a4cb7595f10",
|
"rev": "568727a884ae7cd9f266bd19aea655def8cafd78",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -217,11 +217,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727860369,
|
"lastModified": 1727886024,
|
||||||
"narHash": "sha256-sS83Q/2pl6U+LnRKVH95ntBRIpzr2x1llLPZlfX0GXg=",
|
"narHash": "sha256-9cpTSjtShCU5MJwEm3cbL2pALTMwjCDTM3zeQ1wrkRI=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "emacs-overlay",
|
"repo": "emacs-overlay",
|
||||||
"rev": "7bdcd77e2b8fd8e10d8d8bfae5ba7302dbd69d3e",
|
"rev": "a483757de48eba86f4ab373fd522341555aecfd7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -575,11 +575,11 @@
|
||||||
"spectrum": "spectrum"
|
"spectrum": "spectrum"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727444402,
|
"lastModified": 1727872811,
|
||||||
"narHash": "sha256-IhKB3RPTrblfiq6DW9MiGrS0ULcn/0qWtlefL+Gfg0o=",
|
"narHash": "sha256-78hOotCZ/G8l4nyWPdMWSOojdJ5NwHTR0usBVVBNTtU=",
|
||||||
"owner": "astro",
|
"owner": "astro",
|
||||||
"repo": "microvm.nix",
|
"repo": "microvm.nix",
|
||||||
"rev": "04f643d06b6f3f79cb289a8c94f051b012e1750e",
|
"rev": "e832ffc16b09b1b5c7c1224532d03ed3ce68afd0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -780,11 +780,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727634051,
|
"lastModified": 1727802920,
|
||||||
"narHash": "sha256-S5kVU7U82LfpEukbn/ihcyNt2+EvG7Z5unsKW9H/yFA=",
|
"narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "06cf0e1da4208d3766d898b7fdab6513366d45b9",
|
"rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -880,11 +880,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727836133,
|
"lastModified": 1727922550,
|
||||||
"narHash": "sha256-JE0zciM5IGWvK8J/pE2VldNBf7oyMH5WrU8tZArefbg=",
|
"narHash": "sha256-pJoN5Qd83coaoEJmpkxw+cuh89IJORvLm8qyw3GMLIQ=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "02321540b0c8000b36889b1b974d1fec585b25a4",
|
"rev": "5e3eee4bc42a2504653bedfe95bceda9a1e85ae7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -219,10 +219,16 @@
|
||||||
inputs',
|
inputs',
|
||||||
pkgs,
|
pkgs,
|
||||||
config,
|
config,
|
||||||
|
system,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
|
|
||||||
|
_module.args.pkgs = import inputs.nixpkgs {
|
||||||
|
inherit system;
|
||||||
|
overlays = [ self.overlays.default ];
|
||||||
|
};
|
||||||
|
|
||||||
pre-commit = {
|
pre-commit = {
|
||||||
settings = {
|
settings = {
|
||||||
hooks = {
|
hooks = {
|
||||||
|
@ -258,7 +264,7 @@
|
||||||
|
|
||||||
packages = {
|
packages = {
|
||||||
dnspyre = pkgs.callPackage ./pkgs/dnspyre { };
|
dnspyre = pkgs.callPackage ./pkgs/dnspyre { };
|
||||||
git-repo-go = pkgs.callPackage ./pkgs/git-repo-go { };
|
git-repo-go = pkgs.git-repo-go;
|
||||||
hassbridge = pkgs.callPackage ./pkgs/hassbridge { };
|
hassbridge = pkgs.callPackage ./pkgs/hassbridge { };
|
||||||
peakperf = pkgs.callPackage ./pkgs/peakperf { };
|
peakperf = pkgs.callPackage ./pkgs/peakperf { };
|
||||||
tinyows = pkgs.callPackage ./pkgs/tinyows { };
