alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: alarsyo:3e3d7153f9bc5d990f4708cc3fbe08db08addc9d
Branches Tags
alarsyo:main
alarsyo:framework
alarsyo:matrix-synapse-auto-compress
alarsyo:tmux-thumbs
..
compare: alarsyo:d7bf5fdbf41890e66530a34585634b290a6851c3
Branches Tags
alarsyo:main
alarsyo:framework
alarsyo:matrix-synapse-auto-compress
alarsyo:tmux-thumbs

No commits in common. "3e3d7153f9bc5d990f4708cc3fbe08db08addc9d" and "d7bf5fdbf41890e66530a34585634b290a6851c3" have entirely different histories.
3e3d7153f9 ... d7bf5fdbf4

38 changed files with 102 additions and 346 deletions
Show stats Expand all files Collapse all files

34
.github/workflows/cachix.yaml vendored
View file

@ -1,16 +1,13 @@
name: "Populate Cachix binary cache"
name: "Build packages for cachix"
on:
push:
paths:
- '**.nix'
- '**.age'
- 'pkgs/**'
- 'flake.nix'
- 'flake.lock'
- '.github/workflows/*'
jobs:
build-pkgs:
name: Nix packages
build:
runs-on: ubuntu-latest
strategy:
@ -35,29 +32,4 @@ jobs:
extraPullNames: "nix-community"
- name: Build package
run: nix build -L .#"${{ matrix.name }}"
build-configs:
name: NixOS configs
runs-on: ubuntu-latest
needs: [ build-pkgs ]
strategy:
matrix:
name:
- boreal
- zephyrus
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v16
- uses: cachix/cachix-action@v10
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix build -L .#nixosConfigurations."${{ matrix.name }}".config.system.build.toplevel
run: nix build --verbose -L .#"${{ matrix.name }}"

1
.gitignore vendored
View file

@ -1 +0,0 @@
/result

37
base/gui-programs.nix
View file

@ -26,8 +26,6 @@ in
xkbVariant = "us";
libinput.enable = true;
};
logind.lidSwitch = "ignore";
};
environment.systemPackages = builtins.attrValues {
@ -55,40 +53,7 @@ in
inherit (pkgs.unstable) discord;
};
networking.networkmanager = {
enable = true;
dispatcherScripts = [
{
source =
let
grep = "${pkgs.gnugrep}/bin/grep";
nmcli = "${pkgs.networkmanager}/bin/nmcli";
in pkgs.writeShellScript "disable_wifi_on_ethernet" ''
export LC_ALL=C
enable_disable_wifi ()
{
result=$(${nmcli} dev | ${grep} "ethernet" | ${grep} -w "connected")
if [ -n "$result" ]; then
${nmcli} radio wifi off
else
${nmcli} radio wifi on
fi
}
if [ "$2" = "up" ]; then
enable_disable_wifi
fi
if [ "$2" = "down" ]; then
enable_disable_wifi
fi
'';
type = "basic";
}
];
};
networking.networkmanager.enable = true;
programs.nm-applet.enable = true;
programs.steam.enable = true;

9
base/nix.nix
View file

@ -8,16 +8,15 @@
experimental-features = nix-command flakes
'';
settings = {
trusted-users = [ "@wheel" ];
substituters = [
trustedUsers = [ "@wheel" ];
binaryCaches = [
"https://alarsyo.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
binaryCachePublicKeys = [
"alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
};
}

2
base/programs.nix
View file

@ -53,8 +53,6 @@
# nix pkgs lookup
nix-index
agenix
;
inherit (pkgs.llvmPackages_11)

4
base/users.nix
View file

@ -5,10 +5,10 @@ in
{
users.mutableUsers = false;
users.users.root = {
passwordFile = config.age.secrets."users/root-hashed-password".path;
hashedPassword = secrets.shadow-hashed-password-root;
};
users.users.alarsyo = {
passwordFile = config.age.secrets."users/alarsyo-hashed-password".path;
hashedPassword = secrets.shadow-hashed-password-alarsyo;
isNormalUser = true;
extraGroups = [
"media"

