diff --git a/flake.nix b/flake.nix index 7673020..bbccbdb 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,14 @@ modules = [ ./hosts/darwin/cen-it-07/configuration.nix inputs.home-manager.darwinModules.default + nix-homebrew.darwinModules.nix-homebrew + { + nix-homebrew = { + enable = true; # install homebrew + enableRosetta = true; # install homebrew for rosetta as well + user = "blake"; # user owning homebrew prefix + }; + } ]; }; }; diff --git a/modules/holocron/perms/default.nix b/modules/holocron/perms/default.nix index 4cae036..2608b41 100644 --- a/modules/holocron/perms/default.nix +++ b/modules/holocron/perms/default.nix @@ -42,7 +42,7 @@ in { user=$(basename "$user_dir") echo "starting $user_dir" chown -Rc "$user:$user" "$user_dir" - chmod -Rc 700 "$user_dir" + chmod -Rc 770 "$user_dir" fi done echo "fin" diff --git a/modules/holocron/smb/default.nix b/modules/holocron/smb/default.nix index 9d184cd..c32204f 100644 --- a/modules/holocron/smb/default.nix +++ b/modules/holocron/smb/default.nix @@ -16,6 +16,16 @@ let "create mask" = "0775"; "directory mask" = "0775"; }; + timemachine = { + "path" = "/mnt/Shares/tm_share"; + "valid users" = "username"; + "public" = "no"; + "writeable" = "yes"; + "force user" = "username"; + "fruit:aapl" = "yes"; + "fruit:time machine" = "yes"; + "vfs objects" = "catia fruit streams_xattr"; + }; users = { path = "/holocron/users"; browseable = true; diff --git a/modules/homelab/immich/default.nix b/modules/homelab/immich/default.nix index 5542b46..83f1f5f 100644 --- a/modules/homelab/immich/default.nix +++ b/modules/homelab/immich/default.nix @@ -58,7 +58,7 @@ in { home = cfg.data_dir; createHome = true; group = service; - extraGroups = ["video" "render"]; + extraGroups = ["video" "render" "blake"]; }; # enable the ${service} service @@ -72,13 +72,17 @@ in { mediaLocation = cfg.data_dir; host = "0.0.0.0"; port = cfg.port; - settings.server.externalDomain = "https://pics.blakedheld.xyz"; + settings = null; + #settings.server.externalDomain = "https://photos.blakedheld.xyz"; }; # override umask to make permissions work out # systemd.services."${toString service}-server".serviceConfig = { # UMask = lib.mkForce "0007"; # }; + # systemd.services."${toString service}-machine-learning".serviceConfig = { + # UMask = lib.mkForce "0007"; + # }; # # open firewall # networking.firewall.allowedTCPPorts = [ cfg.port ]; diff --git a/modules/system/backups/default.nix b/modules/system/backups/default.nix index 1ba0431..b3ee9a6 100644 --- a/modules/system/backups/default.nix +++ b/modules/system/backups/default.nix @@ -1,5 +1,9 @@ -{ config, lib, pkgs, ... }: - +{ + config, + lib, + pkgs, + ... +}: /* this module enables a backup script made with borg! to use import & set the options below @@ -13,13 +17,11 @@ in a borg archive to the specified repo ${service} = { paths = [ cfg.data_dir ]; }; }; */ - let cfg = config.system.backups; sec = config.sops.secrets; borg = "${pkgs.borgbackup}/bin/borg"; -in -{ +in { options.system.backups = { enable = lib.mkEnableOption "enables backups with borg"; baks = lib.mkOption { @@ -39,24 +41,23 @@ in }; mode = lib.mkOption { type = lib.types.str; - default = "split"; # "all" + default = "split"; # "all" description = "choice between creating one archive of all paths or one archive per service"; }; }; config = lib.mkIf (cfg.enable && cfg.baks != {}) { - systemd.tmpfiles.rules = [ "d /holocron/archives 2770 root archives - -" ]; systemd.services.backups = { description = "backup service with borg!"; - path = [ pkgs.borgbackup ]; + path = [pkgs.borgbackup]; serviceConfig = { Type = "oneshot"; User = "root"; - Group = "archives"; # make perms shake out + Group = "archives"; # make perms shake out # the actual script borg is using ExecStart = pkgs.writeShellScript "borg-backup" '' backup() { @@ -78,8 +79,8 @@ in if [ "$mode" = "split" ]; then # loop for each backup - ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (bak_name: bak_paths: - '' + ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList ( + bak_name: bak_paths: '' echo "------------ Backing up ${bak_name} ------------" archive="$timestamp-${bak_name}" echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} → $archive" @@ -99,16 +100,17 @@ in --keep-weekly=52 \ --keep-monthly=-1 echo "backup run complete at \"$BORG_REPO::$archive\"" - '' - ) cfg.baks)} + '' + ) + cfg.baks)} exit 0 else # flatten all paths from cfg.baks into one big list all_paths="${ - lib.concatStringsSep " " - (lib.flatten - (lib.mapAttrsToList (_: bak: bak.paths) cfg.baks)) - }" + lib.concatStringsSep " " + (lib.flatten + (lib.mapAttrsToList (_: bak: bak.paths) cfg.baks)) + }" borg create \ --verbose \ --filter AME \ @@ -145,19 +147,42 @@ in # create timer to run backups daily systemd.timers.backups = { description = "daily borg backup timer"; - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; timerConfig = { OnCalendar = "04:00"; Persistent = true; }; }; + # db backups + services.mysqlBackup = lib.mkIf config.services.mysql.enable { + # mc servers use this + enable = true; + location = "/var/backup/mysql"; + user = "root"; + startAt = "03:58"; + compression = "zstd"; + databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases + }; + services.postgresqlBackup = config.services.postgresql.enable { + # immich uses this + enable = true; + location = "/var/backup/postgresql"; + compression = "gzip"; # optional: "xz", "zstd", "none" + startAt = "03:58"; + user = "postgres"; + databases = ["immich"]; # set to all databases defined in esure databases + #databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases + }; + + services.mysql.ensureDatabases = ["FUCKING_NOTICE_ME"]; + # install borg binary - environment.systemPackages = with pkgs; [ borgbackup tree ]; + environment.systemPackages = with pkgs; [borgbackup tree]; # declare secret for repo password sops.secrets = { - "borg_passwd" = { + "borg_passwd" = { owner = "root"; group = "root"; }; diff --git a/users/blake/default.nix b/users/blake/default.nix index 07fda0f..bf46b95 100644 --- a/users/blake/default.nix +++ b/users/blake/default.nix @@ -10,7 +10,7 @@ users = { blake = { isNormalUser = true; - extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" ]; # Enable ‘sudo’ for the user. + extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" "immich" ]; # Enable ‘sudo’ for the user. uid = 1000; shell = pkgs.zsh; group = "blake"; diff --git a/users/blake/dots/darwin/default.nix b/users/blake/dots/darwin/default.nix new file mode 100644 index 0000000..0ae4055 --- /dev/null +++ b/users/blake/dots/darwin/default.nix @@ -0,0 +1,10 @@ +{ + pkgs, + config, + lib, + inputs, + ... +}: +{ + +} diff --git a/users/blake/home.nix b/users/blake/home.nix index 74559b4..68f271d 100644 --- a/users/blake/home.nix +++ b/users/blake/home.nix @@ -19,6 +19,7 @@ in { imports = [ inputs.sops-nix.homeManagerModules.sops + ./dots/darwin ./dots/neovim ./dots/lf ./dots/zsh