|
tinyows = pkgs.callPackage ./pkgs/tinyows { };
|
||||||
|
|
32
machines/loki/barman.nix
Normal file
32
machines/loki/barman.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{ pkgs, config, ... }:
|
||||||
|
{
|
||||||
|
services.barman = {
|
||||||
|
enable = true;
|
||||||
|
package = (
|
||||||
|
pkgs.barman.overrideAttrs (prevAttrs: {
|
||||||
|
propagatedBuildInputs = prevAttrs.propagatedBuildInputs ++ [ pkgs.python3Packages.distutils ];
|
||||||
|
})
|
||||||
|
);
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
barman = {
|
||||||
|
# log_file = "/var/log/barman/barman.log";
|
||||||
|
configuration_files_directory = "/etc/barman.d";
|
||||||
|
create_slot = "auto";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
servers = {
|
||||||
|
ha = {
|
||||||
|
description = "Home Assistant database";
|
||||||
|
conninfo = "host=10.0.0.254 user=postgres dbname=homeassistant passfile=${config.sops.secrets.barman-passwords.path}";
|
||||||
|
wal_streaming_conninfo = "host=10.0.0.254 user=postgres dbname=homeassistant passfile=${config.sops.secrets.barman-passwords.path}";
|
||||||
|
streaming_archiver = true;
|
||||||
|
backup_method = "postgres";
|
||||||
|
slot_name = "barman";
|
||||||
|
retention_policy = "RECOVERY WINDOW OF 4 WEEKS";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# passwordsFile = config.sops.secrets.barman-passwords.path;
|
||||||
|
};
|
||||||
|
}
|
|
@ -8,6 +8,7 @@
|
||||||
nixos-hardware.nixosModules.common-pc-ssd
|
nixos-hardware.nixosModules.common-pc-ssd
|
||||||
|
|
||||||
# ./vm.nix
|
# ./vm.nix
|
||||||
|
./barman.nix
|
||||||
|
|
||||||
../../users/erwin
|
../../users/erwin
|
||||||
../../users/root
|
../../users/root
|
||||||
|
@ -379,6 +380,17 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
logind = {
|
||||||
|
hibernateKey = "ignore";
|
||||||
|
powerKey = "ignore";
|
||||||
|
rebootKey = "ignore";
|
||||||
|
suspendKey = "hibernate";
|
||||||
|
hibernateKeyLongPress = "ignore";
|
||||||
|
powerKeyLongPress = "ignore";
|
||||||
|
rebootKeyLongPress = "ignore";
|
||||||
|
suspendKeyLongPress = "ignore";
|
||||||
|
};
|
||||||
|
|
||||||
openssh.enable = true;
|
openssh.enable = true;
|
||||||
|
|
||||||
colord.enable = true;
|
colord.enable = true;
|
||||||
|
@ -543,6 +555,10 @@
|
||||||
owner = "systemd-network";
|
owner = "systemd-network";
|
||||||
};
|
};
|
||||||
k3s-token = { };
|
k3s-token = { };
|
||||||
|
|
||||||
|
barman-passwords = {
|
||||||
|
owner = "barman";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
|
|
@ -5,6 +5,7 @@ livebook-password: ENC[AES256_GCM,data:FaMIr0GxLTvAzrYt7blGbJuGDbr+lDiIMnvY2c/r,
|
||||||
renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str]
|
renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str]
|
||||||
wireguard-horus-privkey: ENC[AES256_GCM,data:JVhdbvNqfdPWFCg24F56Hmu1Tf/EA6BOqa1uPuu8C/FrJhNaGi4S+KYOook=,iv:z8cq4C5vu/QqJ3UZdL1zEH22Ht3rKSbdHgAQbRSk8Kk=,tag:AVBvV8wJqw5jgDRiES89eQ==,type:str]
|