84
flake.lock
View file

@ -1,30 +1,12 @@
{
"nodes": {
"agenix": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1641576265,
"narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "08b9c96878b2f9974fc8bde048273265ad632357",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"emacs-overlay": {
"locked": {
"lastModified": 1644230579,
"narHash": "sha256-/3v0jBKY1QJPK6cdO0fZl+xK5E+GZhHcbgWb7RoFEN4=",
"lastModified": 1642358862,
"narHash": "sha256-tttyyXdpOQYxFG3HkOOcK0dFxBpdaeWHRrIWWnQRZYA=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "02d47fdf48e54598f9838f01a9d172bfa206b63e",
"rev": "cdd347f1b966415c5473b3e3f4640c0d0fd13b55",
"type": "github"
},
"original": {
@ -57,11 +39,11 @@
]
},
"locked": {
"lastModified": 1643933104,
"narHash": "sha256-NZPuFxRsZKN8pjRuHPpzlMyt6JQhcjiduBG8bMghSjE=",
"lastModified": 1642372264,
"narHash": "sha256-SRnw7qcHmvUBxby925Vm+nhPqq7YVs1qquNqv7TRyVY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "63dccc4e60422c1db2c3929b2fd1541f36b7e664",
"rev": "46bba772f26f89b62811f487d2b0d5357c91bc32",
"type": "github"
},
"original": {
@ -89,40 +71,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1618628710,
"narHash": "sha256-9xIoU+BrCpjs5nfWcd/GlU7XCVdnNKJPffoNTxgGfhs=",
"path": "/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source",
"rev": "7919518f0235106d050c77837df5e338fb94de5d",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1644225686,
"narHash": "sha256-XDslFfn44H93WjGytIhrPSduGIug1p4cPN/cEuHdIBI=",
"lastModified": 1642104392,
"narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64cb9c78e14d0ffc9ee627772a972aa4b59bbfd8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1644033087,
"narHash": "sha256-beskas17YPhrcnanzywake9/z+k+xOWmavW24YUN8ng=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9f697d60e4d9f08eacf549502528bfaed859d33b",
"rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5",
"type": "github"
},
"original": {
@ -132,14 +85,29 @@
"type": "github"
}
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1642285376,
"narHash": "sha256-LfZBVKCrPOx5k9pUoJlRsBvdz7yn1qYHenCKuqwwFGo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0a223c8d509cea6b4be3906f9c39820ff195fad2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"emacs-overlay": "emacs-overlay",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
}
}

12
flake.nix
View file

@ -15,12 +15,6 @@
ref = "nixos-unstable-small";
};
agenix = {
type = "github";
owner = "ryantm";
repo = "agenix";
};
emacs-overlay = {
type = "github";
owner = "nix-community";
@ -51,7 +45,7 @@
};
};
outputs = { self, nixpkgs, home-manager, agenix, ... } @inputs: {
outputs = { self, nixpkgs, home-manager, ... } @inputs: {
nixosModules = {
home = {
home-manager.useGlobalPkgs = true;
@ -80,13 +74,9 @@
inherit system;
config.allowUnfree = true;
};
})
agenix.overlay
] ++ builtins.attrValues self.overlays;
sharedModules = [
agenix.nixosModules.age
home-manager.nixosModule
{ nixpkgs.overlays = shared_overlays; }
] ++ (nixpkgs.lib.attrValues self.nixosModules);

1
home/default.nix
View file

@ -12,6 +12,7 @@
./laptop.nix
./lorri.nix
./rofi.nix
./secrets
./ssh.nix
./themes
./tmux.nix

1
home/lorri.nix
View file

@ -16,6 +16,7 @@ in
services.lorri.enable = true;
programs.direnv = {
enable = true;
enableFishIntegration = true;
# FIXME: proper file, not lorri.nix
nix-direnv = {
enable = true;

BIN
home/secrets/bluetooth-mouse-mac-address.secret Normal file
View file

Binary file not shown.

