diff --git a/bin/backup_browse.sh b/bin/backup_browse.sh index 120214c..27e43d7 100755 --- a/bin/backup_browse.sh +++ b/bin/backup_browse.sh @@ -54,7 +54,7 @@ fi export BORG_PASSPHRASE # --- DEFAULT REPO --- -REPO="${1:-/holocron/backups}" +REPO="${1:-/holocron/archives/servers/snowbelle}" # --- CHECK REQUIRED COMMANDS --- for cmd in borg fzf find tree cp mkdir; do diff --git a/modules/holocron/default.nix b/modules/holocron/default.nix index 46296cb..02925fc 100644 --- a/modules/holocron/default.nix +++ b/modules/holocron/default.nix @@ -13,4 +13,7 @@ ./copyparty ]; + # define the groups used for backups and archives + users.groups.archives = {gid = 727;}; + } diff --git a/modules/system/backups/default.nix b/modules/system/backups/default.nix index 2518a7b..1318884 100644 --- a/modules/system/backups/default.nix +++ b/modules/system/backups/default.nix @@ -9,7 +9,7 @@ in a borg archive to the specified repo | <3yy> | V V - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; */ @@ -46,12 +46,17 @@ in config = lib.mkIf (cfg.enable && cfg.baks != {}) { + systemd.tmpfiles.rules = [ + "d /holocron/archives 2770 root archives - -" + ]; + systemd.services.backups = { description = "backup service with borg!"; path = [ pkgs.borgbackup ]; serviceConfig = { Type = "oneshot"; -# EnvironmentFile = config.modules.system.backups.passphraseFile; + User = "root"; + Group = "archives"; # make perms shake out # the actual script borg is using ExecStart = pkgs.writeShellScript "borg-backup" '' backup() { @@ -59,7 +64,7 @@ in export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})" export BORG_REPO="${cfg.repo}" timestamp="$(date +'%Y-%m-%d_%H:%M:%S')" - mode=${cfg.mode} + mode=split # init repo in needed if ! borg info "$BORG_REPO" >/dev/null 2>&1; then @@ -80,7 +85,7 @@ in echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} → $archive" borg create \ --verbose \ - # --filter AME \ + --filter AME \ --list \ --stats \ --show-rc \ diff --git a/modules/system/home-manager/default.nix b/modules/system/home-manager/default.nix deleted file mode 100644 index 4955298..0000000 --- a/modules/system/home-manager/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ inputs, pkgs, config, lib, ... }: -{ - home-manager."blake" = { - extraSpecialArgs = { inherit inputs; }; - users = { - modules = [ - ../../users/blake/home.nix; - inputs.self.outputs.homeManagerModules.default; - ]; - }; - }; -} diff --git a/modules/system/yubikey/default.nix b/modules/system/yubikey/default.nix new file mode 100644 index 0000000..9e4c339 --- /dev/null +++ b/modules/system/yubikey/default.nix @@ -0,0 +1,22 @@ +{ + pkgs, + config, + lib, + ... +}: + +let + service = ""; + cfg = config.system.${service}; + sec = config.sops.secrets; + homelab = config.homelab; +in +{ + options.system.${service} = { + enable = lib.mkEnableOption "enables ${service}"; + }; + + config = lib.mkIf cfg.enable { + + }; +} diff --git a/users/blake/default.nix b/users/blake/default.nix index b0eebc1..4be1296 100644 --- a/users/blake/default.nix +++ b/users/blake/default.nix @@ -10,7 +10,7 @@ users = { blake = { isNormalUser = true; - extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft"]; # Enable ‘sudo’ for the user. + extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" ]; # Enable ‘sudo’ for the user. uid = 1000; shell = pkgs.zsh; group = "blake";