wireguard-horus-privkey: ENC[AES256_GCM,data:JVhdbvNqfdPWFCg24F56Hmu1Tf/EA6BOqa1uPuu8C/FrJhNaGi4S+KYOook=,iv:z8cq4C5vu/QqJ3UZdL1zEH22Ht3rKSbdHgAQbRSk8Kk=,tag:AVBvV8wJqw5jgDRiES89eQ==,type:str]
|
||||||
k3s-token: ENC[AES256_GCM,data:agr9ihvrufHJ+zsWUTT7tT6oXwhQfp1VjlzvL/YrjhfsQsWdA2wqQOBG8Fgi6gDlqz+3DwWr3wdy/jclEEwrnA==,iv:zgYrN9CSraugO+LMIpJ2jDvxjCnQ9a3GHj6ffO/K0uY=,tag:6en6lNNvNMyOVf1Rfow6ew==,type:str]
|
k3s-token: ENC[AES256_GCM,data:agr9ihvrufHJ+zsWUTT7tT6oXwhQfp1VjlzvL/YrjhfsQsWdA2wqQOBG8Fgi6gDlqz+3DwWr3wdy/jclEEwrnA==,iv:zgYrN9CSraugO+LMIpJ2jDvxjCnQ9a3GHj6ffO/K0uY=,tag:6en6lNNvNMyOVf1Rfow6ew==,type:str]
|
||||||
|
barman-passwords: ENC[AES256_GCM,data:M7HCuXsq8kSqoEfbn94/Hdl1tvb93i5oDYOr+QeuDVD33aF/xxuOwDVZM7wz7OcuozV7f6URtMGDy26KaHqekWhn2hFoRi5WHOxjE7M6oYLP6V4F+IGQBeMOHjjzqjQ9ti/BfhGpi3oHf0RK4RxLCmoNzAfWuP6zZnCyKgwyxBVu6lCHG2I08CJ8w2novts8,iv:EMLqvGIb1WK71Aw+LWr7JrQydA89CTTOavsFUZ6M3G8=,tag:PXu0JVzHjbH9wQfijf9V7A==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -38,8 +39,8 @@ sops:
|
||||||
c0dlMkVlRG9LYU00M2M3UGJpUkxDOWsKiwc5oM63ezv1TVng0zQOqILOxuRMU+j7
|
c0dlMkVlRG9LYU00M2M3UGJpUkxDOWsKiwc5oM63ezv1TVng0zQOqILOxuRMU+j7
|
||||||
hHl6AWg0iorXJ1IWmGxLINDAK/RQVEFLK6gRjfN7qB+6wdmrKl8seQ==
|
hHl6AWg0iorXJ1IWmGxLINDAK/RQVEFLK6gRjfN7qB+6wdmrKl8seQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-07T22:49:34Z"
|
lastmodified: "2024-10-01T18:48:17Z"
|
||||||
mac: ENC[AES256_GCM,data:e3HW2LmCFwxXt2QkKf7pGKrpBQLFETVzz6w4/EEtxSzcuFn7p/S0AYk/4/FPXO+Gke1ccklXINFb/Qk0KlaWeToNg3Pp19xt5b9apvJQsoXQOuzjxqHDRkwZjGIFsYUvVgt/YNXs3AsTJzeMq0RjaI96xbwCitKvZl+sJP1nUBY=,iv:vA8xjOljqXwHwG+aJuCORgcHcNGgNf4L9RRV+dZv4+w=,tag:1Ukh7LQ/yTurdANzygxvXQ==,type:str]
|
mac: ENC[AES256_GCM,data:TjNyX17d3PaScsPidp1wTc4DVK2Jl5/QRmlfH3WN/Hs+lsPn9BvFHmuy50Fs9TLfDjTBQ4WdreWw3Tz2SSBw12WO9tt7vt2b8MudLr1EqHP2rGN6u6cxz9xKYSm0v8j+mJFuL3VJvGAKdSvHS0lxo3SooEhONGkrhDwPidhhcks=,iv:9DhtXHJo6JTGJY/nPCAt11x8ZZwv/1B37dSaqFVAOiE=,tag:xfnRBecHFKOY09VTMBh9dw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.0
|
||||||
|
|
114
modules/barman/default.nix
Normal file
114
modules/barman/default.nix
Normal file
|
@ -0,0 +1,114 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.services.barman;
|
||||||
|
iniFormat = pkgs.formats.ini { };
|
||||||
|
defaultUser = "barman";
|
||||||
|
defaultHome = "/var/lib/barman";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.barman = {
|
||||||
|
enable = lib.mkEnableOption "barman";
|
||||||
|
package = lib.mkPackageOption pkgs "barman" { };
|
||||||
|
|
||||||
|
settings = lib.mkOption {
|
||||||
|
description = "Global barman configuration that goes in the `[barman]` section of `barman.conf`";
|
||||||
|
type = lib.types.submodule { freeformType = iniFormat.type; };
|
||||||
|
example = {
|
||||||
|
barman_user = defaultUser;
|
||||||
|
barman_home = defaultHome;
|
||||||
|
log_file = "/var/log/barman/barman.log";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
servers = lib.mkOption {
|
||||||
|
description = "Server configurations";