19
home/secrets/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ lib, ... }:
let
inherit (lib)
fileContents
mkOption
types
;
in
{
options.my.secrets = mkOption {
type = types.attrs;
};
config.my.secrets = {
# I'm not sure hiding this is very important, but it *seems* like a bad idea
# to expose this
bluetooth-mouse-mac-address = fileContents ./bluetooth-mouse-mac-address.secret;
};
}

2
home/tridactylrc
View file

@ -1,5 +1,3 @@
" -*- tridactylrc -*-
" This wipes all existing settings. This means that if a setting in this file is
" removed, then it will return to default. In other words, this file serves as
" as an enforced single point of truth for Tridactyl's configuration.

9
home/x/i3bar.nix
View file

@ -35,7 +35,8 @@ in
config = mkIf isEnabled {
home.packages = builtins.attrValues {
inherit (pkgs)
# FIXME: is this useful?
iw # Used by `net` block
lm_sensors # Used by `temperature` block
font-awesome
;
};
@ -104,6 +105,12 @@ in
block = "networkmanager";
primary_only = true;
}
{
block = "bluetooth";
mac = config.my.secrets.bluetooth-mouse-mac-address;
hide_disconnected = true;
format = "{percentage}";
}
{
block = "sound";
driver = "pulseaudio";

22
hosts/boreal/default.nix
View file

@ -3,14 +3,15 @@
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages_latest;
@ -45,12 +46,17 @@
# List services that you want to enable:
my.services = {
restic-backup = {
borg-backup = {
enable = true;
repo = "b2:boreal-backup";
passwordFile = config.age.secrets."restic-backup/boreal-password".path;
environmentFile = config.age.secrets."restic-backup/boreal-credentials".path;
repo = secrets.borg-backup.boreal-repo;
# for a workstation, having backups spanning the last month should be
# enough
prune = {
keep = {
daily = 7;
weekly = 4;
};
};
paths = [
"/home/alarsyo"
];
@ -58,7 +64,7 @@
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/*/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs

19
hosts/boreal/secrets.nix
View file

@ -1,19 +0,0 @@
{ config, lib, options, ... }:
{
config.age = {
secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
} // attrs;
in
lib.mapAttrs toSecret {
"restic-backup/boreal-credentials" = {};
"restic-backup/boreal-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

1
hosts/poseidon/default.nix
View file

@ -12,7 +12,6 @@ in
./hardware-configuration.nix
./home.nix
./secrets.nix
];
# Use the GRUB 2 boot loader.

16
hosts/poseidon/secrets.nix
View file

@ -1,16 +0,0 @@
{ config, lib, options, ... }:
{
config.age = {
secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
} // attrs;
in
lib.mapAttrs toSecret {
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

42
hosts/zephyrus/default.nix
View file

@ -3,12 +3,14 @@
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages;
@ -41,39 +43,6 @@
tailscale.enable = true;
pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:zephyrus-backup";
passwordFile = config.age.secrets."restic-backup/zephyrus-password".path;
environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
# C build crap
"*.a"
"*.o"
"*.so"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
};
services = {
@ -84,11 +53,6 @@
};
};
fwupd.enable = true;
openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
};
my.gui.enable = true;

1
hosts/zephyrus/hardware-configuration.nix
View file

@ -29,7 +29,6 @@ in
{ device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" "noatime" ];
neededForBoot = true; # agenix needs my key for some root secrets
};
fileSystems."/nix" =

19
hosts/zephyrus/secrets.nix
View file

@ -1,19 +0,0 @@
{ config, lib, options, ... }:
{
config.age = {
secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
} // attrs;
in
lib.mapAttrs toSecret {
"restic-backup/zephyrus-credentials" = {};
"restic-backup/zephyrus-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