|
||||||
|
type = lib.types.submodule { freeformType = iniFormat.type; };
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
# passwordsFile = lib.mkOption {
|
||||||
|
# description = "Path to the PostgreSQL password file. See [the documentation](https://www.postgresql.org/docs/current/libpq-pgpass.html) for the format.";
|
||||||
|
# type = lib.types.path;
|
||||||
|
# default = null;
|
||||||
|
# };
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
services.barman.settings = {
|
||||||
|
barman = {
|
||||||
|
barman_user = lib.mkDefault defaultUser;
|
||||||
|
barman_home = lib.mkDefault defaultHome;
|
||||||
|
compression = lib.mkDefault "pigz";
|
||||||
|
backup_compression = lib.mkDefault "zstd";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users."${cfg.settings.barman.barman_user}" = {
|
||||||
|
isSystemUser = true;
|
||||||
|
home = cfg.settings.barman.barman_home;
|
||||||
|
createHome = true;
|
||||||
|
group = cfg.settings.barman.barman_user;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups."${cfg.settings.barman.barman_user}" = { };
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
etc =
|
||||||
|
{
|
||||||
|
"barman.conf" = {
|
||||||
|
user = cfg.settings.barman.barman_user;
|
||||||
|
source = iniFormat.generate "barman.conf" cfg.settings;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
// (lib.mapAttrs' (name: serverConfig: {
|
||||||
|
name = "barman.d/${name}.conf";
|
||||||
|
value = {
|
||||||
|
user = cfg.settings.barman.barman_user;
|
||||||
|
source = iniFormat.generate "${name}.conf" { "${name}" = serverConfig; };
|
||||||
|
};
|
||||||
|
}) cfg.servers);
|
||||||
|
|
||||||
|
systemPackages = [ cfg.package ];
|
||||||
|
};
|
||||||
|
systemd = {
|
||||||
|
timers.barman = {
|
||||||
|
description = "Update timer for barman";
|
||||||
|
partOf = [ "barman.service" ];
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*:*:0";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.barman = {
|
||||||
|
description = "Run barman maintenance tasks";
|
||||||
|
path = with pkgs; [
|
||||||
|
cfg.package
|
||||||
|
bash
|
||||||
|
bzip2
|
||||||
|
gzip
|
||||||
|
lz4
|
||||||
|
pigz
|
||||||
|
postgresql
|
||||||
|
zstd
|
||||||
|
];
|
||||||
|
# environment = {
|
||||||
|
# PGPASSFILE = lib.mkIf (cfg.passwordsFile != null) cfg.passwordsFile;
|
||||||
|
# };
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
User = cfg.settings.barman.barman_user;
|
||||||
|
ExecStart = "${cfg.package}/bin/barman cron";
|
||||||
|
WorkingDirectory = cfg.settings.barman.barman_home;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -163,6 +163,7 @@ in
|
||||||
waybar = {
|
waybar = {
|
||||||
enable = true;
|
enable = true;
|
||||||
sway = true;
|
sway = true;
|
||||||
|
cpuTempPath = "/sys/class/hwmon/hwmon2/temp2_input";
|
||||||
};
|
};
|
||||||
zathura.enable = true;
|
zathura.enable = true;
|
||||||
zellij = {
|
zellij = {
|
||||||
|
|
Loading…
Add table
Reference in a new issue