1
modules/default.nix
View file

@ -2,7 +2,6 @@
{
imports = [
./sddm.nix
./secrets
./wakeonwlan.nix
];
}

9
modules/secrets/default.nix
View file

@ -1,9 +0,0 @@
{ config, lib, options, ... }:
{
config.age = {
identityPaths = options.age.identityPaths.default ++ [
"/home/alarsyo/.ssh/id_ed25519"
];
};
}

10
modules/secrets/restic-backup/boreal-credentials.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YWMQkg B5tQXcUdu751YYA4Y8uRH/DgGDi24AsXEAKkCVfg+Ro
21Gz0MsMCtWzUdVuaWdNwEU9Ts8lOQWCd7Ejf2tkxks
-> ssh-ed25519 k2gHjw NIG04WnNgq5bnSl9KmvFyvpGdFlmOFtXzuYtrsFOKXM
ZYZVyIM0jnhguRmfIpRtFg0StgYTlu/P9bgxBy9dbOg
-> u5-grease
MTgqDb6tqCuvdlXj9c2Y3XX1X7JfrdeKLM0EQ75ZJe+Hrntnpvn4fSlBr8QoOahm
fg
--- VzgNZ3/IBQVeYfOMGjnHPDRKoBDdxHth61pevk5+fLw
ŒÙúDíï° ´&…<QØ+¨úþéJoTÇ;US9.©âu'v¸œ,‘Ä@“úÿQKcëÛzÑ>v¢€ÃN1±tòÚ8w<˜Îò“w­°d<C2B0><64>>sG_øæÆšyø„u,þÅ%@J hñ"†Ev‡ÙX

BIN
modules/secrets/restic-backup/boreal-password.age
View file

Binary file not shown.

11
modules/secrets/restic-backup/zephyrus-credentials.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 ZQuVNA KjrRurc5ztGrYO2wx0ToE8E4Yz2sbNwPi4zCGAJUK3k
+U1Ox1U4Z9ssleGchzMJGpQjFaRoqMYSLhKHXj1F2/U
-> ssh-ed25519 k2gHjw W35K39F0sREO2igYKaa3zr1LKgF6xiU5YtMq3RYqkC4
YJV8kdjMJSoRX7iLw2bQXET9zOudFuhZeHqPqHkNjuc
-> (aAM-grease j{6WJ 3C&
Pfh0krD/ClkQcByosGU3CxPivvPei5tXWZHh6odkWxn29iqsKT6L1ihEgYJDlopA
8ODR4G4ax6ZY13O+qjc
--- ugjGDcsxbwlKmTN+4lUyrhD6GJPl0qk4i+4OLS2NRP0
]#z…ƒãp¢¶X7Ó™ ¼1mê%wýFÒ 4õÒسÄcp+Q2¹ú“<C3BA>×ì¢pmxx>ňœ)Eô;~äî<>¢ÔsÆx[S$z¥¨&øžùrBSVÄz­ÿ÷þ\SXøærdö×\ÜóŠ5Tªfÿ|¿ô

9
modules/secrets/restic-backup/zephyrus-password.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 ZQuVNA H3/RLTRU8T3JY99f+b9xT5oIqPCDyxjRfFbJ7iR3/zE
CTLpdnGapstc+/epugi1CxIZ3T7JZgE4Ew14B2WuanY
-> ssh-ed25519 k2gHjw wEnvcV2UApJ1MMyIQgSSkF+zhG+fugEiCieCpPBdJyc
polPsTGun9e6Bq6rogQBrmT32GQXiixxlKmuRpDDM0c
-> Jt-grease rX6~
RL6JmjlIQaG17HQQFY3hTYtTiL12Sr3RX/Scv6gO7gO8
--- eUEOS9mtYxxW2bqzEpD+ZsyYjhHWCArPd2PiFn6wMF4
ƒ*@ò-úñæÀ£’¬…9ÂÜpMDŸ¸™I{ázüke°K);‰ü+úU¥îñOZâ{ÙB Sx/ÑLI¡”G «9—‰ ”þ1É:Yݽ°4x:K—f¹Žqö9ï˜a¥Oº[jNåÇXq¡,âÏæZü=*˜'€'tׄƒÍ ²ˆö¿!vWòÛ6nÅéG&QwõÚG

21
modules/secrets/secrets.nix
View file

@ -1,21 +0,0 @@
let
alarsyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad";
users = [ alarsyo ];
boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon";
zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus";
machines = [ boreal poseidon zephyrus ];
all = users ++ machines;
in
{
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
"users/root-hashed-password.age".publicKeys = machines;
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ];
}

BIN
modules/secrets/users/alarsyo-hashed-password.age
View file

Binary file not shown.

BIN
modules/secrets/users/root-hashed-password.age
View file

Binary file not shown.

1
overlays/i3status-rust/default.nix
View file

@ -10,7 +10,6 @@ final: prev:
buildInputs = builtins.attrValues {
inherit (final)
dbus
lm_sensors
openssl
pulseaudio
;

4
pkgs/spot/default.nix
View file

@ -3,7 +3,7 @@
, python3
}:
let
version = "2.10.4";
version = "2.10.3";
in
stdenv.mkDerivation {
inherit version;
@ -15,6 +15,6 @@ stdenv.mkDerivation {
src = fetchurl {
url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz";
sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o=";
sha256 = "sha256-iX6VSGFzdI8rZe7L2ZojS39od/IYboaNp6zlZxgEAZ8=";
};
}

3
poseidon.nix
View file

@ -5,9 +5,6 @@
# Default configuration
./base
# Module definitions
./modules
# Service definitions
./services

BIN
secrets/borg-backup/boreal-repo.secret Normal file
View file

Binary file not shown.

1
secrets/borg-backup/default.nix
View file

@ -5,5 +5,6 @@ let
;
in
{
boreal-repo = fileContents ./boreal-repo.secret;
poseidon-repo = fileContents ./poseidon-repo.secret;
}

2
services/nginx.nix
View file

@ -44,7 +44,7 @@ in
security.acme = {
acceptTerms = true;
defaults.email = "antoine97.martin@gmail.com";
email = "antoine97.martin@gmail.com";
certs =
let

26
services/restic-backup.nix
View file

@ -11,6 +11,7 @@ let
;
cfg = config.my.services.restic-backup;
secrets = config.my.secrets;
excludeArg = "--exclude-file=" + (pkgs.writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude));
makePruneOpts = pruneOpts:
attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts;
@ -61,23 +62,6 @@ in {
monthly = 6;
};
};
passwordFile = mkOption {
type = types.str;
default = "/root/restic/password";
};
environmentFile = mkOption {
type = types.str;
default = "/root/restic/creds";
};
timerConfig = mkOption {
type = types.attrsOf types.str;
default = {
OnCalendar = "daily";
};
};
};
config = mkIf cfg.enable {
@ -89,13 +73,15 @@ in {
paths = cfg.paths;
repository = cfg.repo;
passwordFile = cfg.passwordFile;
environmentFile = cfg.environmentFile;
passwordFile = "/root/restic/password";
environmentFile = "/root/restic/creds";
extraBackupArgs = [ "--verbose=2" ]
++ optional (builtins.length cfg.exclude != 0) excludeArg;
timerConfig = cfg.timerConfig;
timerConfig = {
OnCalendar = "daily";
};
pruneOpts = makePruneOpts cfg.prune;
};

3
zephyrus.nix
View file

@ -10,6 +10,9 @@
# Service definitions
./services
# Configuration secrets
./secrets
# Host-specific config
./hosts/zephyrus
];